A vulnerability in the BlackICE firewall has allowed the Witty worm to cause considerable damage.
Witty overwrites some hard drive sectors and is therefore extremely dangerous.
Affected are:
BlackICE? Agent for Server 3.6 ebz, ecd, ece, ecf
BlackICE PC Protection 3.6 cbz, ccd, ccf
BlackICE Server Protection 3.6 cbz, ccd, ccf
RealSecure? Network 7.0, XPU 22.4 and 22.10
RealSecure Server Sensor 7.0 XPU 22.4 and 22.10
RealSecure Desktop 7.0 ebf, ebj, ebk, ebl
RealSecure Desktop 3.6 ebz, ecd, ece, ecf
RealSecure Guard 3.6 ebz, ecd, ece, ecf
RealSecure Sentry 3.6 ebz, ecd, ece, ecf
http://securityresponse.symantec.com/avcenter/venc/data/w32.witty.worm.html
http://www.f-secure.com/v-descs/witty.shtml
Discussion on:
View:
Show:
Well, I ONLY said ?vast majority? not all my readers.
AND, possibly of a bit more relevance:
The witty worm hit an estimated 12,000 machines which hadn?t had current maintenance agreements with ISS.
The company?s argument that if you don?t maintain a paid up account you don?t deserve patches looses some of it?s logical force when you realize that it was a flaw in the original ISS software, which was paid for, that failed and allowed Witty access.
http://news.zdnet.co.uk/software/developer/0,39020387,39150016,00.htm
AND, possibly of a bit more relevance:
The witty worm hit an estimated 12,000 machines which hadn?t had current maintenance agreements with ISS.
The company?s argument that if you don?t maintain a paid up account you don?t deserve patches looses some of it?s logical force when you realize that it was a flaw in the original ISS software, which was paid for, that failed and allowed Witty access.
http://news.zdnet.co.uk/software/developer/0,39020387,39150016,00.htm
Tech Locksmith: 'Well, I ONLY said ?vast majority? not all my readers.'
Since I'm the only one who has posted comments thus far, this would appear be an attempt to label me as someone who "will simply flame themselves into a frenzy in the discussion area".
I took issue with the specific items of comparison in the news.com article, and noted that the author neglected to mention areas where Linux is ahead of Windows XP in desktop security. However, I also stated that "many parts of Linux are still unfriendly to a person with little or no technical skill", agreeing with the author's main point.
I fail to see how that constitutes flaming in any sense of the word.
Since I'm the only one who has posted comments thus far, this would appear be an attempt to label me as someone who "will simply flame themselves into a frenzy in the discussion area".
I took issue with the specific items of comparison in the news.com article, and noted that the author neglected to mention areas where Linux is ahead of Windows XP in desktop security. However, I also stated that "many parts of Linux are still unfriendly to a person with little or no technical skill", agreeing with the author's main point.
I fail to see how that constitutes flaming in any sense of the word.
The Witty virus had an unusually nasty side effect beyond just erasing random parts of one of my server's hard drives, these random overwrites caused the web server to go wild and use up a wopping 90 GB of bandwidth in 6 hours! Just little beyond my bandwidth budget by my hosting company RackSpace. I must say that RackSpace was great in assisting restoring the server on a late late Saturday night and no data was lost.
This episode showed that BlackICE Server has a more serious interface flaw. There is a setting with in BlackICE server under Notifications called "Update Notification Enable Checking" but all that does set the interval that you are notified if an update is available. The impression is that the update is performed automatically every x days. It is not! You have to run the BlackICE program to get the notification and then you have to manually run the BlackICE menu item called "Download Software Update" or Download Security Content Update" to actually get the update installed.
So with all this "automation" administrators have to login to the server and run the firewall software to manually see the "Update Notfication" and then manually install the update. Or to get work of the updates you have to be on their email list.
Caveat emptor!
This episode showed that BlackICE Server has a more serious interface flaw. There is a setting with in BlackICE server under Notifications called "Update Notification Enable Checking" but all that does set the interval that you are notified if an update is available. The impression is that the update is performed automatically every x days. It is not! You have to run the BlackICE program to get the notification and then you have to manually run the BlackICE menu item called "Download Software Update" or Download Security Content Update" to actually get the update installed.
So with all this "automation" administrators have to login to the server and run the firewall software to manually see the "Update Notfication" and then manually install the update. Or to get work of the updates you have to be on their email list.
Caveat emptor!
After loud complaints about the fact that these were flaws in the software as originally sold, ISS yesterday decided to make update patches available to unregistered customers until until 15 May, 2004.
The author's comparison of Microsoft's new security features to the few he mentions in Linux is like a comparison of apples to oranges.
The Linux tools the author mentions are generally used to secure networks and servers, whereas the new features in XP SP2 he talks about are for desktop security.
Additionally, the author fails to mention that many major Linux distributions already turn the built-in firewall on by default, whereas XP didn't (SP2 will change this).
That said, the author has a very valid point - many parts of Linux are still unfriendly to a person with little or no technical skill.
This is something of a hindrance to desktop adoption, but the Linux developers must also be careful to not repeat the common mistake of making wizards that get in the way as often as they are useful. This is a problem that is not unique to Microsoft.
The Linux tools the author mentions are generally used to secure networks and servers, whereas the new features in XP SP2 he talks about are for desktop security.
Additionally, the author fails to mention that many major Linux distributions already turn the built-in firewall on by default, whereas XP didn't (SP2 will change this).
That said, the author has a very valid point - many parts of Linux are still unfriendly to a person with little or no technical skill.
This is something of a hindrance to desktop adoption, but the Linux developers must also be careful to not repeat the common mistake of making wizards that get in the way as often as they are useful. This is a problem that is not unique to Microsoft.
After citing the News.com article, the author made this comment:
"As bad as Microsoft service packs can be, they are infinitely easier to deploy across a hundred, or even a thousand, computers than are most major Linux fixes"
Yet the News.com talked about the new features of XP SP2 and what Linux can learn from them, not about keeping Windows/Linux systems updated with the latest fixes.
Update mechanisms are something that will vary greatly by distribution, so the author should have mentioned which Linux distribution he was commenting on.
Also, could the author elaborate on this comment? What tools do Windows admins have that Linux admins don't that makes Windows admins' jobs so much easier?
And if this is the case, why do Windows admins struggle with keeping systems updated more than Linux admins?
"As bad as Microsoft service packs can be, they are infinitely easier to deploy across a hundred, or even a thousand, computers than are most major Linux fixes"
Yet the News.com talked about the new features of XP SP2 and what Linux can learn from them, not about keeping Windows/Linux systems updated with the latest fixes.
Update mechanisms are something that will vary greatly by distribution, so the author should have mentioned which Linux distribution he was commenting on.
Also, could the author elaborate on this comment? What tools do Windows admins have that Linux admins don't that makes Windows admins' jobs so much easier?
And if this is the case, why do Windows admins struggle with keeping systems updated more than Linux admins?
The title and first part of my post constituted excessive (and irrelevant) nit-picking on my part, and for that I apologize.
However, I am still interested in more elaboration from the Tech Locksmith on this statement:
"As bad as Microsoft service packs can be, they are infinitely easier to deploy across a hundred, or even a thousand, computers than are most major Linux fixes"
However, I am still interested in more elaboration from the Tech Locksmith on this statement:
"As bad as Microsoft service packs can be, they are infinitely easier to deploy across a hundred, or even a thousand, computers than are most major Linux fixes"
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
