sachmet is one of the many readers who contributed news that "Gartner Group is now recommending that IIS be replaced in corporate environments. This is based on the fact that TCO for IIS is rising due to the almost-weekly patches sent out by MS, and even then, it's nearly impossible to get patched quickly enough. Best part: 'Gartner remains concerned that viruses and worms will continue to attack IIS until Microsoft has released a completely rewritten, thoroughly and publicly tested, new release of IIS,' which they say has an 80% chance of happening by the end of next year." Gartner hasn't always said favorable things about Linux systems in the workplace, but the businesses that rely on this type of analysis to justify purchasing decisions may find this one interesting. Update: 09/24 22:04 GMT by T :As several people have pointed out, the 80% figure appears to be Gartner's odds that IIS won't be rewritten that soon, rather than the other way around (.673334 probability).

illusion_2K writes "Another monumental step forward for Linux - the SirCam virus now works on Linux via WINE. ("With a few ommissions")" Allright I had to post it. Thats damn funny. We can emulate worms if we want to!

jaliathus asks: "While the Microsoft side of the computer world works overtime these days to fight worms, virii and other popular afflictions of NT, we in the Linux camp shouldn't be resting *too* much. After all, the concept of a worm similar to Code Red or Nimda could just as easily strike Linux ... it's as easy as finding a known hole and writing a program that exploits it, scans for more hosts and repeats. The only thing stopping it these days is Linux's smaller marketshare. (Worm propagation is one of those n squared problems). Especially if our goals of taking over the computing world are realized, Linux can and will be a prime target for the worm writers. What are we doing about it? Of course, admins should always keep up on the latest patches, but can we do anything about worms in the abstract sense?" Dispite the difficulties in starting a worm on a Unix clone, such a feat is still within the realm of possibility. Are there things that the Unix camp can be learning from Code Red and Nimbda?

Reader Bob Johnson wrote this detailed review of Hacking Exposed followup Hacking Linux Exposed -- especially in light of the various color-coded Windows viruses still on the loose, this might be a good present for your your local Windows administrator as well, but both Bob and the authors are clear: GNU/Linux systems may be more resistant, but are not immune to cracking.

disc-chord writes "Frustrated by Code Red and now Nimda, the DSL provider DSL.net (a CLEC and reseller of Covad) has shut off 800+ infected customers. They claim they cannot get in touch with all of their customers, so they're just shutting them all down, and waiting for the customer to call them. When/if the customer does call they are informed that they are infected with the Nimda virus and must remove it before they will be reactivated. But how are customers supposed to fix the problem when their internet connection is shut down? " I say tough beans: If you get infected, it's your responsibility to get yourself cleaned up. The Internet is a peer-to-peer system where one peer can piss in the public pool. These ISPs are doing a good thing by keeping this crap off the net. Sure, a nicer tactic would be to disable low port numbers for infected users (my provider doesn't let them through in the first place) but this would likely just confuse users. At least this way they know what's up. Flame if you will, but all these worms are going to only get worse since Microsoft will never fix the problem without making sure people have to pay a monthly subscription for their OS, and users are unaware that they have to patch their boxes. ISPs shouldn't have to be responsible for their users this way, but they are responsible for keeping their other users online, and a few infected boxes can cause a lot of havoc for the whole net.

Digital_Quartz writes: "Wired News is reporting on a clever little tool by Tom Liston called LaBrea which uses unused IP addresses on a network to create virtual computers for worms and hackers to attack. LaBrea responds to requests in such a way as to keep the connection open forever, creating a "tarpit" in which worms like Code Red will get "stuck"."

An Anonymous Coward writes: "This two-part article at Wireless NewsFactor examines the risks of malicious code on wireless platforms and what companies can do to combat potential threats. The gist of it is that wireless viruses/worms/trojans are unlikely to spread unchecked, and it digs pretty deep into why that is the case."

Last week you asked Bradley Kuhn, VP of the Free Software Foundation (FSF) questions about working with RMS, his views on software freedom, and much more. He's answered at length below, on everything from becoming a saint to the "web app loophole," perl, and the next iteration of the GPL.

friday2k writes "Securityfocus has a nice column on Worms and their origin in 1988. It explains what everybody should never forget. We have dealt with *NIX worms (Sadmind, li0n, ...) and they will come back again. Maybe then the MS fanatics will laugh and say: didn't we always tell you Open Source is insecure (too?) ..."

Slashback brings you updates and additional notes on recent Slashdot stories. Tonight that means more on computers playing chess, on judges who don't like being monitored in the workplace (too bad!), and on the (less totally spectactular, still bad) cracking of 802-Errr, something.

Insanik writes "I am not an expert with internet worms like Code Red. However, I am curious if it would be possible to create a friendly worm/virus/whatever that would fight the original by using the same security holes. For instance, I read that Code Red II opens a back door. Why not have another virus that exploited the back door, closed it, then started sending itself to other servers for a certain period of time? " The submittor raises an interesting question - is this possible? I would guess so, in theory. And while we're working on Code Red, can we send a large man to the home of my latest Sircam senders and politely "ask" them to stop clicking on virii?

AllSpammedOut writes: "Spam could be more easily detected if everyone were to compare the mail messages they received. Using the Distributed Checksum Clearinghouse, MTAs can report the checksums for all messages they receive and be notified when a checksum has already been reported by many other systems." Obviously there are issues with something like this (especially mailing lists, and worms that do attachments). I suspect spammers would just include a counter to break checksums tho."

davidu writes "David Moore at CAIDA (The Cooperative Association for Internet Data Analysis) was monitoring an entire /8 network while the code-red worm traversed the net. His findings are really interesting and show just how swiftly code-red moved across the net and infected hosts. It was the sheer stupidity of the worm's creator and the skill of some network admins which limited the worms attack and DoS potential. note: Check the graphs, these pictures really do tell a thousand words."

skware writes: "The first public hearing for The Cybercrime Bill (2001) was held in Sydney on Thursday. The hansard report of the meeting is online in pdf format at http://www.aph.gov.au/hansard/senate/commttee/s506 9.pdf. There was quite a good showing from the law enforcement and drafting agencies and Departments. Submissions were made by the Attorney general's Department (AGD), the Australian Federal Police (AFP), and the Australian Computer Society (ACS)."

webword writes "SciTech Daily is reporting on a 'mole' that Japanese scientists have developed that can cut through a 2cm thick chunk of beef steak in 20 seconds. The tiny machines could be injected into a vein, and could be steered around the body using an external magnetic field. The idea is to use them to remove cancerous tissue and move drugs around the body. Not that anyone cares, but they remind me of the bore worms from Flash Gordon."

Ivan Reitman's latest film Evolution stars David Duchovny and the Make Seven Up Yours guy in a reasonably entertaining rehashing of Ghostbusters featuring more butt related jokes then any movie without Adam Sandler. Decent CGI and action sequences are available too. Nothing that will warrant awards in this day and age, but it might entertain you for a few minutes. There's much more to be said about this, so keep reading if you want to know what I think, or just want to complain that I'm sharing it.

Bill Camarda contributed this review of Hack Attacks Revealed. A healthy dose of paranoia comes in handy sometimes -- and anyone with a broadband connection of any kind has reason to double the dose. And Yes, this book denies the existence of neither *NIX nor Windows systems.

Wakko Warner writes: "According to this article, a new Linux worm named "Cheese worm" has been spreading lately. The difference between this and other Linux worms is that Cheese worm attempts to fix backdoors added by other worms, removing malicious code and user accounts and scanning for other infected systems on the network. Now if someone would only release something like this for Outlook that turns off VBScript..."

Bob Young prefaces his answers to your questions by saying, "You may notice I've ducked some of the answers below - there is a reason for this. My role at Red Hat these days is as Chairman of the board. Matthew Szulik is Red Hat's CEO and will be a better person to answer some of the specific issues that these questions raise....

BoomMike writes "While the popular media drools over eWEEK magazine's contrived Open Hack Challenge, which offers modest cash prizes for cracking a carefully arranged network, real geeks can compete in the Honeynet Project's new Forensic Challenge, and pick up the trail of a hacker who cracked one of the project's Linux-based honeypots last November. Mount the file system images and pour through the IDS logs to figure out the who, what, where, when, why and how of the attack, and you can win a book. SecurityFocus has the story." In a much related vein to the Honeynet crack RH6.2/7 there's a story on C|Net concerning the "worm" that's a new popular exploit set with the script kiddies on RH 6/7 servers.