[shearm]

This is an urgent email I received from my systems managers at work. Anyone know this to be true?

We've discovered firsthand that Macs running OSX are in fact affected by the Blast Worm virus only in the sense that your OSX Mac can become a "host" for the worm virus and can send it out to other PCs or Macs with OSX either through wireless means or through a network connection.

Right now, there is no fix for the worm virus on the Macs because Symantec says they are not affected by the virus the same way as PCs are, so they are not making it a priority.

However, as a precaution and to protect our network as much as possible, you should take steps to protect any personal Mac Laptop or a Post-issued Mac Laptop that you might bring into the building by turning on the Firewall in your System preferences.

Here's how to turn on the Firewall:

In MacOSX, go into your system preferences (under the apple menu or from the dock) and under the Internet & Network heading and click on the Sharing folder:

Then, when the settings box opens up, click on the Firewall tab and click on the Start button to turn on the Firewall. If it is already on (as pictured), it will say "Firewall On" above it:



Then close the dialog box. Your firewall is now turned on and you should be safe from the virus.

[ZackS]

No, the only way Macs are effected by the worm is through network slowness or by the DDOS attacks the worm uses to propagate. You can either turn on the firewall (which won't help THAT much because it's a software firewall and your system will still receive and then deflect the requests. The best solution if you suspect that your internet has slowed to a crawl because of the worm is, if possible, to refresh your IP address. Dialup users, disconnect and reconnect, DSL and cable users with dynamic IPs, turn your modems on and then off (or if you use PPPoE, just disconnect/reconnect).

[JLL]

Originally posted by ZackS:
No, the only way Macs are effected by the worm is through network slowness or by the DDOS attacks the worm uses to propagate. You can either turn on the firewall (which won't help THAT much because it's a software firewall and your system will still receive and then deflect the requests. The best solution if you suspect that your internet has slowed to a crawl because of the worm is, if possible, to refresh your IP address. Dialup users, disconnect and reconnect, DSL and cable users with dynamic IPs, turn your modems on and then off (or if you use PPPoE, just disconnect/reconnect).

The worm's DOS attack only has one target: windowsupdate.microsoft.com.

[dreilly1]

Symantec says that OS X systems are not affected. (scroll down to the bottom).

It seems your Systems Manager is wrong. Or maybe, he's smart and is just using the virus scare to get all his Mac users to turn on the firewall without having to do it himself...

[ZackS]

No, according to Symantec's site, the worm propagates by generating random IP addresses and attacking it at port 135 repeatedly. It won't do anything to a Mac even if the port is open but it will cause an annoying slowdown to all internet services for a period of time.

Read more about it here: http://www.symantec.com/avcenter/ven...ster.worm.html

I just want to say LOVE YOU SAN!!

[Moose]

Not only does it not affect Mac OS X computers, it also doesn't affect Windows computers that applied the patch (which wasn't kept secret) when it came out on July 16.

[DeathMan]

My windows friend was updated on his service packs all the way, and still got it. Apparently they don't put bug fixes into their service packs? They should. You think you're covered cause you have the latest version number, but you still lack the patch for a widley known worm?

I didn't install the service packs, so who knows how they were installed, but my friend is very computer literate, and he thought he was covered.

Shouldn't it be easier to protect your computer from known, anticipated problems?

[goMac]

I wish my mac was affected... I want to attack Microsoft with my computer too...

[jessejlt]

Nah, the source is freely available and it's clearly written in IA-32, where the more intensive pieces are in IA-32 assembly...no possibility of a PPC rig becoming infected.
jesse ;-)

[kupan787]

Originally posted by Moose:
Not only does it not affect Mac OS X computers, it also doesn't affect Windows computers that applied the patch (which wasn't kept secret) when it came out on July 16.

I would hate to run Windows and only have dial up. It must be a bitch to try and keep up with all the patchs on a slow connection (I heard there have been something like 30 critical updates this year!).

[RayX]

Originally posted by shearm:
This is an urgent email I received from my systems managers at work. Anyone know this to be true?

We've discovered firsthand that Macs running OSX are in fact affected by the Blast Worm virus only in the sense that your OSX Mac can become a "host" for the worm virus and can send it out to other PCs or Macs with OSX either through wireless means or through a network connection.

This worm does not touch OS X at all.

Your system manager may be thinking of traditional e-mail viruses. Say you have a laptop running OS X and receive an e-mail with a virus (such as Klez etc) attached. You will not be affected by this at all, however if you forward this e-mail to someone else in your organisation that is running Windows and they open it, well you know what happens next (assuming they have no AV or unpatched).

[ngrundy]

and this guy keeps his job how?

[Art Vandelay]

Originally posted by DeathMan:
My windows friend was updated on his service packs all the way, and still got it. Apparently they don't put bug fixes into their service packs? They should. You think you're covered cause you have the latest version number, but you still lack the patch for a widley known worm?

I didn't install the service packs, so who knows how they were installed, but my friend is very computer literate, and he thought he was covered.

Shouldn't it be easier to protect your computer from known, anticipated problems?

MS only releases service packs about once a year. They do include bug fixes, but only those that were developed prior to the release of the service pack. MS releases many patches throughout the year. Anyone running Windows needs to constantly be keeping up to date with these patches. You can run Windows Update manually or have it check automatically. It should be run daily with Windows.

[teknologika]

Originally posted by DeathMan:
My windows friend was updated on his service packs all the way, and still got it. Apparently they don't put bug fixes into their service packs? They should. You think you're covered cause you have the latest version number, but you still lack the patch for a widley known worm?

Windows patches are released as "hotfixes", and the hotfixes are then combined to form service packs. So to keep windows 100% up to date you need to install the latest service pack and then any hotfixes that have been released since the service pack has been released. For this particular worm the required hotfix is at: http://www.microsoft.com/technet/tre.../MS03-026.asp.

Apple do a similar thing but their "service packs" come in the form of the 10.2.X releases and can also contain new features. Microsoft used to release new features in service packs, but now has a "no new features in service packs" policy so users have to pay for any new feature by upgrading.

[teknologika]

Originally posted by goMac:
I wish my mac was affected... I want to attack Microsoft with my computer too...

ROTFL ... There ARE ways to do this but this ... but this type of thing is considered VERY anti social and NOT recommended.

[geekwagon]

Originally posted by teknologika:
Microsoft used to release new features in service packs, but now has a "no new features in service packs" policy so users have to pay for any new feature by upgrading.

Actually, the main reason that they stopped putting features in SPs was that corporate customers requested it. They announced that policy at Teched 99 during the keynote to much applause and cheering. The idea was that the we were all sure it was because of those untested new features that their SPs constantly broke our existing stuff. Of course, now we know that all they have to do is patch the old features to break things They also announced their new "No reboots necessary" policy for software installations there (remember, this was in the middle of the Win2000 beta cycle.) Too bad that didn't work out either

[sniffer]

Originally posted by ngrundy:
and this guy keeps his job how?

Exactly my thought as well.

[FauxCaster]

the email stated he had "first hand" knowledge blast infects os X; implying he has actually seen/touched an infected mac. I think you can get him fired for A) lying or B) being too stupid to know the difference.

[GENERAL_SMILEY]

Set your computer to reboot every 60 seconds, then you can feel part of it too - and not have to do any work.

[Samanoske]

Originally posted by goMac:
I wish my mac was affected... I want to attack Microsoft with my computer too...

lol / rotf *gg* .. and even without "knowin" it ...

Originally posted by ZackS:
... by generating random IP addresses and attacking it at port 135 repeatedly.

ahhh - that's why ma Firewall.log is flooded with that shiat ...

Originally posted by ZackS:
I just want to say LOVE YOU SAN!!

hehe - maybe Apple should advertise the new switch campaign with that

[Uisce]

Yeah, mild annoyance that I have had to reset my modem three times in 48 hours, but other than that, I am simply reveling in the swiss cheese we call Windows.

[tritonus]

Originally posted by GENERAL_SMILEY:
Set your computer to reboot every 60 seconds, then you can feel part of it too - and not have to do any work.

That's a good one.

I spent some hours fixing a friend's computer running Win XP. So happy I switched to OS X.

[Moose]

Originally posted by tritonus:
I spent some hours fixing a friend's computer running Win XP. So happy I switched to OS X.

So happy I applied the patch that was available on July 16.

It's not like Mac OS X hasn't had gaping holes waiting for an exploit--it's just that the exploits didn't get written for the same reason lots of software companies don't write Mac software: not worth their time.

As Mac OS X marketshare increases (if it does), watch for an increase in virus/worm activity.

[Arkham_c]

I'd love to write an innoculator. Listen in port 135, noting the IP of anyone who connects. Connect back to THEIR IP on 135 and innoculate their machine by removing the trojan/virus and rebooting their computer.

[JLL]

Originally posted by Moose:
So happy I applied the patch that was available on July 16.

It's not like Mac OS X hasn't had gaping holes waiting for an exploit--it's just that the exploits didn't get written for the same reason lots of software companies don't write Mac software: not worth their time.

As Mac OS X marketshare increases (if it does), watch for an increase in virus/worm activity.

What gaping holes?

Most of the holes found have been in software that 99% of Mac OS X users haven't enabled, and since the holes have been in Unix software, the market is a bit larger than Mac OS X only, plus I think it's worth the time if hackers could exploit big Unix installations and servers.

Plus we don't have a virus spreader like OE.

[shearm]

My systems person is a woman, not a man. (please, this is not intended to spark a bunch of sexist crap) I think it's interesting everyone assumed it was a man.

I, too, believe she was wrong about the worm affecting OSX. But she's on vacation now and I havent been able to talk to her to get her to elaborate on her email. When I do, I'll post her reasoning.

Mike

[milhous]

Originally posted by shearm:
My systems person is a woman, not a man. (please, this is not intended to spark a bunch of sexist crap) I think it's interesting everyone assumed it was a man.

I, too, believe she was wrong about the worm affecting OSX. But she's on vacation now and I havent been able to talk to her to get her to elaborate on her email. When I do, I'll post her reasoning.

Mike

And when you're about to post, just make sure you're not violating any confidentiality or secrecy agreement so you're not getting in trouble. Of course you could just paraphrase what she said to be safe.

[Cipher13]

Originally posted by ngrundy:
and this guy keeps his job how?

Indeed. She sounds pretty incompetent to me.