question...

[valiskeogh.livejournal.com]

am i the ONLY one here who is sitting back, sipping my fifth cup of coffee, and laughing quietly as i read report after report and release after release of the new win2k worms running (apparently, although i doubt it's so) rampant?

Am i the ONLY one sitting on a home Lan of 6 win2000 computers and one win2003 server that were all FULLY PATCHED the DAY the patch came out a couple of weeks ago and thinking that the actual fault of these infections lies purely with the sysadmins and other such people that did NOT patch their win2k computers immediately or as soon as possible, given the increasingly small window of time between an vulnerability and an exploit?

news flash to customers, patch your damned machines, cause you aren't going to get any sympathy from ME when you get hit by an exploit that was patched weeks earlier.

Valis

Comments

[natertots.livejournal.com]

see... I used to have the EXACT same attitude, but now that I work for a hospital, where we deal with all these myriad software vendors whose products may or may not break when we do any patch, we have to do testing on any new update that comes out... and if it causes any problem, get updates to the software from the vendor, etc.... before we can even think about throwing it on servers.

It sucks. :(

[eightofspades.livejournal.com]

It's not always the sysadmin's fault. It's often the policies tied with the whole drawn-out process of QAing every single update. Unfortunately few places allow for the need to patch clients sooner than servers.

That being said, I agree wholeheartedly with the fact that most in this field don't realize how small that window has become. I hope this was a wake-up call to those organizations.

Incidentally, said worms really aren't having *that* big of an impact. Just just hit a few major organizations - nothing nearly of last years scales.

[valiskeogh.livejournal.com]

yeah, i think the real reason this is getting so much press is because it seems most of the NEWS ORGANIZATIONS computers are the ones being hit, lol

and yes, that window is getting DAMNED small!!

[aylinn.livejournal.com]

ah, but you ALSO have what happened to my husband - where the IT guy who was supposed to patch the vulnerability declined to send the patch IN TIME. he didn't think it was that crucial.

*sigh*

Hmmm

[pacificwolf.livejournal.com]

"thinking that the actual fault of these infections lies purely with the sysadmins and other such people that did NOT patch their win2k computers"

Fault? Well, yeah, I guess you could blame them for that, but its unlikely that the sysadmins chose the wide-open system in the first place, so, fair's fair yeah they shoulda been patched sooner, but lets be sure to provide a balance there; the systems should not need patching to begin with, and ironically its most often non-technical people who choose which systems are to be implemented, we just deal with the fall-out after the fact ... :-/

[jecook]

Even though I'm in your position (sitting back and laughing, cause the systems under my care either updated themselves, or were forcibly updated), I'm taking the other side, for the reasons stated above.

There is a large amount of surprisingly fiddly software that breaks unless you use a certain version of certain DLLs, and if patches to fix services actually break software because they've been written to either use the hole that was patch in a benovlent way or because some ofther fiddly bit got changed.

Since

[irishmasms.livejournal.com]

especially since the Internet Storm Center has been talking about this since last thursday/friday!

Re: Since

[coyoteden.livejournal.com]

With blaster there were months to patch and no excuses. One thing SANS-ISC did mention was that there is NO PATCH WINDOW for these worms. They were as 0-day as it gets, out the day the patches showed up. Some joker tossed the PnP exploit into good old Rbot and turned it loose.

Large organizations have to approve patches after making sure they don't break anything, and there was simply no time to do it. What is a sysadmin to do: risk downtime from unscheduled emergency patching, risk downtime from getting infected, or risk downtime from a patch blowing up production systems?

Damned if you do and damned if you don't, but from the things I've seen personally, getting infected is a deeper level of hell than the other two alternatives.

[ohhjuliet.livejournal.com]

I haven't used either of my pc's in week, including security updates, since I'm in teh middle of moving. I've been doing all my computer stuff from a mac laptop. I'm so doomed once I turn them back on... eep!

not really a problem....

[goose-entity.livejournal.com]

you can manually download the patches to your MacIntoy and burn them to CD, then install them onto your LoseDows machines without attaching them to tha intarweb....

:)

[residentgeek.livejournal.com]

It's really easy to patch all your machines when you've got absolute control over when you have access to them and what programs get installed. When you've got two labs full of computers, one of which is open to the public with an uncooperative lab manager, well... let's just say I'm not done yet. But when his lab gets nailed, I'm going to be sitting back and laughing, and telling him he should have let me in there to patch them sooner. Or done it himself like I've asked him to.

I just sent my second email of the week telling people that if their machine wasn't up to date and got hit by the virus, I was going to wipe their entire hard drive and start over. After that, I suddenly got half my users calling me up to make sure they were properly patched. Guess that finally got their attention.

[valiskeogh.livejournal.com]

EXACTLY, just how long does it take to open IE, click on toos, and windows update???

[residentgeek.livejournal.com]

On the user machines (not in the labs), it's actually set to automatically download the updates and notify them to install them. So all they have to do is click on the icon in the system tray and tell it to install. Getting them to actually do that takes way more energy than it should.

The reason my labs aren't completely updated (the student one is, the public one isn't) is because it's the start of a new semester and I've been trying to get the student lab software installed on every machine, and patching while I go along. Every time I think I'm done, I find out I have to go back to every single machine and update something else. So I just haven't had the time to hit the public lab yet. Besides the fact that the lab manager gives me grief and only lets me come in during certain times. But it'll end up being his problem when he has to shut the entire lab down to let me clean it.

[ace-brickman.livejournal.com]

My lab wasn't updated until 3AM Monday morning. However, they're all XP.. Also, I think it got snuffed by the big firewall/DMZ machines before it got to my lab.

HFNetChk is a wonderful thing

[residentgeek.livejournal.com]

One lab is XP, the other is 2000 until I can get it converted over (maybe next month).

The network engineers here seem to have a pretty good grasp on keeping the firewall in good order. That saves us from quite a bit of stuff for sure.

[loosechanj.livejournal.com]

Of course some of us are laughing at all of you. ;-)

[tjernobyl.livejournal.com]

Every time I hear about one of these worms, I just feel lighter and lighter. As my knowledge of Windows administration slowly erodes, I look back to the days of hurrying to Microsoft's site and laugh. Sure, with Linux I have to keep track of the version and security status of like a million packages, but of worms I am finally free...

[jon787.livejournal.com]

Actually depending on your distro and how many out of tree packages you install, thats not as hard as it sounds at first. Personally I think running the stable branch of Debian beats all here, but the Linux labs at my college run various releases of Red Hat or Fedora depending on when they were last imaged.

[tjernobyl.livejournal.com]

I've been running unstable (or worse yet, knoppix) long enough to fear the consequences of a careless apt-get upgrade :) If I was doing things the way I should, it would be simple, but my desktop machines are always pretty much a mess.