RE: MS MSRT

["Todd Towles" <toddtowles () brookshires com>]

DrSolly wrote: 
> Should they have released it if the infection rate was just a 
> few thousand?

If it was ready to be released, why not? The MSRT is really geard toward
the clueless public, IMHO. They don't know if it is release yesterday,
today or on Black Tuesday. But they do know if they data is gone. As you
said, most corporates don't use auto updates and therefore any non-patch
release shouldn't make much of a wave at all.

> It's always a judgement call whether to do an extra release, 
> because it will put some people to a certain amount of 
> trouble (I'm guessing that corporates won't let patches 
> auto-install, but would want to test that they don't break 
> something imortant before rolling them out). You might do an 
> extra release if there's strong evidence of a widespread 
> problem. But in this case, there wasn't strong evidence - am 
> I right in thinking that all the AV companies rate this as a 
> minor threat, and it's only the Blackworm Task Force that is 
> the driving force behind the publicity?

I know OneCare called it "moderate"...the spread isn't very big but the
damage threat is pretty big. I wouldn't release the MSRT either if a new
worm was released that just opened notepad and was spread to one million
people..but Blackworm can do real damage. Destructive payload appear to
be more rare as well.

-Todd

 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.