Zotob worm patch?

[Leythos]

I'm sure all the companies that got hit with the Zotob worm had
firewalls enabled. Microsoft issued a critical update over a week
ago to prevent this infection. I guess they too thought a firewall
was all they need....guess they were wrong.

Carey - do you really understand security? If you did you would not have
made that statement in the way that you did.

Many companies, large groups and small, don't secure their networks
properly because the people doing the firewall setup don't have a good
understanding of the specific business needs for security - they take
the easy way out and expose more than needed.

Not one single company we designed the security for has been infected or
impacted by the worm directly. It's about understanding, not about how
fast MS can push out updates.

 

[Fuzzy Logic]

Yes, I know what you were referring to, and my statement stands.

Some users can put up with Automatic Updates, others require testing
before installation, either way, if the network security is properly
setup none of those patches are critical. Keep in mind, I'm not saying
that they are not critical to most systems, only that if you have a
fully protected network, you don't need them until after you've tested.

Not entirely true. Many of these vulnerabilities can be exploited if the
attacker has physical access to the machine.

 

[R. McCarty]

It takes a long time and a proven track record to remove the
impression that patches and updates will BREAK other things.

Service Pack 2's performance toned that down a little. Just
look at how reticent some people are to install Service Pack 2.
Anyone who wants to abide by "If it ain't broke - don't fix it"
should think of it more as "If it ain't updated - it's vulnerable"
That advice is geared more to the home PC user who wants
to be safe but isn't really sure how to go about it. Furthermore
the risk involved with updates/patches can be almost totally
eliminated with the use of frequent images of their systems.

Just today, I sent out a Security bulletin to my customers to
update their Adobe Reader versions. Rarely, does anybody
complain. Most times they appreciate having a resource to
tell them when a "Serious" threat needs their attention. What's
more interesting is that just about everybody on the mailing
list will follow the directions.

 

[Leythos]

Yes I'm serious. Firewalls have bugs too! The original poster is relying
ENTIRELY on his firewall (a software one at that) to protect him. Why not
apply the patches and get the additional level of security? I can understand
waiting a while or doing some testing beforehand but there is no good reason
not to apply critical patches.

I think you will find that there have been many cases where a Patch has
cause a custom application to fail or some cheap hardware device to fail
or where a combination of apps/devices have failed due to service packs
or updates.

Do you remember when Sp2 came out for XP? Many systems ran fine on SP1
and didn't need SP2 to keep working, many things were impacted by SP2
changes, and those same systems running Sp1 were just as safe without
SP2 in a properly secured network.

I'm not advocating not installing SP's and critical updates, but
critical is relative, so consider how updates that are untested could
impact others and not just yourself.

 

[Leythos]

Most times they appreciate having a resource to
tell them when a "Serious" threat needs their attention. What's
more interesting is that just about everybody on the mailing
list will follow the directions.

That's how we do it too - we test, check the updates, then send an
alert to customers and friends, almost everyone follows the
instructions.

 

[Fuzzy Logic]

I think you will find that there have been many cases where a Patch has
cause a custom application to fail or some cheap hardware device to fail
or where a combination of apps/devices have failed due to service packs
or updates.

Do you remember when Sp2 came out for XP? Many systems ran fine on SP1
and didn't need SP2 to keep working, many things were impacted by SP2
changes, and those same systems running Sp1 were just as safe without
SP2 in a properly secured network.

I'm not advocating not installing SP's and critical updates, but
critical is relative, so consider how updates that are untested could
impact others and not just yourself.

As I mentioned in another post on this subject I do user support for over
600 people in a research environment with diverse hardware and software and
haven't had any serious issues with critical patches from Microsoft since
the days of Windows NT.

It is interesting that most issues we have had with Microsoft updates
occurred on laptops with ZoneAlarm. After certain updates ZoneAlarm will not
let lsass.exe or services.exe through (new versions installed as part of the
update). Easy fix is to remove the machine from the network during the
reboot and ZoneAlarm will then ask wether or not to allow these applications
through.

 

[pcbutts1]

It took us well over a year to convince my bosses to allow automatic updates
and this was for MS and antivirus. They wanted to test all updates. In the
mean time all 8000 systems on lab are quickly getting infected and
spreading. Then the customers get mad at us because it takes our techs 2
hours to get there instead of 25 min.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

 

[MAP]

Then the customers get mad at us because it takes our techs 2
hours to get there instead of 25 min.

What Government agency has customers such as this?

 

[pcbutts1]

Nasa for one but all of them. There is no more "in-house" when it comes to
tech support for the government. Everything is outsourced and the ones that
aren't will soon be. So when I say customers I am talking about the
government employees being the customer.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

 

[kurttrail]

Nasa for one but all of them. There is no more "in-house" when it
comes to tech support for the government. Everything is outsourced
and the ones that aren't will soon be. So when I say customers I am
talking about the government employees being the customer.

No wonder NASA is so f*#ked up.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[t.cruise]

I know that many in this group support downloading Windows XP
updates. Personally, I download and install ONLY what is absolutely
necessary, which for me has avoided problems with smooth running
systems. There has been much media attention the past couple of days
about the Zotob worm, I.E., PnP and compromised Windows security. I
know that there is a patch available for download at the Microsoft
web site WindowsXP-KB899588-x86-ENU.exe

But, there has been mass media hysteria in the past about viruses and
worms, none of which have made their way to any of my systems with
broadband internet connections, without my having to download and
install the plethora of security patches at the Windows Update. My
question is, if I have a decent firewall am I already protected, or
do I really need to install this patch?
--

T.C.
t__cruise@[NoSpam]hotmail.com
Remove [NoSpam] to reply

Of course you don't NEED to install the patch. You MAY be safe but on
the other hand the patch is free and a small download so why not
install it?

I'd be curious how you decide what is absolutely necessary? In my books
that would be any patches classified as critical.

It would be for an immediate problem, such as support for hardware,
which was not available prior to the update. Aside from that, when it
comes to security, the Zone Alarm firewall, and safe internet computing
practices have kept my systems clean and running smoothly, without
downloading even one Windows Update for the past couple of years. I
never updated my SP1 systems to SP2, and all is fine with them. I know
the hardware/drivers/Software/Utilities and resources on those systems,
and looked at the risk v. benefit of updating them to SP2. I decided
not to. I realize that the majority of people who updated to SP2 did
not have any problems, but some had major problems during and after the
SP2 update. My SP1 systems are still running fine. I realize that
there are many people who will disagree with my practices and logic.
Working on other people's systems is one thing. But, downloading an
update which does not play nice with one of my configurations is
something that I do not want to waste time fixing, even if the fix only
involves an hour of my time. Or, downloading an update and then needing
to do a System Restore to a time prior to the download of that update,
because of another problem, which would mean downloading the update
again, is something I do not want to have to keep track of, or get
involved with, unless absolutely necessary. --

You do realize that ZoneAlarm has had it's own vulnerabilities? You are
essentially putting all your eggs in one basket and relying entirely on a
software firewall to protect you. You are trading off a possible problem
from an update against a likely nastier problem from a vulnerability being
exploited.

FYI I do support for over 600 people and haven't had an issue with a
critical update from Microsoft since the days of Windows NT. We have very
diverse hardware as I work for a research organization with all sorts of
strange equipment. I have never had to do a system restore due to an
update.

What you are doing defies all common security practices (multiple layers
of defense, properly configured and updated systems.)

FYI: I did install the update, AFTER I was assured that it would not create any problems,
and then recommended it to others. I still believe that Microsoft uses the word
"critical" loosely. I also do not like updates that cause problems, and when one wants to
uninstall them, a dialog box comes up listing a group of applications which might not
function properly if the update is uninstalled. One should be informed BEFORE the install
of the update of that list of applications which might not run correctly if the update is
uninstalled.

 

[MAP]

No wonder NASA is so f*#ked up.

You got that right! two flappin years later and still issues with the foam,
as an aircraft mechanic (AMT) if I worked on these flying machines in the
same way
they would be going down everywhere

 

[MAP]

talking about the government employees being the customer.

Please don't tell me that the Gov. is doing the "self directed team
concept?"

Mike Pawlak

 

[pcbutts1]

The #1 delay in all shuttle missions is that Fuel Cell sensor issue. To this
day they still don't know what causes it, all they do is replace it.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

 

[kurttrail]

The #1 delay in all shuttle missions is that Fuel Cell sensor issue.
To this day they still don't know what causes it, all they do is
replace it.

The next launch being pushed back to next March is mainly due to the
foam issue.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[Fuzzy Logic]

FYI: I did install the update, AFTER I was assured that it would not
create any problems, and then recommended it to others. I still believe
that Microsoft uses the word "critical" loosely. I also do not like
updates that cause problems, and when one wants to uninstall them, a
dialog box comes up listing a group of applications which might not
function properly if the update is uninstalled. One should be informed
BEFORE the install of the update of that list of applications which
might not run correctly if the update is uninstalled.

Nobody likes updates that cause problems. Having said that nobody likes
software with security holes either. Sadly these are both facts of life.
Fortunately Microsoft seems to be getting better at addressing both of these
issues.

As for uninstalling updates the key phrase is 'MIGHT not work'. The worst
thing that could happen would be having to reinstall the application.

 

[Guest]

Zotob: An Avoidable Worm And The Negligence Factor
http://www.securitypipeline.com/169400254?_loopback=1