THE SASSER WORM — What You Can Do Now

I’m sure most of you have heard of the Sasser worm by now. This vicious piece of code hit the Internet some ten days ago. It’s been on television, newspapers and magazines. Some of you have been infected. Hopefully many of you will have followed the advice of these broadcasts and articles, so won’t need this column. I fear that many of you haven’t.

The Sasser worm only infects Windows 2000 and Windows XP. If you don’t have either of these versions of Windows, much of this column won’t apply to you. There will still be security advice that you should follow.

If you don’t have your firewall up and Windows patched you are certain to get the Sasser Worm. What does the worm do?

It slowed down net traffic so badly that in some places streaming video and voice over the Internet was degraded and impossible to use. In Australia, Westpac Bank was so badly infected that it had to use pen and paper go keep functioning. Several hundred thousand train passengers were stranded on Monday, and even the railway’s radio network was shut down. Apparently only 25% of the trains were running.

In Hong Kong, Goldman Sachs said some of its systems were disrupted. A bank in Finland closed all of its 130 branches. Some post offices in Taiwan, Germany and elsewhere in Europe were shut down. Even the European Commission and the UK Coast Guard were hit.

These are only a few examples from the popular media most of you have probably seen.

Unlike other worms, you don’t have to do anything but connect to the Internet to get infected. No email attachments to open, no answering yes or no to a permission to download a control or executable. Antivirus software won’t catch the worm (at least not yet).

So let’s get to work. First download the patch you need. The easiest way is navigate to windows update from your start menu. Click Start on the taskbar then hover your mouse over ‘All Programs’:

Otherwise select ‘open’ from your browser’s file menu and type in the URL http://v4.windowsupdate.microsoft.com/en/default.asp

In either case you’ll bring up the page

Follow the instructions. If you’ve already installed the critical update, or your computer is configured for automatic install, all the better. After the scan, you may be offered updates that are not security related. If so, download them at another time. After the critical install, you may be asked to reboot your computer. Don’t hesitate to do you. If necessary, immediately go offline, close down your applications in an orderly manner, then reboot. At this point the Sasser virus can’t get you, but many other intruders can. They are clearly getting more plentiful and nastier.

Next, go online to the URL http://www.microsoft.com/security/protect/ to bring up the following page:

Choose your operating system, then click go. You may first wish to print out the steps.

Since I have Windows XP, clicking ‘Go’ brings me to the following page:

The instructions for activating an Internet firewall are well written, lavishly illustrated. There’s no need for me to comment. The second step is to configure Windows for automatic updates, and the third discusses the need for a good anti-virus program.

As Microsoft makes clear, it is possible the enabling the firewall will interfere with Internet gaming, messaging, or P2P file trading. Microsoft provides detailed instructions on how to open up a hole in the firewall to allow those activities.

Microsoft only provides Windows 2000 and Windows XP with a firewall. What do you do if you’re still using Windows ME, or Windows 98? I sent a preview of this article to a cousin in the software business. He emailed me that he uses a free firewall from a prestigious company named Sygate.

I’ve never used it. My cousin is happy with it, and it was suggested to him by a very serious developer. I suggest you connect to http://smb.sygate.com/products/spf_standard.htm

You’ll arrive at the following page:

Best of luck.

Before I wrap up, some of you may be infected. Fortunately Symantec, the manufacturer of Norton AntiVirus , has a free tool to remove the Sasser Worm from your computer.

Link to http://www.symantec.com

Read, download, and clean your computer.

See you next week.

Dennis Turner