Bagle toasts Windows firewall

Red Squirrel · Post by **Red Squirrel** » Sat Nov 06, 2004 4:50 pm

http://software.silicon.com/security/0,390...39125482,00.htm

Bagle toasts Windows firewall
November 01 2004
by Munir Kotadia
More virus fun for Microsoft customers...
Earlier this year Microsoft released a major security update for Windows XP, which was designed to strengthen the operating system’s defences against attack from viruses and hackers. One major part of the update was an improved version of its firewall software.

Graham Cluley, senior technology consultant at antivirus firm Sophos, said the latest Bagle variants are designed to attack and disable Microsoft’s new firewall application.

"Just because you are running the latest version of Windows XP you shouldn't think you are necessarily protected from this worm. If it infects a PC running Windows XP SP2 the worm can turn off its firewall and open the door to hackers and other internet attacks," said Cluley.

Neil Campbell, the national security manager at internet security specialists Dimension Data, said it is common for viruses and worms to try and disable any firewall and antivirus programs on the system.

Campbell said the latest version of Microsoft's Windows firewall is a "huge leap forward" when compared to the previous version but he recommends that users should install a third party firewall for better protection.

"There is a window of opportunity when the system boots and loads the network and before the third party firewall becomes active. Windows firewall gives you good coverage during that time," said Campbell.

Email security firm MessageLabs said it had intercepted around 900,000 copies of the new Bagle variants this weekend and expects that figure to peak later today as people in Europe and the US switch on their computers.

David Banes, technical director of MessageLabs in Asia Pacific, told silicon.com's sister site ZDNet Australia that the company sees around one per cent of all internet traffic, so picking up almost one million copies over a weekend is very significant. But he expects the worm to start fading as users update their security software over the next few days.

"I imagine that when we look back at the end of this week we will see a dip in interceptions on Sunday – when the whole world is offline – and then they will peak on Monday and tail off again by the end of the week," said Banes.

Munir Kotadia writes for ZDNet Australia.

W32/Bagle-AU attempts to terminate the following processes:

alogserv.exe
APVXDWIN.EXE
ATUPDATER.EXE
ATUPDATER.EXE
AUPDATE.EXE
AUTODOWN.EXE
AUTOTRACE.EXE
AUTOUPDATE.EXE
Avconsol.exe
AVENGINE.EXE
AVPUPD.EXE
Avsynmgr.exe
AVWUPD32.EXE
AVXQUAR.EXE
AVXQUAR.EXE
bawindo.exe
blackd.exe
ccApp.exe
ccEvtMgr.exe
ccProxy.exe
ccPxySvc.exe
CFIAUDIT.EXE
DefWatch.exe
DRWEBUPW.EXE
ESCANH95.EXE
ESCANHNT.EXE
FIREWALL.EXE
FrameworkService.exe
ICSSUPPNT.EXE
ICSUPP95.EXE
LUALL.EXE
LUCOMS~1.EXE
mcagent.exe
mcshield.exe
MCUPDATE.EXE
mcvsescn.exe
mcvsrte.exe
mcvsshld.exe
navapsvc.exe
navapsvc.exe
navapsvc.exe
navapw32.exe
NISUM.EXE
nopdb.exe
NPROTECT.EXE
NPROTECT.EXE
NUPGRADE.EXE
NUPGRADE.EXE
OUTPOST.EXE
PavFires.exe
pavProxy.exe
pavsrv50.exe
Rtvscan.exe
RuLaunch.exe
SAVScan.exe
SHSTAT.EXE
SNDSrvc.exe
symlcsvc.exe
UPDATE.EXE
UpdaterUI.exe

Archived topic from Iceteks, old topic ID:2816, old post ID:23056

Andy · Post by **Andy** » Sat Nov 06, 2004 8:16 pm

LOL that don't apply to me I run without firewall for the reasons of server software to run windstorm

Archived topic from Iceteks, old topic ID:2816, old post ID:23061

Red Squirrel · Post by **Red Squirrel** » Sat Nov 06, 2004 10:27 pm

Windows Firewall®: The only firewall in history to make your computer less safe.

Archived topic from Iceteks, old topic ID:2816, old post ID:23064

Andy · Post by **Andy** » Sat Nov 06, 2004 10:38 pm

LOL you OWNED window's CRAP SOFTWARE.

Archived topic from Iceteks, old topic ID:2816, old post ID:23065

Red Squirrel · Post by **Red Squirrel** » Sat Nov 06, 2004 10:59 pm

Yeah but at least win2k is safe to use. It's the only good OS microsoft ever made. By default it's VERY unsafe, since it shares ALL your partitions with full access to everyone, but XP probably does the same too, not to mention RPC. (Remote Personal compromization)

Archived topic from Iceteks, old topic ID:2816, old post ID:23066

sintekk · Post by **sintekk** » Sat Nov 06, 2004 11:50 pm

Windows 2003 is better performance- and security-wise to 2000

Archived topic from Iceteks, old topic ID:2816, old post ID:23067

Red Squirrel · Post by **Red Squirrel** » Sun Nov 07, 2004 12:08 am

Yeah I heard it's pretty decent.

Archived topic from Iceteks, old topic ID:2816, old post ID:23068

jryan · Post by **jryan** » Sun Nov 07, 2004 11:25 am

Windows Firewall -> Not perfect, but better than nothing if you don't have a firewall installed. (ex: Windows 2000 by default has no protection.)

A little backgrounder (seeing as how many discussions tend to be anti-XP on this forum): Windows XP is based on the 'best of both worlds' so to speak. It's core is based on Windows 2000, which was an improvement of NT. It also has the ease of use elements from the 9x based systems. Sure we have some problems with it, and sure there are some of you that won't use it... but realize folks, from here on out we're stuck with it. Windows 2000 is going to be 5 years old this year with 4 service packs under it's belt, wheras XP is three years old with only 2 service packs. I'd call that an improvement. (And ya can't tell me there's been way more updates, because Windows 2000 pre-SP1 and pre-updates doesn't even support 128-bit encryption in IE). Might I remind everyone that there's a new OS coming out.. something along the codename of Longhorn. It's going to have XP-elements.

As far as Windows 2003... I'm glad someone brought that up.

Yeah I heard it's pretty decent

Got ya, Red! Windows 2003 is currently only availible in a server flavor and here's the real interesting part. Builds on Windows 2000 but has an XP interface built in.

Sorry about the rant, guys, but it gets on my nerve when you all talk baised against XP. Yes, we all have our favorites, but the stability and reliability all depends on your usage habits with your operating system. For example, I had a quite stable Windows ME install.. now I have a very stable XP Install on my laptop and desktop. Red's 2000 install is quite stable, however I'm sure he remembers the days where we were formatting Windows 98 machines every other week. Try to stay somewhat objective.

Archived topic from Iceteks, old topic ID:2816, old post ID:23072

Red Squirrel · Post by **Red Squirrel** » Sun Nov 07, 2004 12:36 pm

Yeah unfortunatly MS is going towards the XP stuff with long horn, and to make things worse putting the DMCA in it, so it won't be possible to use an alternative browser for example, since it won't let you install stuff not certified. And why would MS certify other browsers? Or other office suites? The DMCA is an effort for MS to monopolize the market even more and basically drive everyone out of business. A little help from the goverment is what it takes.

But hopefully there will be a better standardization in linux in terms of install/uninstall of software, which would make linux usable for most people. Now installing stuff in linux is a PIA and is a very tedious process, so it's not good enough for desktop use yet. But the time will come I'm sure.

Though you can tweak server 2003 to be better as a workstation, so that's the good news.

Archived topic from Iceteks, old topic ID:2816, old post ID:23073

sintekk · Post by **sintekk** » Sun Nov 07, 2004 12:46 pm

jryan wrote: Windows Firewall -> Not perfect, but better than nothing if you don't have a firewall installed. (ex: Windows 2000 by default has no protection.)

A little backgrounder (seeing as how many discussions tend to be anti-XP on this forum): Windows XP is based on the 'best of both worlds' so to speak. It's core is based on Windows 2000, which was an improvement of NT. It also has the ease of use elements from the 9x based systems. Sure we have some problems with it, and sure there are some of you that won't use it... but realize folks, from here on out we're stuck with it. Windows 2000 is going to be 5 years old this year with 4 service packs under it's belt, wheras XP is three years old with only 2 service packs. I'd call that an improvement. (And ya can't tell me there's been way more updates, because Windows 2000 pre-SP1 and pre-updates doesn't even support 128-bit encryption in IE). Might I remind everyone that there's a new OS coming out.. something along the codename of Longhorn. It's going to have XP-elements.

As far as Windows 2003... I'm glad someone brought that up.
Yeah I heard it's pretty decent
Got ya, Red! Windows 2003 is currently only availible in a server flavor and here's the real interesting part. Builds on Windows 2000 but has an XP interface built in.

Sorry about the rant, guys, but it gets on my nerve when you all talk baised against XP. Yes, we all have our favorites, but the stability and reliability all depends on your usage habits with your operating system. For example, I had a quite stable Windows ME install.. now I have a very stable XP Install on my laptop and desktop. Red's 2000 install is quite stable, however I'm sure he remembers the days where we were formatting Windows 98 machines every other week. Try to stay somewhat objective.

Windows firewall, like you said, is better than nothing. Should be more than enough for the grandpas and grandmas just wanting to check their email.

I never said I disliked XP (or at least I don't remember saying it

)

As for Windows 2003, the XP crap is disabled by default. And for being only server flavor, it's not too hard to disable the server elements and re-enable the graphics and sound acceleration and so on:
http://www.msfn.org/win2k3/

Benchmarks on my computer (dual booted) showed that 2003 is faster than XP, and most of what I read shows that too.

Archived topic from Iceteks, old topic ID:2816, old post ID:23076

Red Squirrel · Post by **Red Squirrel** » Sun Nov 07, 2004 1:11 pm

Yeah I find even 2k is way faster then XP so I'm sure 2k3 is even faster. I have hundreds of installed programs, I never defrag (I always want to do it before bed but forget all the time) and often I'll be surfing the web while intensive stuff is going on such as large file transfers. If I'm doing something super intense it will sometimes lock up for a few seconds, but that's about it.

What I find odd is how XP gets so much publicity compared to win2K, like the SP2 was as if doom 3 was coming out or something, while 4 service packs for win2k got released with no news about it. Perhaps it's all this publicity that makes it more targetted to attacks.

Archived topic from Iceteks, old topic ID:2816, old post ID:23077