<div class='os_post_top_link'><a href='http://news.com.com/2100-1002-5074415.html?tag=nl' target='_blank'>http://news.com.com/2100-1002-5074415.html?tag=nl</a><br /><br /></div>Another very serious vulnerability in Windows NT/2k/XP/2k3 RPC services was announced yesterday, and it could enable another Blaster to hit the Internet if people don't patch their boxes soon. Translated: we will see another worm, because there are just enough people out there that don't know how to patch or won't be able to roll it out to all of their systems in time. :?<br /><br />What I'm truly worried about is a "cross-vector" worm -- one that spreads BOTH via vulnerabilities and email. This way, it can get past the firewall to the internal network as long as someone executes it. I expect it to exist one day, and that will truly will shake up people's consciousness about security. I hope. Anyway, make sure you hit Windows Update, use a virus scanner, and have a firewall and you should be all set. :)

What I'm truly worried about is a "cross-vector" worm
What about cross-platform (http://www.bbspot.com/News/2003/08/open_source_virus.html) viruses? :lol: Oh yes, I believe everything I read on BBSpot. :wink:

boxes soon and/or use firewalls.then
What I'm truly worried about is a "cross-vector" worm -- one that spreads BOTH via vulnerabilities and email.

This is why anyone that thinks a firewall is protection is just fooling themselves. Patch your @$*(&amp;@ system!!!

I can think of a dozen ways to get an infected machine/worm behind a VPN in a company with 5,000 employees. The firewall doesn't do diddly. Patch, patch and then patch. I personally just wish people would quit saying a firewall is valid. It is as asinine, IMHO, as walking into a community infected with small pox while wearing a protective suit. Chances are, the longer you stay in the community, the higher your chances are of getting infected. Get the vaccine. Patch.

This is why anyone that thinks a firewall is protection is just fooling themselves. Patch your @$*(&amp;@ system!!!
Sorry, I didn't mean it that way. I meant to say that because people won't patch AND because they won't use firewalls, they'll get hacked. Firewalls are an extra line of defense, but not a complete defense themselves. Post edited.

--janak

This is why anyone that thinks a firewall is protection is just fooling themselves. Patch your @$*(&amp;@ system!!!
Sorry, I didn't mean it that way. I meant to say that because people won't patch AND because they won't use firewalls, they'll get hacked. Firewalls are an extra line of defense, but not a complete defense themselves. Post edited.

--janak
Thanks. Just don't let it happen again. :wink: :rotfl:

Ahh, the Love! :ppclove:

Feels almost like home! :rotfl:

The firewall doesn't do diddly.
Exagerating a bit, eh?

I suggest everyone install BeOS, or buy macs. 8)

I am NOT arguing that people should not patch their systems, as they absolutely should, but immediately and blindy patching has its own issues, right? We are all aware of MS patches that have been pulled becuase they caused issues equal to or greater than those problems they were created to fix. As far as a client is concerned, it really isn't too important to them whether their server is down due to a virus or a patch.....their server is down. This is similar to the seatbelt argument in which there are a number of "what-if" scenarios where a seatbelt would do more harm than good, however those are few and far between. Chances are, you're safer with the seatbelt than without, and you're safer with the patch than without.

My only point is, just as firewall's aren't perfect, neither is patching.....its a jungle out there :(

-Brian

I read an interesting bit that said that one of the problems is that Microsoft announces the vulnerability which then allows all the hackers to go ahead and exploit it, knowing full well that not everyone is going to have it patched.

As I sit here and plan a patch deployment to 2500 systems (again!), I wonder whether it would be better if Microsoft would just not announce the vulnerability and we can live blissfully in ignorance! :D

I read an interesting bit that said that one of the problems is that Microsoft announces the vulnerability which then allows all the hackers to go ahead and exploit it, knowing full well that not everyone is going to have it patched.

As I sit here and plan a patch deployment to 2500 systems (again!), I wonder whether it would be better if Microsoft would just not announce the vulnerability and we can live blissfully in ignorance! :D

I somewhat agree with you there. I think the problem with that though is that it's usually Security firms that discover the vulnerability so that information is already "out there" so MS has to announce it.

:?: Pardon my ignorance on firewalls. Until recently, I used Zone Alarm as my firewall of choice on my Windows XP machine (using cable modem). I have discovered XP has a built in firewall ... does the built-in variety perform as well as a third-party product? Less important, what about resource consumption - better or worse? Please point me in the right area if this isn't the right forum. Thanks...

I am NOT arguing that people should not patch their systems, as they absolutely should, but immediately and blindy patching has its own issues, right?
Yes, although in home environments you don't really have a choice, except making sure your data is kept backed up regularly (generally a good principle when doing most ANYTHING on your machine). Corporate environments are indeed a much bigger problem, and testing the patch is what slows them down.

--janak

:?: Pardon my ignorance on firewalls. Until recently, I used Zone Alarm as my firewall of choice on my Windows XP machine (using cable modem). I have discovered XP has a built in firewall ... does the built-in variety perform as well as a third-party product? Less important, what about resource consumption - better or worse? Please point me in the right area if this isn't the right forum. Thanks...
The built-in XP firewall isn't as flexible as Zone Alarm, but it will help you against worms that use RPC vulnerabilities. However, you should continue to patch your system even if you have the firewall enabled.

--janak

I read an interesting bit that said that one of the problems is that Microsoft announces the vulnerability which then allows all the hackers to go ahead and exploit it, knowing full well that not everyone is going to have it patched.

As I sit here and plan a patch deployment to 2500 systems (again!), I wonder whether it would be better if Microsoft would just not announce the vulnerability and we can live blissfully in ignorance! :D

I somewhat agree with you there. I think the problem with that though is that it's usually Security firms that discover the vulnerability so that information is already "out there" so MS has to announce it.
That is exactly it. The flaw is already exposed. MS is just patching. There is no new info in the Microsoft security releases that isn't on the internet somewhere. Hackers aren't reading MS security bullitens to write worms anyway.

That is exactly it. The flaw is already exposed. MS is just patching. There is no new info in the Microsoft security releases that isn't on the internet somewhere. Hackers aren't reading MS security bullitens to write worms anyway.
Wasn't there a time when MS was requesting security firms to not announce the vulnerabilities until they had time to create the patch?

But these firms were skeptical that MS would create the patch in a timely fashion and were making the announcements themselves. So MS eventually gave in to the pressure and started the announcements themselves.(??)

And I'm not saying this is a bad thing. Just the way things have worked out....assuming my organic RAM hasn't done some historical revisionism. :)

The firewall doesn't do diddly.
Exagerating a bit, eh?

I suggest everyone install BeOS, or buy macs. 8)

Well that wouldn't solve anything. Then these guys would just write their worms for those. There's nothing inherently more secure about those OSs; it's just their relative obscurity that protects you. So your best strategy is to enjoy using an OS that's off the radar and don't encourage the masses to move to them. :idea:

I have tried to run the update several times, but nothing ever happens. The download window opens but the actual download will not begin. My firewall is not stopping this because I have run updates in the past and can still download other things. The left the dialog box open for over an hour waiting for it to begin but still nothing. Can you get the patch from somewhere else other than Microsoft's site?

BTW - How can you tell if you have the virus? Same boot issue as with Blaster?

I have tried to run the update several times, but nothing ever happens. The download window opens but the actual download will not begin. My firewall is not stopping this because I have run updates in the past and can still download other things. The left the dialog box open for over an hour waiting for it to begin but still nothing. Can you get the patch from somewhere else other than Microsoft's site?

BTW - How can you tell if you have the virus? Same boot issue as with Blaster?
Never get a patch from any site other than Microsoft's.

You can download it directly from the kb article in a normal executable. - here (http://support.microsoft.com/default.aspx?scid=kb;[LN];824146)

Oh, and there is no exploit for this in the wild yet. The key is getting patched now before one is released.

I have tried to run the update several times, but nothing ever happens. The download window opens but the actual download will not begin. My firewall is not stopping this because I have run updates in the past and can still download other things. The left the dialog box open for over an hour waiting for it to begin but still nothing. Can you get the patch from somewhere else other than Microsoft's site?

BTW - How can you tell if you have the virus? Same boot issue as with Blaster?
Never get a patch from any site other than Microsoft's.

You can download it directly from the kb article in a normal executable. - here (http://support.microsoft.com/default.aspx?scid=kb;[LN];824146)

Oh, and there is no exploit for this in the wild yet. The key is getting patched now before one is released.

Only slightly off topic but;

I really appreciate the quick response and link!!!!!! This is one of the best boards that I have ever been a part of. I also am on a board related to DVD burning and a football discussion and these tend to be more of the "find it through the search", or "no dumb noobie questions read the FAQ". Never ran across that here. Great to be able to get/give help when needed!!!!!

Just another reason to own a PPC!!!

:clap: :clap: :clap: