Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)

["Stanley G. Bubrouski" <stan () ccs neu edu>]

On Wed, 5 Sep 2001, Emre Yildirim wrote:

> .MetsyS. wrote:
>
>
> > 1. Code red machines are screaming YOU CAN OWN ME.
> > 2. Passive infection reduces bandwidth.
> > 3. Worm should be open source.
> > 4. Worm should send a message to admin.
> > 5. I would format and re-install my O/S anyway, seeings as anyone could
> > have added more sneaky things to it.
> > 6. The box can be owned by anyone and have anything done to it, personally
> > i'd be thankfull if a worm came and stopped my info leaking onto the net.
>
>
> Okay I may be wrong on this, but I read somewhere that the FBI is 
> actually trying to contact the owners of 6000 computers to inform them 
> that they have been infected.  Wouldn't this kind of "good worm" screw 
> that up?  And I can't believe after all this media hype and after all 

Yes.  And it also messes up people who's PC's are setup to use things like
Tivoli with addons that track whether a patch from an automated system was
instlled correctly.  If such things fail because a patch is already
present then a false alarm may be triggered and the person may have to
send the pc back to their company to have it examined so it won't be a
security threat even though it has already been patched.

> these advisories and discussions, that there are still some people out 
> there that aren't aware that their system is infected.  But I'm sure it 

People who install Windows 2000 themselves and some computer vendors end
up with IIS enabled by default on their machines and many have no
knowledge of what a server is nevermind turnign it off or looking on
technet for patches.  You have to remember the vast majority of people
using computers have no little knowledge of what is running on their
system other than what they see on the task.  I've been in the position of
having to track these people down, and if you ask them, they will tell you
"what webserver?  How can my laptop be running a webserver I don't even
know how to use one?"

People aren't stupid they just don't know what they have or that they are
infected.  People who don't deal with installing their own software or are
involved in configuring PCs often don't read articles on things like that,
if they did things like SirCam would also have little of propogating.

> will get better...even NT admins run windozeupdate from time to time, 
> which I heard patches the bug.  Just my $0.02 :-D

Windowsupdate unfortunately doesn't have all the security updates and
therefore unless someone looks at technet they may miss an important
patch.  Awareness is the answer, unfortunately not everyone is aware of
that :-P


> -- 
> Emre Yildirim <emre () asper org>
> GPG KeyID 0xF9E4A1D1 (keyserver.pgp.com)

Regards,

Stan

--
Stan Bubrouski                                       stan () ccs neu edu
23 Westmoreland Road, Hingham, MA 02043        Cell:   (617) 835-3284