BYTE.com
RSS feed
Archives
Columns
Features
Print Archives 1994-1998
Special
Michael Abrash's Graphics Programming Black Book
101 Perl Articles
About Us
Write to BYTE.com
Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
Email Address
First Name
Last Name




 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE    
BYTE.com > Chaos Manor > 2004

Why You Need a Router

By Jerry Pournelle

June 7, 2004

(Why You Need a Router :  Page 1 of 1 )



Column 286 (Continued from the Previous Week)

The Worm Turns

By the time you read this, the Sasser Worm infection should be down to dull roar status—at least, we can hope. But as we write, the Sasser worm is already up to the ".d" variant, and its alleged author, an 18-year-old German, is in custody. All versions of Sasser were estimated to have infected at least half a million machines, only three days after release and 18 days after Microsoft announced the vulnerability (and patch). Some banks took Sasser so seriously they disconnected their networks from the Internet.

Fortunately, none of the machines at Chaos Manor have been infected, and probably won't. It did attack my future daughter-in-law's computer, and therein lies a story.

Dana's Windows 2000 laptop was provided by her employer, and is pretty well locked down. Employees aren't allowed to run Windows Update directly; machines do run Norton Internet Security with Symantec Anti-Virus (NIS), and are set to periodically update automatically. Still, as we reported at the time, when the Welchia virus hit last year, her PC was infected—the virus was transferred via her company's internal e-mail, and had to be removed manually.

Last Saturday morning, she was surfing the Web and got error 128 in LSASS, the "Windows Local Security Authority Subsystem Service." This is, said the message, a fatal error, and Windows would reboot in 60 seconds. A quick check of the Microsoft knowledgebase turned up no such error. She does have the Administrator password, and started running Windows Update, and manually ran Symantec's LiveUpdate just in case. Ten minutes into downloading Windows updates, bam: The same LSASS error 128, the same 60-second deadline.

After a longer investigation, and surfing the news from another computer, it was clear: The Sasser virus was probing, and cratering, her machine with its buffer overrun attack attempt. Despite the presence of NIS, she wasn't protected, because she didn't have the appropriate patch (See BYTE.com > Chaos Manor > 2004

Dr. Dobb's Media Center
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE: Volume 2 - Heuristic Algorithms
The Best of BYTE: Volume 2 - Heuristic Algorithms
In this volume of Best of BYTE, we explore the emergence of some heuristic algorithms. Although we have only scratched the surface of this intriguing subject, we hope we've suggested the potential of the synthesis of heuristics and algorithms.

© 2008 Think Services, Privacy Policy, Terms of Service, United Business Media Limited
Site comments: webmaster@byte.com
Web Sites: BYTE.com, dotnetjunkies.com, Dr. Dobb's Journal, SD Expo, Sys Admin, sqljunkies.com, Unixreview



MarketPlace
IT Service Management that Delivers. Real Value. Real Flexibility. Real Results. Free Demo.
Fast online exception analysis. Capture customer crash data online.
One Stop to Buy All Your Business IT Solutions. Browse Through Dell's Best Deals Online Now!
Find Scalable and Secure Dell� Network Server Solutions at Dell� - Official Site.
Advance Your Business Technology Now with the Thin and Portable Business Solutions at Dell.com Now!
Wanna see your ad here?
 

web2