Comments on: Debate over significance of Conficker phoning home on April Fools Day http://lastwatchdog.com/debate-significance-conficker-phoning-hom-april-fools/ on Internet security by Byron Acohido Sat, 19 May 2012 12:59:58 +0000 hourly 1 http://wordpress.org/?v=3.0.4 By: Double Agent Christopher Plath http://lastwatchdog.com/debate-significance-conficker-phoning-hom-april-fools/#comment-325 Double Agent Christopher Plath Wed, 01 Apr 2009 01:24:37 +0000 http://lastwatchdog.com/?p=1233#comment-325 As the previous comments indicate, the average home user who practices safe web surfing habits will most likely be ok. Corporations who have not patched their business machines or home users who have dangerous online behaviors (downloading random attachments, using P2P file sharing tools, clicking fake popup ads) should be cautioned to put up a defense, however. A little proactivity never hurt anyone. Make sure you system has automatic updates on, antivirus tool installed, and a firewall enabled and you should be good to go. Of course nobody can foretell the future 100%. We will have to wait and see what actually happens on that magic April Fools day. As mentioned in a previously, corporations are starting to work together to combat a common problem and have formed the “Conficker Cabal. The “Conficker Cabal” is a turning point in the way we address large-scale issues such as Conficker.C. Trying to take the rug out from Conficker operates is quite the undertaking. Kudos to the Cabal for pulling out all the stops and cracking down on this threat! In a day and age where the internet touches almost every aspect of our lives, personally and professionally, it is imperative that we put up defenses on all fronts, from all threats. This is true especially with the growing trend of business and personal time intermingling and even resulting in the sharing of technology between the two. Such as bringing the company laptop home and adding it to your network, or bringing your personal flash-drive to work to upload some information. I do think it is important to tell the public when such a threat is surfacing. This time around I don’t think the internet is going to suddenly catch fire, however. The hype sort of reminds me of December 31st, 1999, 11:59PM. Y2k wasn’t the end of computing as we know it, neither is Conficker. Keep your computers updated, protected, and use a safe web-surfing mentality and you should be all set. Double Agent Chris Plath Geek Squad As the previous comments indicate, the average home user who practices safe web surfing habits will most likely be ok. Corporations who have not patched their business machines or home users who have dangerous online behaviors (downloading random attachments, using P2P file sharing tools, clicking fake popup ads) should be cautioned to put up a defense, however.
A little proactivity never hurt anyone. Make sure you system has automatic updates on, antivirus tool installed, and a firewall enabled and you should be good to go. Of course nobody can foretell the future 100%. We will have to wait and see what actually happens on that magic April Fools day.
As mentioned in a previously, corporations are starting to work together to combat a common problem and have formed the “Conficker Cabal. The “Conficker Cabal” is a turning point in the way we address large-scale issues such as Conficker.C. Trying to take the rug out from Conficker operates is quite the undertaking. Kudos to the Cabal for pulling out all the stops and cracking down on this threat!
In a day and age where the internet touches almost every aspect of our lives, personally and professionally, it is imperative that we put up defenses on all fronts, from all threats. This is true especially with the growing trend of business and personal time intermingling and even resulting in the sharing of technology between the two. Such as bringing the company laptop home and adding it to your network, or bringing your personal flash-drive to work to upload some information.
I do think it is important to tell the public when such a threat is surfacing. This time around I don’t think the internet is going to suddenly catch fire, however. The hype sort of reminds me of December 31st, 1999, 11:59PM. Y2k wasn’t the end of computing as we know it, neither is Conficker. Keep your computers updated, protected, and use a safe web-surfing mentality and you should be all set.

Double Agent Chris Plath
Geek Squad

]]> By: Gunter Ollmann http://lastwatchdog.com/debate-significance-conficker-phoning-hom-april-fools/#comment-324 Gunter Ollmann Wed, 01 Apr 2009 00:16:04 +0000 http://lastwatchdog.com/?p=1233#comment-324 While all the media attention about the Conficker threat is useful in elevating the general populations level of education to the growing botnet threat, I find it rather disconcerting that the focus is upon a threat that has largely been solved (at least from an enterprise perspective). I commented on this earlier today over at: http://blog.damballa.com/?p=144 I think the bigger concern is that this particular updating mechanism using dynamic/near-random domains will inevitably be adopted in future malware variants (beyond Conficker), so security vendors are going to have to figure out a more permanent solution to this updating technique. While all the media attention about the Conficker threat is useful in elevating the general populations level of education to the growing botnet threat, I find it rather disconcerting that the focus is upon a threat that has largely been solved (at least from an enterprise perspective).

I commented on this earlier today over at: http://blog.damballa.com/?p=144

I think the bigger concern is that this particular updating mechanism using dynamic/near-random domains will inevitably be adopted in future malware variants (beyond Conficker), so security vendors are going to have to figure out a more permanent solution to this updating technique.

]]> By: Mark Shavlik http://lastwatchdog.com/debate-significance-conficker-phoning-hom-april-fools/#comment-323 Mark Shavlik Tue, 31 Mar 2009 22:20:43 +0000 http://lastwatchdog.com/?p=1233#comment-323 Slowing or stopping the advance of the Conficker worm is a tremendous patch management and configuration management challenge. The problem is that organizations have a hard time knowing what patches are really installed and how systems are actually configured. Small organizations or individuals may be able to retain control, but most organizations are in a constant state of flux: new physical computers join the network, configuration settings change, and new software applications are added. The problem has gotten even worse with the increased emphasis on virtualization. Tools made by companies like Microsoft and Symantec require Agents – software for managing patches and configuration settings — be installed on the systems they are trying to protect. If companies can’t get an agent installed on a machine, they can’t find it, and therefore can’t fix it! The only realistic approach is to have patch management and configuration management software that can work without the need to install agents and has the ability to assess and fix both physical and virtual machines. The Conficker.C variant is particularly nasty in that it targets security software in an effort to disable or render it ineffective. The worm actually blocks the Microsoft patch management agent. At Shavlik we focus on making technology that is simple and does not require software (agents) on the target computer. We have always done this, and at a time like this, our product is uniquely qualified to combat the threat of Conficker.C! We can talk about our free assessment for the missing patch and misconfigurations. More details at: http://www.shavlik.com/landingpage/20090326-conficker.aspx Mark Shavlik CEO Shavlik Technologies Slowing or stopping the advance of the Conficker worm is a tremendous patch management and configuration management challenge. The problem is that organizations have a hard time knowing what patches are really installed and how systems are actually configured. Small organizations or individuals may be able to retain control, but most organizations are in a constant state of flux: new physical computers join the network, configuration settings change, and new software applications are added. The problem has gotten even worse with the increased emphasis on virtualization. Tools made by companies like Microsoft and Symantec require Agents – software for managing patches and configuration settings — be installed on the systems they are trying to protect. If companies can’t get an agent installed on a machine, they can’t find it, and therefore can’t fix it! The only realistic approach is to have patch management and configuration management software that can work without the need to install agents and has the ability to assess and fix both physical and virtual machines. The Conficker.C variant is particularly nasty in that it targets security software in an effort to disable or render it ineffective. The worm actually blocks the Microsoft patch management agent. At Shavlik we focus on making technology that is simple and does not require software (agents) on the target computer. We have always done this, and at a time like this, our product is uniquely qualified to combat the threat of Conficker.C!

We can talk about our free assessment for the missing patch and misconfigurations.

More details at:

http://www.shavlik.com/landingpage/20090326-conficker.aspx

Mark Shavlik
CEO
Shavlik Technologies

]]> By: Agent Derek Meister http://lastwatchdog.com/debate-significance-conficker-phoning-hom-april-fools/#comment-322 Agent Derek Meister Tue, 31 Mar 2009 19:47:05 +0000 http://lastwatchdog.com/?p=1233#comment-322 As a Geek Squad Agent, it's hard not to make it through a day without someone asking about the Conficker threat and whether they should be worried that the Internet will implode on April 1st. I do agree that there's plenty to debate over just how significant the threat of this individual worm is, though I also believe that it depends entirely on who you are. If you're an individual looking to protect your family's home computer, then you should probably be only concerned as much as you would about any malicious software threat. If you take the precautions you should be doing anyway, such as keeping your system up to date, making sure your antivirus and antispyware protection is current, avoid P2P networks and practicing safe Internet habits, then you can probably take a deep breath and go on with the rest of your life. If you're one of the big security and software companies that's part of the "Conficker Cabal" coming together to fight the threat, I'm willing to allow a lot more concern and effort. Mainly, because I'm glad to see how much closer many of these companies are learning to work together to combat this threat, and how that may help build those relationships to better fight future malware. I also like how much further the Cabal has been able to get governments to work with them in terms of domain registrations, something that hasn't really happened as easily in terms of previous global malware threats. I'm glad that both individuals and large companies are starting to take action to protect themselves and others against Conficker, because it also helps protect them from other, possible worse, threats. Agent Derek Meister Geek Squad As a Geek Squad Agent, it’s hard not to make it through a day without someone asking about the Conficker threat and whether they should be worried that the Internet will implode on April 1st.

I do agree that there’s plenty to debate over just how significant the threat of this individual worm is, though I also believe that it depends entirely on who you are.

If you’re an individual looking to protect your family’s home computer, then you should probably be only concerned as much as you would about any malicious software threat. If you take the precautions you should be doing anyway, such as keeping your system up to date, making sure your antivirus and antispyware protection is current, avoid P2P networks and practicing safe Internet habits, then you can probably take a deep breath and go on with the rest of your life.

If you’re one of the big security and software companies that’s part of the “Conficker Cabal” coming together to fight the threat, I’m willing to allow a lot more concern and effort. Mainly, because I’m glad to see how much closer many of these companies are learning to work together to combat this threat, and how that may help build those relationships to better fight future malware. I also like how much further the Cabal has been able to get governments to work with them in terms of domain registrations, something that hasn’t really happened as easily in terms of previous global malware threats.

I’m glad that both individuals and large companies are starting to take action to protect themselves and others against Conficker, because it also helps protect them from other, possible worse, threats.

Agent Derek Meister
Geek Squad

]]> By: Mark Shavlik http://lastwatchdog.com/debate-significance-conficker-phoning-hom-april-fools/#comment-321 Mark Shavlik Tue, 31 Mar 2009 18:45:49 +0000 http://lastwatchdog.com/?p=1233#comment-321 Slowing or stopping the advance of the Conficker worm is a tremendous patch management and configuration management challenge. The problem is that organizations have a hard time knowing what patches are really installed and how systems are actually configured. Small organizations or individuals may be able to retain control, but most organizations are in a constant state of flux: new physical computers join the network, configuration settings change, and new software applications are added. The problem has gotten even worse with the increased emphasis on virtualization. Tools made by companies like Microsoft and Symantec require Agents – software for managing patches and configuration settings -- be installed on the systems they are trying to protect. If companies can’t get an agent installed on a machine, they can’t find it, and therefore can’t fix it! The only realistic approach is to have patch management and configuration management software that can work without the need to install agents and has the ability to assess and fix both physical and virtual machines. The Conficker.C variant is particularly nasty in that it targets security software in an effort to disable or render it ineffective. The worm actually blocks the Microsoft patch management agent. At Shavlik we focus on making technology that is simple and does not require software (agents) on the target computer. We have always done this, and at a time like this, our product is uniquely qualified to combat the threat of Conficker.C! We can talk about our free assessment for the missing patch and misconfigurations. More details at: http://www.shavlik.com/landingpage/20090326-conficker.aspx Mark Shavlik CEO Shavlik Technologies Slowing or stopping the advance of the Conficker worm is a tremendous patch management and configuration management challenge. The problem is that organizations have a hard time knowing what patches are really installed and how systems are actually configured. Small organizations or individuals may be able to retain control, but most organizations are in a constant state of flux: new physical computers join the network, configuration settings change, and new software applications are added. The problem has gotten even worse with the increased emphasis on virtualization. Tools made by companies like Microsoft and Symantec require Agents – software for managing patches and configuration settings — be installed on the systems they are trying to protect. If companies can’t get an agent installed on a machine, they can’t find it, and therefore can’t fix it! The only realistic approach is to have patch management and configuration management software that can work without the need to install agents and has the ability to assess and fix both physical and virtual machines. The Conficker.C variant is particularly nasty in that it targets security software in an effort to disable or render it ineffective. The worm actually blocks the Microsoft patch management agent. At Shavlik we focus on making technology that is simple and does not require software (agents) on the target computer. We have always done this, and at a time like this, our product is uniquely qualified to combat the threat of Conficker.C!

We can talk about our free assessment for the missing patch and misconfigurations.

More details at:

http://www.shavlik.com/landingpage/20090326-conficker.aspx

Mark Shavlik
CEO
Shavlik Technologies

]]> By: Andy Hayter http://lastwatchdog.com/debate-significance-conficker-phoning-hom-april-fools/#comment-316 Andy Hayter Mon, 30 Mar 2009 21:37:51 +0000 http://lastwatchdog.com/?p=1233#comment-316 Although there is a lot of interest and publicity surrounding this piece of malware, if you have been practicing safe computing practices, you are at minimal risk. Both businesses and individual users need to manage all the updates security vendors provide including network infrastructure devices and applications as well as end-user security solutions. By now those computers that can be infected with the Conficker / Downadup / Kido most likely already are. Rest assured: the vulnerability in the Microsoft operation system has been patched since October 2008. Additionally, the major anti-malware vendors have been working since the original discovery of this worm back in November 2008 to provide detection in their products. Business users and consumers can rely on organizations such as ICSA Labs, which perform periodic tests, anti-malware tests are performed monthly, to validate that vendors are performing their due diligence and keeping their products and solutions up-to-date. Andy Hayter Anti-Malcode Program Manager ICSA Labs Although there is a lot of interest and publicity surrounding this piece of malware, if you have been practicing safe computing practices, you are at minimal risk. Both businesses and individual users need to manage all the updates security vendors provide including network infrastructure devices and applications as well as end-user security solutions. By now those computers that can be infected with the Conficker / Downadup / Kido most likely already are.

Rest assured: the vulnerability in the Microsoft operation system has been patched since October 2008. Additionally, the major anti-malware vendors have been working since the original discovery of this worm back in November 2008 to provide detection in their products. Business users and consumers can rely on organizations such as ICSA Labs, which perform periodic tests, anti-malware tests are performed monthly, to validate that vendors are performing their due diligence and keeping their products and solutions up-to-date.

Andy Hayter
Anti-Malcode Program Manager
ICSA Labs

]]>