Microsoft has said Windows XP SP2 will have the firewall turned on by default, and that they have "considered" reissuing the installation CD's such that a new installation will have the firewall enabled to deal with just this problem. I do not know the current state of the consideration, but to me it seems reasonable that Microsoft should at least make the offer of a new CD (to anyone who has a valid XP license key?) No, many people will not request a new CD, but then many people never apply patches either. I think this is a horse and water problem.
Gary > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Eric Krichbaum > Sent: Monday, May 03, 2004 8:13 PM > To: [EMAIL PROTECTED] > Subject: FW: Worms versus Bots > > > I see times more typically in the 5 - 10 second range to > infection. As > a test, I unprotected a machine this morning on a single T1 to get a > sample. 8 seconds. If you can get in 20 minutes of downloads you're > luckier than most. > > Eric > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of > william(at)elan.net > Sent: Monday, May 03, 2004 11:49 PM > To: Sean Donelan > Cc: Rob Thomas; NANOG > Subject: Re: Worms versus Bots > > > On Mon, 3 May 2004, Sean Donelan wrote: > > > On Mon, 3 May 2004, Rob Thomas wrote: > > > ] Just because a machine has a bot/worm/virus that didn't > come with > > > a ] rootkit, doesn't mean that someone else hasn't had their way > with it. > > > > > > Agreed. > > > > Won't help. What's the first thing people do after > re-installing the > > operating system (still have all the original CDs and keys > and product > > > activation codes and and and)? Connect to the Internet to > download the > > > patches. Time to download patches 60+ minutes. > > Time to infection 5 minutes. > > Its possible its a problem on dialup, but in our ISP office I > setup new > win2000 servers and first thing I do is download all the patches. I've > yet to see the server get infected in the 20-30 minutes it takes to > finish it > (Note: I also disable IIS just in case until everything is > patched..). > > Similarly when settting up computers for several of my relatives (all > have dsl) I've yet to see any infection before all updates are > installed. > > Additional to that many users have dsl router or similar > device and many > such beasts will provide NATed ip block and act like a firewall not > allowing outside servers to actually connect to your home computer. > On this point it would be really interested to see what percentage of > users actually have these routers and if decreasing speed of > infections > by new virus (is there real numbers to show it decreased?) > have anything > to do with this rather then people being more carefull and using > antivirus. > > Another option if you're really afraid of infection is to setup proxy > that only allows access to microsoft ip block that contains windows > update servers > > And of course, there is an even BETTER OPTION then all the > above - STOP > USING WINDOWS and switch to Linux or Free(Mac)BSD ! :) > > > Patches are Microsoft's > > intellectual property and can not be distributed by anyone without > > Microsoft's permission. > I don't think this is quite true. Microsoft makes available > all patches > as indidual .exe files. There are quite many of these updates and its > really a pain to actually get all of them and install updates > manually. > But I've never seen written anywhere that I can not download > these .exe > files and distribute it inside your company or to your > friends as needed > to fix the problems these patches are designed for. > > > The problem with Bots is they aren't always active. That > makes them > > difficult to find until they do something. > As opposed to what, viruses? > Not at all! Many viruses have period wjhen they are active and > afterwards they go into "sleep" mode and will not active until some > other date! > > Additionally bot that does not immediatly become active is good thing > because of you do weekly or monthly audits (any many do it like that) > you may well find it this way and deal with it at your own > time, rather > then all over a sudden being awaken 3am and having to clean > up infected > system. > > -- > William Leibzon > Elan Networks > [EMAIL PROTECTED] > > >