Firewall Wizards mailing list archives
Re: NIMDA, how to stop it
From: Ryan Russell <ryan () securityfocus com>
Date: Sat, 5 Jan 2002 10:02:38 -0700 (MST)
On Fri, 4 Jan 2002, Robin S. Socha wrote:
Let's focus on the problem at hand. Your point is only valid iff that network is running Microsoft products. You will not affect MacOS, $UNIX, OS/2...
That much is obvious. Unfortunately, there are now practically no sizeable networks that don't run Windows. Maybe at Sun or Apple.
Again: iff this admin is using broken software.
Deepnds what you mean by broken software. If you mean Windows in general.. there are plenty of unix worms as well. If you mean the one hole that Nimda uses.. even with that patched, people still click on attachments, make bad choices when their browser asks them to choose, etc.. The only thing special about Windows is that it has most of the market share. If Linux wins, then the majority of worms will be written there. The security model won't make a difference, there are tons of local root exploits. Your average desktop user won't put their patches on no matter what OS they run. It's the diversity (read: running a less popular OS) that makes you safer, not that one is better than another.
Iff you allow your users to download and execute code on their workstations. Why would you? Tax money. Spent. Wrong.
You mean web surfing? Yes, most schools allow that. You can get Nimda by simply visiting a website. If you've got the hole, you get it instantly. If you're patched, then the student has to click on "yes" to be infected.
Desktop AV is the only thing that stops the bulk of the process.Incorrect. If anything, it will stop this _one_ process. It does not eliminate the problem.
The problem under discussion (in my note), was being re-infected by known variants of Nimda. Desktop AV, used properly, eliminates that problem.
hour window is good for millions of mails. Which part of "this is not a solution, it's not even a kluge, it simply *does* *not* *work* - have the vendor fix the software or get rid of the software" do you have difficulty in understanding?
As explained above, what I have difficulty understanding is how changing
software makes one bit of difference.
Ryan
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: The Morris worm to Nimda, how little we've learned o r gained, (continued)
- Re: The Morris worm to Nimda, how little we've learned o r gained Jon O . (Jan 04)
- Re: The Morris worm to Nimda, how little we've learned or gained William bradd (Jan 04)
- NIMDA, how to stop it Alan Young (Jan 04)
- Re: NIMDA, how to stop it R. DuFresne (Jan 04)
- Re: NIMDA, how to stop it Paul D. Robertson (Jan 04)
- Re: NIMDA, how to stop it Robin S. Socha (Jan 05)
- Re: NIMDA, how to stop it Christopher Lee (Jan 05)
- Re: NIMDA, how to stop it Robin S. Socha (Jan 04)
- Re: NIMDA, how to stop it Ryan Russell (Jan 04)
- Re: NIMDA, how to stop it Robin S. Socha (Jan 05)
- Re: NIMDA, how to stop it Ryan Russell (Jan 06)
- Re: NIMDA, how to stop it Robin S. Socha (Jan 06)
- Re: NIMDA, how to stop it Ryan Russell (Jan 07)
- Re: NIMDA, how to stop it R. DuFresne (Jan 04)