RE: Strange servicepack.exe file (not service.exe) found.

From: David Gillett (gillettdavid_at_fhda.edu)
Date: 12/18/03

  • Next message: Doug Foster: "Re: Strange servicepack.exe file (not service.exe) found." 
    To: <incidents@securityfocus.com>
Date: Thu, 18 Dec 2003 08:35:35 -0800

    > Yep. However, I believe that the argument amongst
    > Windows admins will continue to favor rebuilding will
    > continue for the time being...however unfortunate that
    > may be.

      Paradoxically, I find many Linux admins perversely prone
    to trying to do minimal cleanup to a box that is found to
    be compromised, without much effort to discover what *else*
    has been done to the box in its "compromised, but not yet
    detected" state, a period for which records such as local
    logs cannot be trusted. (Did the discovered compromise
    throw open the doors to additional intrusions not yet noticed?
    Was it, in fact, enabled by some prior unnoticed compromise?)

      I believe the argument on the Windows side is that it's
    more prudent to return a box to a "known clean" state than to
    an "unknown, but no currently known compromises" state.

    David Gillett

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Doug Foster: "Re: Strange servicepack.exe file (not service.exe) found."