Rugrat virus; Apache & Mac OS X patches

This issue's topics: Introduction: * Rugrat virus; Apache & Mac OS X patches Virus News: * First 64-bit Windows virus discovered Security News: * Four security patches in latest Apache 1.3x release * Apple Mac OS X 10.3.4 updates released * XP SP2 distribution dilemma

This issue's topics:

Introduction:

* Rugrat virus; Apache & Mac OS X patches

Virus News:

* First 64-bit Windows virus discovered

Security News:

* Four security patches in latest Apache 1.3x release

* Apple Mac OS X 10.3.4 updates released

* XP SP2 distribution dilemma

Introduction:

I'll be very brief introducing the newsletter today because time's short and rather fittingly, so is this issue...

There has been a lot of talk about a couple of noisy worms this week, but they don't (from my perspective) seem to be getting much traction, so I have not covered Bobax and Kibuv. The virus I have covered is an interesting discovery from a technical perspective, being the first native 64-bit Windows virus. It is quite unlikely to ever be any kind of threat even when 64-bit Windows machines become at all common!

On the security front, we have security patches for Apache 1.3 and Mac OS X 1.3 and an interesting discussion of the whether Microsoft should cripple the Windows XP SP2 installer so those running widely known pirated copies of the operating system cannot update.

Virus News:

* First 64-bit Windows virus discovered

Antivirus researchers at Symantec, makers of Norton AntiVirus and related products, announced yesterday the discovery of the first true 64-bit native Windows virus. Dubbed Win64/Rugrat.A, the virus bears a great deal of similarity to an earlier 32-bit Windows virus known as Win32/Chiton - neither are 'in the wild' nor ever likely to be.

Rugrat only infects 64-bit Windows executables and is primarily of interest for being 'first'. As of copy submission time, from the antivirus sites we monitor only Kaspersky Labs and Symantec and posted a description of Rugrat, with the former's being, at best, 'telegraphic'.

Kaspersky Lab Virus Encyclopedia

Symantec Security Response

Security News:

* Four security patches in latest Apache 1.3x release

The Apache Software Foundation recently released version 1.3.31 of its popular web server software. As well as a small number of new features, this release includes patches for four relatively minor security vulnerabilities. Apache users may obtain the sources from the usual places and rebuild or, in most cases, obtain updated packages from their OS distributors.

Apache HTTP Server 1.3.31 Released - apache.org

Apache HTTP Server 1.3.31 CHANGES list - apache.org

* Apple Mac OS X 10.3.4 updates released

Apple has just released a new set of updates for OS X 10.3. There is no specific mention of any of the included fixes being new security patches, but there have been a number of relatively minor security flaws in the operating systems and applications that OS X is based on of late and it is quite possible fixes for related flaws in OS X are included in the 10.3.3 update. These updates are also good 'all-in-one' patches, holding all previous security patches as well as the feature improvements and other bug-fix patches.

Apple Downloads - apple.com

* XP SP2 distribution dilemma

Microsoft faces a dilemma in distributing its long-awaited Service Pack 2 (SP2) for Windows XP. Much touted - and deservedly - for its new tough line on security improvements, the issue Microsoft faces is whether to prevent the SP2 installer from doing its work on known pirated copies of Windows XP.

Pirated copies of the operating system (OS) are seen by Microsoft as lost revenue. Further, the company has a long-standing hard-line position against piracy, including playing leading roles in several IT industry copyright infringement discovery bodies. So, it is understandable that Microsoft would be unwilling to allow specific copies of XP that are well-known to have been heavily pirated, to be updated.

On the other hand, Microsoft's recent emphasis on and push toward incorporating much better security in its operating systems and applications, tends to work against preventing SP2 from installing on widely-pirated copies of XP. After all, because of the popularity of its OSes, a large number of pirated copies exist and not allowing them to patch up to SP2's much-enhanced level of security means a significant number of Windows machines on the Internet would remain unpatched and exposed to all manner of (future) nasties.

SecurityFocus' legal issues columnist, Mark Rasch, has tackled these issues from a legal perspective and we think you may find his views and conclusion interesting.

Weighing Profits against Peril - securityfocus.com

Join the newsletter!

Error: Please check your email address.

More about 3xApacheApache Software FoundationAppleKasperskyKasperskyMicrosoftNortonSecurityFocusSymantec

Show Comments
[]