Re: Strange servicepack.exe file (not service.exe) found.
From: Doug Foster (fosterd_at_airshow.net)
Date: 12/19/03
- Previous message: David Gillett: "RE: Strange servicepack.exe file (not service.exe) found."
- In reply to: David Gillett: "RE: Strange servicepack.exe file (not service.exe) found."
- Next in thread: dreamwvr_at_dreamwvr.com: "Re: Strange servicepack.exe file (not service.exe) found."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Dec 2003 18:43:42 -0500 To: gillettdavid@fhda.edu
David Gillett wrote:
>>Yep. However, I believe that the argument amongst
>>Windows admins will continue to favor rebuilding will
>>continue for the time being...however unfortunate that
>>may be.
>>
>>
>
> Paradoxically, I find many Linux admins perversely prone
>to trying to do minimal cleanup to a box that is found to
>be compromised, without much effort to discover what *else*
>has been done to the box in its "compromised, but not yet
>detected" state, a period for which records such as local
>logs cannot be trusted. (Did the discovered compromise
>throw open the doors to additional intrusions not yet noticed?
>Was it, in fact, enabled by some prior unnoticed compromise?)
>
>
>
I don't think the issue relates to the OS as much as the lack of
forensics. How can new vulnerabilities, zero-day vulnerabilities, be
discovered if boxes thought to be compromised are not investigated, but
are merely wiped and rebuilt? And if the a zero day vulnerability is
userd but not found out, the corrective cycle of patch/work-around
cannot commence. And if that cycle does not complete, all users of the
same software remain vulnerable.
The trend towards wiping and rebuilding will save money in the short
term for whoever's machine as compromised, but overall it will cost us
all more. We all will suffer more intrusions, with costs piling up for
machine rebuilds, customer notifications, lost sales, and damaged careers.
- Doug
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: David Gillett: "RE: Strange servicepack.exe file (not service.exe) found."
- In reply to: David Gillett: "RE: Strange servicepack.exe file (not service.exe) found."
- Next in thread: dreamwvr_at_dreamwvr.com: "Re: Strange servicepack.exe file (not service.exe) found."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
