MSBlaster and help written “by nerds for nerds”
The last week or so has been a depressing one for advocates of the Windows platform with lots of publicity surrounding the W32.Blaster.Worm that spread like wildfire amongst Windows PC’s that hadn’t been kept up to date with security patches.
Whilst it was to be expected that many home users, particularly those on slow modems, might not have downloaded the 30-odd patches awaiting them on Windows Update, it was depressing to see and hear publicly quoted companies losing mission-critical servers to this worm. This is frankly unacceptable. It might be a “problem” installing patches that require system reboots but this is nothing compared to the havoc created when systems are taken down. There really can be no excuse for systems departments in reasonable sized companies not monitoring the security patch situation and planning deployment of critical updates when they are released. After all, in this case people had plenty of time to get updated, and what do these people do all day anyway?
With all the furore surrounding the Windows worm, not much mention was made in mainstream media of the GNU Ftp Server compromise and so little was done to quiet the crowing from the “open source” (in other words here non-Windows) community.
Following on the heals of the original MSBlaster worm, a new version is released that works to patch the machines it infects with the Microsoft patch leading to a situation of “good” worms fighting “bad”.
_Some security experts were puzzled as to why users couldn't seem to deworm their own machines. MSBlaster is not especially difficult to remove._ > > _But some users said that it was difficult to find any understandable information about removing MSBlaster._ > > _"These virus and worm removal advice I see are obviously written by nerds for nerds," said Paul Pacifico, a beauty supply salesman in Brooklyn. "Most of the time I can't ever figure out what the hell they're on about."_ > > _Pacifico also said his computer was running perfectly today, and a scan shows that it, too, was infected with the new worm._ > >
Another critical update was highlighted in the past couple of days with an updated security bulletin. I have to say that I found it a little difficulty working through all the technical blurb to find out which version would apply to my PC in order to confirm that I did already have the patch installed. It is unsurprising then that some end users struggle with the “by nerds for nerds” descriptions.
Microsoft clearly realise this and aside from “working on better ways to release patches”, have created a more Joe Public site explaining how users can better protect themselves.
_"But I actually had one of our secretaries tell me today, after I warned the staff about this antiworm, that she'd rather let the new worm fix her home machine than to 'have to fuss with all this security stuff.'"_ > > _"I didn't know whether to laugh or cry," [ confessed Godell](http://www.wired.com/news/infostructure/0,1377,60081-2,00.html)._ > >
Hopefully the lesson going away from this will be that people will pay more attention to keeping up to date with patches, especially in mission-critical systems. I might say, though, that I’ll believe it when I see it.