Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is this my week to babysit the idiots... 3

Status
Not open for further replies.
Kjonnnn

Kjonnnn

IS-IT--Management
Jul 14, 2000
1,145
US
I've been going around this week, making sure everyone virus software has the latest updates (even though I have them set to check everyday. I've had people disable the software.)

And, on some of the newer machines, I have windows download the security patches from MS and wait for the users install them. I've also been going around making sure that the users have installed those patches before the 16th. Would believe I had 3 users blow it off, saying they don't trust MS so they NEVER do the updates?

Guess who's gonna be set on auto.
 
Sort by date Sort by votes
Same thing here. I'm Glad I switched to corporate av and locked it down so they cant disable it. But, I still had to go around and update the vulnerable computers. I used eeye's free scanner to find the vulnerable pc's so that made things easier.
 
Upvote 0 Downvote
No we haven't. Trying to make sure we don't. Necessary ports are closed.
 
Upvote 0 Downvote
I can see the logic in not installing Win32 updates immediately.

I generally wait for Mi¢ro$oft to make available the patch to the patch to the patch to the patch, then watch BugTraq and othe mail lists for gripes. This way I can let others be the guinea pigs before I install the patch4. I've found that this policy helps me mitigate the worst effects of the Law of Unintended Mi¢ro$oft Consequences.

Not installing the pathes at all? I agree this is unwise. But I find myself in a quandary as to whether to trust a patchn (where n < 4).


Kjonnnn:
The real problem with Blaster/LoveSan is that it can also be spread by email. One of your users can allow the worm to infect his machine by executing the attachement of an infected email, then the worm's further spread takes place inside your firewall across other workstations' ports 135.

And, of course, there are now variants running around. Is it just me, or are these variants the moral equivalent of posting &quot;Me Too!&quot; messages on IRC?

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
Patching certainly is a problem... it seems like we used to have more before &quot;needing&quot; to patch an exploit before someone came along with some type of virus which utilized the exploit... that time frame we had to patch before becoming &quot;vulnerable&quot; continues to diminish. I don't see a way around this though. The only secure OS is no OS.


On another note... this worm can be spread via e-mail? I was unaware of this, and all of the reports either don't mention this or say it doesn't have that ability. Could you provide a link?

The worm doesn't actually infect any files that I'm aware of, so I don't see it &quot;piggy backing&quot; on a file that is infected by another worm which can mass mail.

I think the biggest risk is not running a properly utilized firewall (i.e. blocking everything incoming that you don't need to have incoming) and not having an anti-virus solution in place on the off chance someone brings it into the network from another source (i.e. remote users).

--
Jonathan
 
Upvote 0 Downvote
Upvote 0 Downvote
Read about the RPC vulnerability at the end of July and spent the next couple of weeks emailing and telephoning my clientele, relatives and various friends to download the M$ patch and ensure their firewalls were functioning correctly.

sleipnir214,
Got a telephone call from one client informing me he was infected with MSBlaster.
Asked him why he did not downloaded the patch, had emailed him the link to it.
Answer: He forgot!!

Your firewall should have alerted you.
Answer: Turned it off.

Why?
Answer: Don't know.

What can you say to people like that?
It cost him for my time plus his PC downtime.
Still find it difficult to believe he ignored my urgent advice, having stressed the importance of the patch and firewall protection.

You live and learn.




Ted

&quot;The difference between a misfortune and a calamity is this: If Gladstone fell into the Thames, it would be a misfortune. But if someone dragged him out again, that would be a calamity.&quot;
Benjamin Disraeli.
 
Upvote 0 Downvote
greyted:
The American science fiction author Robert Heinlein once wrote, &quot;Never underestimate the power of human stupidity.&quot;

Back when I did a lot of client support on networks and desktops, I was [in]famous for scheduling last those clients who were in a bind because of their own stupidity. I figured there's no point in rewarding failure.


Kjonnnn:
Sorry about the Blaster/email comment. I had Blaster and another one confused. With these Win32 virii, it gets hard to tell the players without a program.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
Kjonnnn,

two comments:

(1) I cannot use my work computer effectively between 1-15pm and 2-30pm. If a virus maliciously reduced my computer to 10% of its normal working speed for over an hour in each working day, I'd be upset. But it's the virus scanner that's doing it, and the IT people quite reasonably have it set up so there's nothing we can do to stop it. Also it seems to me that many viruses cause their worst effects in the first 24-48 hours, before the scanner picks them up, anyway. Sometimes the cure can be nearly as bad as the disease...

(2) You are right to be upset at people distrusting microsoft patches. I mean, for goodness sake, they're using a microsoft operating system, and if microsoft were really untrustworthy, they could have written anything in it. But a friend of mine with a brand new computer complains it arrived with windows installed, but still wanted to download about 20 patches. Two hours later it was 5% complete and he gave up, worried about his telephone bill. If I buy a washing machine, I don't expect to have to download a new door at my own expense.
 
Upvote 0 Downvote
I don't really want to post this as its off point from the first post but hey...


Can I just ask you something? What would you like to MS to do? The patches can't really be much smaller, its not ethical for MS just to not release patches, and its not economical to update the worlds most popular OS everytime there is a secuirty hole in it.

As for your mate: Every heard of a Service Pack? Give MS a call (I think its an 0800 number as well) and ask for them to send a service pack out. I formatted a laptop (using it now!) and re-installed Win2k Pro. I had the free MS Service Pack 4 CD in my hand and popped it on after I reinstalled the OS. I then went on to the MS site for any new updates since SP4 and on a 56k Line it took me 14 mins.

Lay off MS. If you don't like 'em don't use 'em.
 
Upvote 0 Downvote
Stevehewitt:
What I want from Mi&cent;ro$oft is very simple. I want them to do what every other software distributor, hardware manufacturer and hard good manufacturer does: periodically re-engineer the distribution to have the patches and configuration updates preinstalled. It's their fault the patches are necessary, after all -- why should the onus of installing necessary updates fall on the consumer?

IBM, Apple and Sun don't sell the same OS for multiple years without updates of the distribution. Neither do RedHat, Debian, SuSE, or Mandrake. All of them are constantly updating their products before handing those products over to the consumer.

Adaptec is constantly updating their hardware, firmware, and drivers. The same is true for every other hardware manufacturer.

None of GM, Ford, Daimler-Chrysler, BMW, and Honda expect a customer to buy a 2004 model-year car and take the car back to the dealership to get all the necesary parts updated from the 2003 model -- they sell the 2004 model with all the bug-fixes already installed.


So why can't Mi&cent;ro$oft update their Windows 2000 CDs from time-to-time?

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
Well there are 4 replies to this that I can post:

1. Like I said, its not economical. The last time I heard (few months ago now) the rough figure for Windows on Clients was around the 80% + mark (please correct me if somone has a more up to date figure). Its just not possible to do it without incuring additional costs.

2. Personally, I don't go about and spend an £200 on an OS every 6 months, I wait until the next release. I would imagine that the bulk of people purchase Windows in the first 6 months or so of it being released. Open Source software is mainly free, so its nothing for you to get your latest OS - Windows isn't, therefore even if MS did update Windows after a new hole is discovered in it - you would have to purchase the product again!!! - I would rather get the same old version knowing that I have the very latest Service Pack and patches avaliable online. And if you purchase OEM then there is a good chance of it having the latest SP on it!

3. Um, since when did 12 year olds with too much time on their hands who spend hours looking for holes in software used internationally become innocent. Don't give me the Linux is bulletproof crap against this either, I have heard on TT of security holes in Linux. (Not many I admit) As Windows is used a lot more that Linux in total then expect hackers and crackers to spend more time and resources looking at breaking Windows, not Linux - so its hardly fair to say that its Microsoft's fault that it needs updating. I can't think of a OS that is completly secure. There is no such thing.

4. MS have made it so easy to update your PC I can't believe that we are having this conversation! Click Start - Windows Update - Scan - Download. 4 Clicks!!! A call to MS will get you your Service Pack for Free if you haven't got the bandwidth or pay per min online.

Steve.
 
Upvote 0 Downvote
I understand fully that Mi&cent;ro$oft will incur a cost to do this. I fully expect it -- after all, every other vendor of software in the world does when they update their software, why wouldn't Mi&cent;ro$oft? But what does this have to do with Mi&cent;ro$oft's obligation to patch their own software distributions?

What does the number of people finding bugs in a piece of software have to do with the vendor's obligation to distribute that software with major bugfixes preinstalled?

What does the ease of updating have to do with the obligation of a vendor to provide a product with major bugfixes installed? Anyway, there have been confirmed cases of major worm investations hitting newly-installed machines during the 25-minute window it took to download the bugfix. Hackers are writing worms which will launch distributed denial of service attacks against the very internet site from which you have to download the updates.

I am not expecting to purchase a new copy of the software when a major bug-fix is released. I think it's perfectly reasonable for me to update my currently-owned version of Windows XP. It is not reasonable, however for me to have to waste my time and money six months from now fixing a newly-purchased piece of software that the vendor admits cannot be safely depended on without the required updates. It is the vendor's responsibility to fix its software, particularly when the vendor, itself, categorizes these fixes as &quot;Critical Updates&quot;.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
But Windows (IMHO) is the most popular OS in the world. (Not popular 'liked' but most used!:)) MS is a business. It would be a HUGE cost to them to ensure that their software is up to date - its just not economical on the basis that Windows is so widely used.

MS have made it so easy to update Windows anyway. Many OEM suppliers included the latest SP anyway, you can phone up and get it on CD, and 4 clicks to download it from their site. (Not to mention the Automatic Updates).

Its just not good business sense.
 
Upvote 0 Downvote
(1) Hang on, so the argument is, that because a manufacturer has a large customer base, they can't afford to provide a safe product....??? That's the wrong way round. Software selling to very small numbers of customers is often buggy because it's not economic to get it right, and there aren't enough individuals testing it. It ought to be more economically viable to get software selling to lots of people right.

(2) Very often the security weaknesses in things like Windows XP are in features that many of us don't actually want to use. For instance, I am quite happy with text-only e-mails, perhaps with attachments that I have to save to disk and open with an appropriate program (my choice if I decide to run an executable), and no code from elsewhere to operate on my system under any circumstances without my deliberately pressing the &quot;Go!&quot; key. No word macros, no excel macros, no java applets. I could live that way very happily...

Can we have a domestic windows where we choose the bits we want, please?
 
Upvote 0 Downvote
No, thats not my argument. MS provide a superb service for patches and updates online, and also on CD if you request - for free.

But as there are few sales of the boxed Windows software after the first Service Pack is release it simply doesn't mask sense for MS do remove all old copies and replace them with a patched version when you can get it all online anyway, or if you purchase OEM(which many home users do) then the latest SP is often included. Corporate users get the latest SP on their licence agreement, so as its such a low selling product for the boxed version of Windows it wouldn't make much sense as there are so many holes and bugs exploted.

And as for the features you mentioned: They are office based - which only normally have 1 or maybe 2 service packs ever. The features that you are talking about can be turned off!!!
 
Upvote 0 Downvote
So why can't Mi¢ro$oft update their Windows 2000 CDs from time-to-time?
The simple answer is that they do in a number of ways. Steve has listed most of them. Win2k CD's are manufactured with the latest SP. OEM's provide the latest SP. Windows update provides the latest SP as an easy download or free CD. Unfortunately they have not taken up the practice of coming to your office and installing for you as of yet.
 
Upvote 0 Downvote
Steve and wbg34,

You make some good points, but for UK (and other non-US) users things aren't quite so simple. The free CD version cannot be ordered on line. The UK support telephone number is not free, and is not easy to find on the UK microsoft site (for instance, the link from ordering windows XP service pack 1 to &quot;your local subsidiary&quot; is broken). I agree it can be done, but I'm sure it could be made more efficient. For instance, I cannot understand why service packs aren't included in the package for new computers. It's in everyone's interest.

 
Upvote 0 Downvote
It is not sufficient that service packs be bundled with the software. The patches should be preinstalled into the OS.

I am not expecting Mi&cent;ro$oft to recall all copies of a product that are sitting on the shelves. But boxes of software don't sit on the shelves forever. Sooner or later Mi&cent;ro$oft has to order published more copies of the CD. At that time, it is Mi&cent;ro$oft's responsibility to update the distribution. Not just write a new directory with the service packs, but reengineer the distribution code.

IBM, Apple, and Sun can accomplish this simple feat. Mi&cent;ro$oft hasn't since it quit publishing MS-DOS as a separate product.


Nor it is enough for Mi&cent;ro$oft to force OEMs to fix their code either. The responsibility is Mi&cent;ro$oft's.

Chevrolet doesn't build cars with all the updated parts in the trunk for the dealerships to install. Chevrolet builds cars with known bad parts fixed at the factory. And it is counterintuitive in the extreme to think that rewriting a CD is more costly than re-engineering a vehicle assembly line or a parts supply chain.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote

Kjonnnn

I think you are looking at all this from the wrong perspective.

Seriously, I deal with end users everyday of my life and the one key thing that you really need to remember in order to keep your blood pressure down and your mind sane is this:

dumb people = job security

If everyone were as bright as most of we, the IT professionals, there would be no need for us to have a job and we'd be down at Wendy's flipping burgers. [bigsmile]

Just something to consider next time you feel down and out from dumb things that users do... [ponder]

Cheers! [2thumbsup]

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mountainbear
  • Locked
  • Question
Tech tools
Replies
0
Views
2K
Mountainbear
Mountainbear
audaxviator
  • Locked
  • Question
Is Microsoft burrying CIL/MSIL?
Replies
2
Views
807
audaxviator
audaxviator
jimbojimbo
  • Locked
  • Question
Did Microsoft Threaten to disrupt the Internet?
Replies
0
Views
551
jimbojimbo
jimbojimbo
johnherman
  • Locked
  • Question
Is Privacy Dead? 2
Replies
0
Views
354
johnherman
johnherman
jimbojimbo
  • Locked
  • Question
Why is Windows 10 Free 3
2
Replies
25
Views
709
johnherman
johnherman

Part and Inventory Search

Sponsor

Back
Top