funsec mailing list archives

RE: MS MSRT

From: Gregory Hicks <ghicks () cadence com>
Date: Fri, 3 Feb 2006 08:27:28 -0800 (PST)

Date: Fri, 3 Feb 2006 14:52:35 +0000 (GMT)
From: Drsolly <drsollyp () drsolly com>
To: Todd Towles <toddtowles () brookshires com>
Subject: RE: [funsec] MS MSRT
Cc: funsec () linuxbox org

On Fri, 3 Feb 2006, Todd Towles wrote:

They released the MS MSRT early during the Zotob worm, why not now? 

I agree that the MSRT isn't suppose to replace AV and it isn't really
MS's job to remove malware from my computer. But why not release it
early if it were already created and ready? Or if you could get it out
without a couple of days without a "huge" effort?

Would they have released it if the infection rate was up to 600,000 or 1
million?

 
Should they have released it if the infection rate was just a few 
thousand?

It's always a judgement call whether to do an extra release, because it 
will put some people to a certain amount of trouble (I'm guessing that 
corporates won't let patches auto-install, but would want to test that 
they don't break something imortant before rolling them out). You might do 
an extra release if there's strong evidence of a widespread problem. But 
in this case, there wasn't strong evidence - am I right in thinking that 
all the AV companies rate this as a minor threat, and it's only the 
Blackworm Task Force that is the driving force behind the publicity?


Of course, it just *might* be that the efforts of the Blackworm Task
Force are the reason that this outbreak is so... constrained.

-------------------------------------------------------------------

I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

"A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

RE: MS MSRT Todd Towles (Feb 03)
- RE: MS MSRT Drsolly (Feb 03)
- <Possible follow-ups>
- RE: MS MSRT Todd Towles (Feb 03)
  - RE: MS MSRT Randy Abrams (Feb 03)
- RE: MS MSRT Todd Towles (Feb 03)
- RE: MS MSRT Gregory Hicks (Feb 03)