In response to the Aug. 20 story by Robert Lemos, "":
I have Windows 2000 Professional on my home machine. I read the news reports that the virus was coming. I already had antivirus software so I updated the virus definition files. Then I decided to do further preventive action and download the patch from Microsoft to plug the hole. But it wouldn't install. You need Windows 2000 Service Pack 4 to install this patch.
I downloaded SP4, which takes 5 hours to download the 135MB files--and it crashed. The error message said, "An error occurred while updating your system." An hour of reloading culminated in a fresh Windows 2000 install. Then the SP4 installed correctly. Finally, about 10 hours later, I was up to speed and able to correct the original problem.
I followed the instructions Microsoft e-mailed out on Aug. 16. On step six, there was no TCP/IP filtering option. There still was no firewall to enable you to close port 137, where the virus enters. Thus, the fix could not be implemented. Are they kidding? Somebody is not doing their homework up there in Redmond.
Most people are not going to have the resources, know-how and patience to deal with this level of effort. As far as I?m concerned, the Chinese group who wrote the exploit code, and the "security researcher" who "fixed" the exploit code to work on additional Windows platforms, should be considered accomplices to the crime and be given their share of the punishment--along with the hacker who put the final code segments together.
Citrus Heights, Ca.