Re: W32.Swen.A

From: Mike (anonymous_at_discussions.microsoft.com)
Date: 11/26/03 

Date: Wed, 26 Nov 2003 13:46:05 -0800

Maybe you're right Dave. Maybe I will come to understand this in time. I'm not sure what more I can say at this time to express how I feel. I can't help but to feel violated by these despicable people. Computer rape, that's what it is! Is that too strong a term?

I would like to respond to your question, "There are greater than 30,000 News Groups. What makes Microsoft's portion any different from the rest ?"

Microsoft is the undisputed leader in the computer software market and they need to take a leadership role in resolving these problems. Microsoft has the means to help track down these unscupulous people and put a stop to the damage they cause. At the very least I would expect Microsoft to be a strong voice (scream from the roof tops) for elimating any "holes" that allow these idiots to affect our systems at will. If not Microsoft, than who?
     
     ----- David H. Lipman wrote: -----
     
     Replies are inline....
     
     "Mike" <anonymous@discussions.microsoft.com> wrote in message
     news:65A01AAE-668A-4022-85E5-D26534A4EA26@microsoft.com...
     | So if I understand you correctly, news groups seem to provide little control over the
     individuals who use them. As you stated, "News Groups can be accessed by people with good
     intentions, people with nefarious intentions, news bots and the Swen worm.". Would an
     alternate method of allowing Microsoft users to post questions be less accessable and
     provide more security?
     
     
     Using the MS CDO adds some security but it obfuscates the poster since you can't tell what
     the IP address and ISP of the poster is. - DHL
     
     
     You mentioned that Newsgroups were not like bulletin boards. Would a bulletin board provide
     more security for it's users?
     
     
     Bulletin boards are not based upon TCP/IP so yes...they are more secure. However, a virus
     could be posted at a bulletin board just the same. - DHL
     
     
     If so, I think Microsoft should value it customers enough to provide the support we need in
     a manner that provides the highest level of security. If the "people with nefarious
     intentions" were made to show themselves (in a manner of speaking) would they be as
     successful in taking over a place where millions of Microsoft users come for help.
     
     Microsoft, Veritas, Adobe and many more companies do the same thing to support their
     customers in using News Servers - DHL
     
     | Don't get me wrong, I despise the creators of these worms the most, but just as I pay
     taxes so that I am provided with police protection, I expect Microsoft to use a portion of
     there significant revenues to provide the highest level of protection possible for it's
     customers. I am not convinced that is the case.
     
     The reality of the situatuon is a learning curve you will achieve and eventually understand.
     
     | I've spent some time viewing many of the responses in these new groups regarding the Swen
     worm, and many of them simply say, "Microsoft cannot do anything about it". This just
     sounds so defeatist to me. I have chosen Microsoft products over competing products because
     Microsoft was the "Gold Standard" in my mind. When I hear, "Microsoft cannot do anything
     about it", I can't believe what I'm hearing. I would be a little more understanding of this
     situation if I heard, "Microsoft cannot do anything about at this moment, but we're working
     on it".
     
     
     There are greater than 30,000 News Groups. What makes Microsoft's portion any different
     from the rest ?
     
     Dave
     
     
     
     
     |
     | ----- David H. Lipman wrote: -----
     |
     | Mike:
     |
     | The UseNet News Groups that begin microsoft.* are maintained by Microsoft
     personnel or
     | Microsoft contractors. You can access them via the CDO which is a web based
     methodology
     | for accessing these groups or you can use a Network News Client (NNTP client) such as
     | Outlook Express, Netscpae Messenger, News Agent, etc. and point them to the server:
     | msnews.microsoft.com I use Outlook Express and access the groups this way.
     |
     | My ISP is Verizon and I can alose access the MS News Groups via the Verizon News
     Server,
     | news.verizon.net however they don't carry ALL the MS News Groups. News Servers are
     unlike
     | bulletin boards in that there is not one server hosting the data. The data is
     replicated
     | to many News Servers based on the Server's sunscribing to the News Groups that
     | adminstartion decides to carry.
     |
     | Now that you have some backgroung, lets get back to email addresses, munging, and the
     Swen
     | worm.....
     |
     | Since the News Groups are hosted by News Servers, News Groups can be accessed by
     people
     | with good intentions, people with nefarious intentions, news bots and the Swen worm.
     |
     | When you or I access the News Server outr intentions are to communicate and this is
     the
     | good intention I mentioned.
     |
     | When a spammer access a news Group(s) they deliberately find email addresses to
     combine
     | into lists to sell.
     |
     | News bots are programs that are written as News Clients with the specific intention
     of
     | capturing email addrsses.
     |
     | The Swen worm is a type of virus that uses the concept of News bots to capture email
     | addresses but the worm has also a email engine. An infected machine would then,
     unknown to
     | the machine's owner, use the NNTP engine in the worm and harvest email addresses.
     The worm
     | can then use its built-in SMTP engine to send the worm to the harvested email
     addresses.
     | The worm can also use its built-in NNTP client to post itself to UseNet News Groups.
     |
     | So with the above information I hope you will realize you need to blame the Swen worm
     | creater NOT Microsoft. It just so happens that Microsoft is a highly prized target
     of
     | viruses, worms and Tojans on both their servers and workstations of all types.
     |
     | Dave
     |
     |
     |
     |
     | "Mike" <anonymous@discussions.microsoft.com> wrote in message
     | news:9E07D452-B0D5-4928-B137-AD3C7B0FBEB2@microsoft.com...
     | | I agree! I mistakenly believed that this newsgroup was affiliated with Microsoft.
     Hec,
     | I got here from the Microsoft website! Because I believed these newsgroups were
     affiliated
     | with Microsoft, I assumed Microsoft would ensure a level of security. My mistake
     entirely.
     | |
     | | You know it just occurred to me that there are an awful lot of individuals posting
     to
     | these newsgroups with the same problem I'm experiencing. Has Microsoft, or whoever
     | maintains these newgroups, ever considered warning people that there is a risk when
     posting
     | to these newsgroups. Maybe advising people not to use their primary e-mail
     addresses, or
     | not using any e-mail address at all.
     | |
     | | Yes, it's my responsibility. It's MY fault for putting my trust in Microsoft. I
     won't
     | make that mistake again, and I suspect an increasing number of people won't either.
     |
     |
     |