Jump to content
Sign in to follow this  
volt

Slammer

Recommended Posts

Guest zippy1

We'll have to weather the storm or should I say the worm :o before drawing any conclusions on new site, but right now I'm very slow in here :blink: I'll run some test to see if my speed is up to par ;)

 

somebody needs to go fishing and take that nasty worm with them, just think how big a fish you could catch :D

Share this post


Link to post
Share on other sites

I still can't believe there were that many unpatched windows machines out there,,that patch has be out for months!!

Share this post


Link to post
Share on other sites

Unlike other OS systems like my Red Hat that sends me an e-mail telling me that there's an update to get. M$ put it' on there update site and if ya don't hear or check the site which is what it looks like many servers did, ya miss out on a patch and get caught

Share this post


Link to post
Share on other sites

I understand what your saying Joe,,but it really falls back on the systems admin to see that all patches are installed,,you really can't blame it all on gates and company.

Share this post


Link to post
Share on other sites
Guest zippy1

I agree volt! If you uncheck automatic updates then it's up to you to keep updated ;)

Share this post


Link to post
Share on other sites

That is true but a big as M$ is and you know that they keep track of who's using there software that it wouldn't be that difficult or expensive to send a mass e-mail out. In the terms of expense and difficulty for the size and power of M$. I believe they don't care enough and have the attitude that you bought it, it's our's but were not responsible if you have problems. Not even GM,Ford or Chrysler can get away with that. The goverment mandates that consumers be protected from faulty equiptment, they should do the same for software

Edited by Joe C

Share this post


Link to post
Share on other sites

As a software comsumer I agree,,but lets face it if ford or gm screws up people can die,,its not quite that bad with software,,but I would think an email alert system should not be that much trouble for M$,,even then your going to have folks ignoring those emails. :D v

 

 

 

 

 

Not even GM,Ford or Chrysler can get away with that. The goverment mandates that consumers be protected from faulty equiptment, they should do the same for software

 

 

Share this post


Link to post
Share on other sites

Everybody had plenty of chances to install these patches. Consumers have Windows Update and the AutoUpdate feature has been there since Windows Me to automatically download and even install the patches. For admins and hosting services, Microsoft offers several security checkers including the Baseline Security Analyzer to make sure your system is set up properly as far as patches and user permissions are concerned.

 

People don't use this stuff. There are plenty of reasons. Everyone running illegal copies is afraid to use AutoUpdate for fear they will be discovered. Legal users don't turn on AutoUpdate because they are afraid that installing a patch may break their setup. Some patches require a reboot or at the very least a restart of critical services, and the site may not want to take 5 or 10 minutes of downtime. Companies that need to pay someone for maintenance and patch installation don't want the expense. People who just set something up for fun and learning don't want to apply patches. This isn't a Linux or Windows thing, this is a human nature thing.

 

As far as I can tell, our server was patched for this particular hole; the patch was released in July as I understand it. However, our servers were not that up to date, I was just talking to the hosting service and pointing out that we were at least two months behind on patches. They said their own internal testing had shown some compatibility problems and they were working through the issues with Microsoft. Is that true, or were they just slow in doing updates? I don't know.

Share this post


Link to post
Share on other sites

Maybe you oughtta stop paying them, and tell them that there are some compatibility issues, and you're working through them with your bank...

 

I'm sure they'd buy that story, right? :P

Share this post


Link to post
Share on other sites

Well from all I know,,which ain't much,,if your running a windows server on todays internet you better keep it patched,,and that goes for linux too.

Share this post


Link to post
Share on other sites

AutoUpdate for fear they will be discovered

Thats somewhat true, i turned mine off reguardless, but i dont go unpatched, id prefer to download the criticals myself , so i can save them to disc to boot. Autoupdate on broadband may be ok, but on a slow dialup i dont think so, I would rather hand pick my patches instead of letting Bill upload at will and throw in a cool media player restriction in the background :mrgreen:

 

Oh and the wink smiley is missing.

Share this post


Link to post
Share on other sites

Just to clear something up this worm was not something that most home computers could get. It was only for SQL server and MSDE that was not patched to recent levels. There was no automatic update on this. They didnt even have an installer package until Sunday. (The patch has been out for over 6 months). Administrators had to download the patch and manually move over 25 files out of there current directories and replace them with the new files. They also had to run some stored procedures to complete this.

 

While I agree that administrators should have out this on immediately (we did), I just wanted to correct some inaccuracies being made on this thread. No home computer could have gotten this patch without knowing where it was. There was no 'critical update' for this.

Share this post


Link to post
Share on other sites

True, hftmrock, we are really discussing two different issues there. Home users do have a pretty good way to get updates and even install them automatically. Admins prefer to do it manually in most cases so they can control the downtime, and if you go to the MS Security site they have the bulletins and patches. This patch had been out for months.

Share this post


Link to post
Share on other sites

Hey, Volt :) Can't get your snip URL to work :(

d0nut

Share this post


Link to post
Share on other sites

The live link works, it's just the visible text that it chops so that you won't get a really long and ugly link. If you want to save the link, click it and then copy from the Address bar. I don't know if we can turn off the link shortening feature or not. Probably one of the 270-kazillion options in the control panel.... :blink:

Share this post


Link to post
Share on other sites

I like that feature... :)

 

usually you can right-click on the link and choose 'copy shortcut' , depending on which browser you use ;)

Share this post


Link to post
Share on other sites

Hey, Volt :) Can't get your snip URL to work :(

d0nut

dOnut,,don't wait 4 days to read them :) some of those don't stay long,,Radio got ya covered tho!! :mrgreen: v

Share this post


Link to post
Share on other sites
Guest r49dcr

Anybody interested can download a FREE toolkit to scan and install the proper patches from Ecora Software. The link is:

 

http://www.ecora.com/worm/

 

The toolkit includes Ecora's PatchLite software which is a Microsoft patch analysis program, and Microsoft's re-released patch to close the "Slammer" worm. It's worth a look for the PatchLite software.

 

:woot:

 

Regards,

 

Denver Roberts

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...