Date: Tue, 04 May 2004 11:30:59 -0300
From: Dexter J <lamealameadingdongnospamlamelame.org>
Subject: Re: OT- Heads Up - Sasser plug


Salutations: On 4 May 2004 12:01:03 GMT, Dave Hinz <davehinznospamcop.net> wrote: > On Tue, 04 May 2004 03:57:10 -0300, Dexter J > <lamealameadingdongnospamlamelame.org> wrote: >> Salutations: >> >> A:) Confirm you are not infected using the start menu function 'run' to >> execute the command 'regedit'. Once your registry editor opens use Edit >> > >> Find and search for 'avserve2.exe' across the complete registry file. > > Hmm, tried this on my servers and ... nothing. Maybe this is > yet _another_ virus that isn't compatible with Mac, Linux, or Solaris? > > Darn...we never get _any_ of this fun. I'll wander over by the Widoze > guys > later today & see how they're doing. Seriously, though, good links & > info. > Is it still accurate that the patch from April would have kept someone > from getting it? Keep 'em patched, folks, and backup your data. > > Dave Hinz Well brother Hinz, it is as it turns out a bit more of a challenge to keep Windows running than most domestic Server Platforms - but I just love that swishy interior.. :) .. Yeah, the patch noted from April 12th is indeed still current (the update of the 28th hasn't changed patch size). However it still doesn't lock down port 445 functions - it appears to simply apply some bondo to NTOSKRNL.EXE. Like Blaster/MyDoom on port 135 before it - it's really more the fact that yet another TCP UDP port is/was shipped open in the interest of attempting to make networking 'easy' for most people. And as noted in the OP - shutting them down is not without it's consequences. Here is a very interesting link regarding SMB this from Aug 2002. http://www.corest.com/common/showdoc.php?idx=262&idxseccion=10 Don't get me wrong - I think that if MicroSoft were a automobile company - they would have been sued out of business years ago (I'm a one time OS/390 man myself). However, as you well know, Windows mostly gets exploited and reported as exploited so popularly in the public press is because most wetware don't know enough to be alarmed by the Linux/Unix exploits out there. It's what makes my Windows 2000 thin server prototype project so professionally interesting here at the end of the day actually. Three years and no fatal flatlines yet despite the shower of bastards trying to kill it off. That said - I think even you will agree that if Linux were treated to the same lack of maintenance and popularly installed with same a lack of understanding as to the implications of operating a NIC - it would be equally hazardous and perhaps even more so given the substantially greater network power built into Linux/Unix operating systems. I haven't been able cost justify a Mac infrastructure personally - I have a NG SAAB to maintain - but I must say that it's current operating system is pretty interesting. Anyway - thought I'd better kick it out there in case any of the droids are interested. -- J Dexter - webmaster - http://www.dexterdyne.org/ all tunes - no cookies no subscription no weather no ads no news no phone in - RealAudio 8+ Required - all the Time Radio Free Dexterdyne Top Tune o'be-do-da-day Joe Cocker - Bird on a Wire http://www.dexterdyne.org/888/060.RAM

Return to Main Index

The content on this site may not be republished without permission. Copyright © 1988-2019 - The Saab Network - saabnet.com.
For usage guidelines, see the Saabnet.com Mission and Purpose Page.
[Contact | Site Map | Saabnet.com on Facebook | Saabnet.com on Twitter | Shop Amazon via TSN | Site Donations]