Re: EEYE: RealSecure/BlackICE Server Problems/Witty

From: Marcio Vieira (vieira_at_CSTL.SEMO.EDU)
Date: 03/30/04

  • Next message: Anderson, Kelly: "Re: Interesting Exchange 2000/2003 problem" 
    Date:         Tue, 30 Mar 2004 11:15:41 -0600
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Travis Dennis wrote:
    > Actually ISS has offered to unlock my out of service BlackICE
    > products and allow the expired installs to update to the
    > latest version which of course, takes care of the
    > vulnerability. All I had to do was ask.
    > Please see the e-mail response form BlackICE support. I
    > deleted the support techs name but nothing else

    You are lucky. My story is a very different and frustrating one: I sent
    them an email and never got a reply. Then I called ISS on the Sunday after
    the Witty worm started spreading and talked to a rep (name withheld) for
    about 30 minutes. He put me on hold a couple of times to talk to someone
    else (a manager?) about my case. The final answer was "sorry, there's
    nothing we can do!"

    The worst part is this: I had already ordered license upgrades for our
    machines at the end of February, but my order had not been processed yet--I
    had used a PO (purchase order) to pay for it, and apparently it takes a
    month for ISS to process POs. I gave him the order number and I offered to
    fax him a copy of the PO--all I was asking was that my current expired
    licenses were extended for one day so I could apply the upgrade and be free
    of the worm and go home. The answer was "sorry, I can't do that."

    So I was puzzled when I read your message and the copy of the email you got
    from their tech support. Should I have called again later to get a
    different rep/manager and maybe get my problem fixed???

    Anyway, I was told to disable BlackICE immediately and contact their sales
    department the next day to get the order problem resolved. By then I was
    angry with ISS for many reasons, especially for charging for a security
    patch, and decided to remove BlackICE from all machines here--servers and
    desktops. We're since using Windows' built-in IPsec to block ports on the
    machines that previously had BlackICE. And the PO was cancelled, of course.

    Marcio Vieira
    Southeast Missouri State University

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you''ll have to copy their email address out of the message and place it in your TO: field.
    -----

  • Next message: Anderson, Kelly: "Re: Interesting Exchange 2000/2003 problem"

    Relevant Pages