Tuesday, August 16, 2005

Microsoft: "Mobilizing Our Two War Rooms"

The director of Microsoft's security response center, Debbie Fry Wilson, said the computer giant was in an "emergency response" mode. "Right now, we're mobilizing our two war rooms," she told CNN.
Read more of this riveting tale.

Here's the dirt on this latest virus, named Zotob. Wikipedia has also initiated coverage of the Zotob worm.

It apparently does a buffer overflow exploit on Windows 2000 machines running the LSASS on TCP port 445, just like the Sasser worm did before it. Why this service is running on a default installation of Windows 2000 is beyond me.

I've said it many times before and i'll say it many times again. Operating system vendors need to distinguish between "Client" and "Server" distributions of their operating system. The vast majority of end-users, even advanced users, do not need, on a default installation, to be running any service listening on any port.

Apple has grokked this very simple philosophy a long time ago. This is why you have Mac OS X Server for people in the business of running servers. And Mac OS X Client, for the rest of us. Both are equally advanced versions of the same operating system, they're simply configured differently for different purposes.

No comments: