Re: ** READ THIS BEFORE POSTING - answers to frequently asked question

From: Jeff Cochran (jeff.nospam_at_zina.com)
Date: 08/31/04 

Date: Tue, 31 Aug 2004 14:05:21 GMT

On Mon, 30 Aug 2004 14:15:11 -0700, modboy
<modboy@discussions.microsoft.com> wrote:

>With all that content, it is much eaiser to re-post and wait for a reply

Except that Googling the groups may find someone the answer much
quicker...

Jeff

>:)
>
>"Karl Levinson [x y] mvp" wrote:
>
>> Before you post a question to a Microsoft.public.*.security newsgroup, note
>> that your question may already be answered below:
>>
>> Answers to Top Frequently Asked Questions:
>> http://securityadmin.info
>>
>> I'm getting an LSASS error message, and/or I have the Sasser virus.
>> 1) Run anti-virus that is configured to download the latest updates every
>> week or even every day. www.grisoft.com is free anti-virus.
>> 2) You also need to install all the patches for your system software from
>> http://windowsupdate.microsoft.com, starting with the MS04-011 patch.
>> Microsoft generally releases security patches on the second Tuesday of more
>> or less every month. [Theh MS04-011 patch is also available here:
>> http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
>> .... though you still want to visit the Windows Update site to get all
>> patches.]
>> 3) Once you're infected, you may need to download and run a free Sasser
>> virus removal tool such as the Stinger tool from www.McAfee.com or the free
>> tool from http://www.microsoft.com/security/incident/sasser.asp
>> 4) You're not running a firewall, or your firewall isn't protecting you.
>> Running a firewall would have protected you from this. Free firewall
>> software is available from www.kerio.com, www.zonealarm.com and/or
>> www.sygate.com
>> 5) You need to do ALL of these things, or you won't have much success.
>> You should also make sure you get the latest Microsoft patches monthly and
>> anti-virus updates at least weekly.
>>
>> My question is not mentioned below. How do I get an answer immediately,
>> with no waiting?
>> http://securityadmin.info/faq.htm#moreinfo
>> See also: http://www.google.com/groups?as_ugroup=microsoft.public.*
>> See also: http://www.google.com/advanced_group_search
>> See also: http://www.google.com
>>
>> I want to post a problem or question to the newsgroup. What info do I need
>> to post in order to get a correct answer quickly?
>> http://securityadmin.info/faq.htm#netiquette
>>
>>
>> I just heard about a new Microsoft security patch update. Where can I get
>> the patch?
>> http://windowsupdate.microsoft.com OR
>> http://www.microsoft.com/technet/security/current.asp
>>
>> I just installed a Microsoft security patch update, and now my computer is
>> having problems.
>> http://securityadmin.info/faq.htm#patchbroke
>>
>> I received an email from Microsoft / Microsoft Support / Microsoft Internet
>> Security Center claiming to be a security patch [or comprehensive Internet
>> Explorer update]. Is this a virus?
>> http://securityadmin.info/faq.htm#microsoftemail
>> ALSO NOTE: www.grisoft.com is free antivirus, USE IT.
>>
>> I received a virus email from a Microsoft email address. Who do I report
>> this to?
>> http://securityadmin.info/faq.htm#microsoftemail
>>
>> I have the RPC Blaster worm "virus," what do I do?
>> http://www.microsoft.com/security/incident/blast.asp
>> ALSO NOTE: www.grisoft.com is free antivirus, USE IT.
>>
>> My computer is giving RPC Remote Procedure Call messages.
>> There is a TFTP message or file on my computer.
>> My computer keeps locking up, and/or rebooting, or telling me that it will
>> reboot in 1 minute.
>> http://www.microsoft.com/security/incident/blast.asp
>> ALSO NOTE: www.grisoft.com is free antivirus, USE IT.
>>
>> Where can I download the Blaster worm / RPC DCOM patch?
>> http://windowsupdate.microsoft.com OR
>> http://www.microsoft.com/technet/security/current.asp
>>
>> I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I
>> want to replace this file.
>> http://securityadmin.info/faq.htm#jdbgmgr
>>
>> I forgot my Windows logon password and can't log in. How do I reset it?
>> http://securityadmin.info/faq.htm#password
>>
>> I have a problem or a question with a virus or with antivirus.
>> http://securityadmin.info/faq.htm#virus
>> NOTE: www.grisoft.com is free antivirus, USE IT.
>>
>> Why is Outlook Express blocking my attachments as "unsafe"?
>> http://securityadmin.info/faq.htm#attachments
>>
>> How do I stop getting pop-up messages? Or adware? Or spyware?
>> http://securityadmin.info/faq.htm#pop-ups
>>
>> How do I block people from viewing adult or objectionable content on a
>> computer?
>> http://securityadmin.info/faq.htm#contentfilter
>>
>> How do I block spam emails?
>> http://securityadmin.info/faq.htm#spam
>>
>> There is a Content Advisor password blocking me from certain web sites.
>> http://securityadmin.info/faq.htm#contentadvisor
>>
>> How do I delete an FTP folder that a hacker put on my computer and I cannot
>> delete?
>> http://securityadmin.info/faq.htm#ftpfolder
>>
>> Have I been hacked? What do I do if I've been hacked?
>> http://securityadmin.info/faq.htm#hacked
>>
>> How do I re-secure a computer that has been hacked?
>> http://securityadmin.info/faq.htm#re-secure
>>
>> How do I test or improve the security on my computer to avoid being hacked?
>> http://securityadmin.info/faq.htm#harden
>>
>> How do I investigate a suspicious IP address that may be trying to hack me?
>> http://securityadmin.info/faq.htm#trace
>>
>> How do I report a hacker?
>> http://securityadmin.info/faq.htm#reporthacker
>>
>> How do I use a port scanner or vulnerability scanner to test my security?
>> http://securityadmin.info/faq.htm#portscanner
>>
>> How do I encrypt my files and/or hard drive?
>> http://securityadmin.info/faq.htm#encryption
>>
>> How do I get a firewall? IDS?
>> http://securityadmin.info/faq.htm#firewall
>>
>> I want to use the IPSec filtering or IP filtering feature of Windows to
>> block certain ports and have a problem or question.
>> http://securityadmin.info/faq.htm#ipsec
>>
>> I have a problem or question with the XP ICF firewall.
>> http://securityadmin.info/faq.htm#icf
>>
>> I have a problem or question with the IIS URLScan tool.
>> http://securityadmin.info/faq.htm#urlscan
>>
>> How do I change the banner on my computer or server to hide what software
>> version I'm using?
>> http://securityadmin.info/faq.htm#banner
>>
>> How do I enable Windows Auditing to tell who logged into Windows or who
>> accessed a file?
>> http://securityadmin.info/faq.htm#auditing
>>
>> How do I inspect and disable programs that start up when Windows starts?
>> http://securityadmin.info/faq.htm#startup
>>
>> How do I use RUNAS or let someone use RUNAS to run commands as administrator
>> without having to type the password?
>> http://securityadmin.info/faq.htm#runas
>>
>> How do I let non-administrator users run Defrag or change their IP address?
>> http://securityadmin.info/faq.htm#runas
>>
>>
>> My question is not mentioned above. How do I get an answer immediately,
>> with no waiting?
>> http://securityadmin.info/faq.htm#moreinfo
>> See also: http://www.google.com/groups?as_ugroup=microsoft.public.*
>> See also: http://www.google.com/advanced_group_search
>> See also: http://www.google.com
>>
>> I want to post a problem or question to the newsgroup. What info do I need
>> to post in order to get a correct answer quickly?
>> http://securityadmin.info/faq.htm#netiquette
>>
>> Note that this is NOT a full list of all the questions answered in the FAQ.
>> Chances are, your question has probably already been answered. The complete
>> FAQ is at:
>> http://securityadmin.info/faq.htm#contents
>>
>>
>> I hope this is helpful. Feedback, suggestions and criticism regarding the
>> FAQ are welcome and may be emailed to me.
>>
>> kind regards,
>> Karl Levinson, CISSP, MCSE, MVP
>> email: levinson_k@despammed.com
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>

Quantcast