Re: Want to write a disinfection tool?

From: L. Christopher Paul (lcp@bofh.sh)
Date: 08/06/01 

Message-Id: <5.1.0.14.2.20010805221829.00a0a490@pop.silver-griffin.com>
Date: Sun, 05 Aug 2001 22:24:11 -0400
To: aleph1@securityfocus.com
From: "L. Christopher Paul" <lcp@bofh.sh>
Subject: Re: Want to write a disinfection tool?

One question ... Mighten this lead to a false sense of security?

With the CRv1 or CRv2 I can see this as being appropriate, but with CRII
creating backdoors and then broadcasting the vulnerability, the incidence
of compromises beyond the initial worm infestation is incredibly high.

By automating a 'fix', and not rebuilding the box, there is no guarantee
that the box is safe to be re-connected to the network; only that the worm
is gone and that it can't be re-infected.

If such a tool is built (which isn't all bad), it needs to be shipped with
a big 'ole warning to that effect.

--lcp

At 07:11 PM 8/5/2001 -0600, you wrote:
>Anyone on the list that is a VBScript programmer that wants to write
>a disinfection tool for Code Red II?
>
>The scripts would need to:

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Quantcast