Chalk a big one up for Sasser

Discussion in 'ten-forward' started by spy1, May 3, 2004.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    It took out every single work-station at the hospital (where I work weekends) this past Saturday.

    The IT guys were still there when I left at midnight last night, trying to get 500+ computers straightened out.

    It made everything a nightmare for everyone involved, since everything there is handled by computer - drug orders, surgery schedules, patient listings, test orders, intake paperwork for the ER patients, discharge paperwork - basically, everything ground to a halt (or nearly so).

    Whoever released that one should be dragged behind a pick-up truck at the end of a rope untill nothing but the rope is left. Pete
     
  2. swatch

    swatch Guest

    They should have taken care of the Windows Updates as well as their Antivirus - and nothing would have happened. You are blaming the wrong ones here ;)

    swatch
     
  3. StAnger

    StAnger Registered Member

    Joined:
    Jun 8, 2003
    Posts:
    84
    I don't agree. An honest man can make a mistake, but it takes a crook to take advantage. :(
     
  4. swatch

    swatch Guest

    Sure honest men can make mistakes - but it's their job - pay check coming in every month! - they failed miserably. Throw your wallet on the pavement and blame the one who runs with it....

    swatch
     
  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    swatch - Yes, I know it's all the rage to blame the victim instead of the perpetrator - an ignorant viewpoint, but popular nevertheless.

    It's not a "game" when critical heathcare systems get involved - you're actually playing with people's very lives. Every single "IT dept." that I know about is under-manned and over-worked - vultures, bloodsuckers and mentally-stunted individuals seem to find sick pleasure in taking advantage of that fact.
     
  6. StAnger

    StAnger Registered Member

    Joined:
    Jun 8, 2003
    Posts:
    84
    I will, for he is still a thief. And I think I can safely say that he would have done the same if it were a zero-day exploit (no patches available).
     
  7. swatch

    swatch Guest

    Don't get me wrong: I do blame the perpetrator equally at the least.

    One more reason for a IT dept. to make sure the system - and with that the well being from vulnerable peoples - will never be at stake.

    No argument here as for IT. But: keeping Windows updated (heck, one can subscribe to update alerts) seems like the first and easiest thing to do; it doesn't take any knowledge, and very little time to do so. Same goes for updating the installed antivirus.

    Everyone knows systems are vulnerable, and crooks are waiting to abuse this - for sure an IT dept.; comes with the job. Blame both IT and the crooks.

    swatch
     
  8. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Bingo. If you leave your keys in the car and someone steals it, that person is a very dishonest scumbag ... but you're an idiot.

    Acadia
     
  9. TheSnowGuy

    TheSnowGuy Guest

    As a person who just came home from a hospital....a person who was on life support for several days.......this thread has to make me do some very serious thinking.......
    The person who wrote this sasser worm most likely will never be caught....the IT guys who failed to perform their duties may not even be told a word by their boss.......
    An those people in that hospital...the ones who's very lives were placed at risk.....what about them?

    Whats wrong with this picture? Who takes responsibility ?


    Definitely I can understand Spy1 wanting someone held responsible.
    An its long pass time for making excuses. The viruses writers wont ever stop writing viruses....these are sick minded perverted people who have nothing to fear.....they wont be held responsible.........
    An the IT guys.....most likely nice working class guys who go to church on sunday...play baseball....fish..........an were lacking in applieing the needed protection........

    Who takes responsibility!!!
     
  10. TheSnowGuy

    TheSnowGuy Guest

    Forgot to mention:


    Zombie Computers: what responsibilty should they have.
     
  11. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Here's a nice little quote I found in another thread:

    "...corporations go through stringent patch testing procedures that can take weeks to complete, basically scrutinizing every security critical patch and testing it with different OS and software programs. These corporations are not trusting of M$ and want to ensure that these patches have no ill effect on their production environments."

    You certainly can't fault them for this, given M$'s record of patches and critical updates that resulted in worse damage (in some cases) than what they were suposed to "fix".

    My point here is that there's a lot more to the "they weren't doing their job" theory than what first meets the eye.

    As a sidenote, the hospital uses McAfee with automatic updates, and McAfee didn't detect until after the infection was already system-wide. Neither did their initial "fix" tool work - the IT guys had to use something else, which slowed down the recovery effort even more. Pete
     
  12. TheSnowGuy

    TheSnowGuy Guest

    Personally I would not trust M$ as far as I could throw it by its eyebows.
    Ok, so the IT people made a sincere effort....most IT do imo...
    an McAfee made a sincere effort....most anti-virus companies do imo...
    This worm is constantly changing an the AV companies can only patch after its discovered. The IT can only patch after the AV companies send the patch....all understandable.
    So where does that leave us? There still remains the question of those zombie computers. I received the McAfee patch early yesterday afternoon......moments later I undated my second AV program....haven't received any new updates since then. It may be safe to say that just about everyone here at this forum has updated.
    So, where is this worm coming from....how is this worm getting into systems so easily? in short...back to the first question. Where is the responsibility!
    If one person had died at that hospital..legally thats murder...the same as if someone had pulled the plug on the life support units. Families would be grieving......tears falling...........the hospital perhaps sued...insurance companies raise rates....dimino effect.........all the way to each of us eventually paying out our pockets. The lost of a life not being taken for granted. An no, I don't point a finger at the IT guys nor the AV guys....for years these people have put up with crap galore....virus after virus..tojan after trojan....wannabe hacker after wannabe hacker
    So, where is the resposibility to be placed...once and for all. Does everyone just continue having to sit quietly an take this. Do lives continue being placed at risk an no one can do anything. This is what we have all been doing for years...passively enduring....We endure wannabe hackers..viruses..trojans...spyware...bad websites...we endure.....we endure our beautiful children being tracked by perverts.....or our credit card numbers stolen......our e mail box swamped.....we endure. An all any of us want is to simply use the internet....we pay for the connection...we pay for our firewalls..we pay for our AV......we pay for file protection...some of us pay for spy cleaners......we pay...constantly.
    Someone PLEASE, tell me....who is responsible! Truthfully, I don't think anyone can answer that question.....I can't. If anyone here can please do so.
     
  13. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Just to add my two cents worth, I have to say it is a sad day when you criticize the victims of sasser, and even sadder when it is a forgone conclusion that its creator(s) will never be held accountable. No one exists in a vaccuum and I have to believe that someday people are going to have enough.

    As for the notion of applied all patches, and updated antiviruses...let's also not forget we are all vulneralbe sometimes. These days i cringe when i do a clean install on a computer, and i have to go through the process of updating, installing, ect...it doesn't happen instantaneously, and there is much room for errors.

    I am also somewhat frustrated by programs that suggest that you deativate your virus shield while doing installs, or defrags, or whatever else, implying that problems will result if you do not. After experimenting i have never found any reason to deactivate my anti-virus program and never, to my knowledge have suffered as a result. I'm not saying that is true for everyone across the board, but it is a question...maybe another topic even...but i do wonder.

    - HandsOff
     
Thread Status:
Not open for further replies.