Re: To clarify the link for CWShredder Update
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 02/27/04
- Next message: N. Miller: "Re: Moncash.net - Virus Alert"
- Previous message: Jupiter Jones [MVP]: "Re: Jupiter Jones -- Thank you!"
- In reply to: Hugh Candlin: "Re: To clarify the link for CWShredder Update"
- Next in thread: Artwilder: "Re: To clarify the link for CWShredder Update"
- Reply: Artwilder: "Re: To clarify the link for CWShredder Update"
- Reply: LuckyStrike: "Re: To clarify the link for CWShredder Update"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Feb 2004 23:21:29 -0800
I wasn't attacking Lucky Strike...just pointing out that the fact that
he/she [and now I] am crossposting is activity that has been used in the
past to put viruses into newsgroups.
Yes, I see that they are all MS public newsgroups but so have been all
the other times in newsgroups when I've seen SWEN dumped into
newsgroups. As a person who uses a public email address out here still
to this day and gets SWEN'd to death myself, I've seen viruses dumped
into groups in exactly this fashion to only the ms.public newsservers.
I'm just pointing out that the two in combination are of concern. We're
down to a 30 day retention of postings on the newsgroups servers because
they couldn't filter out the viruses fast enough. As I stated, "to the
average person coming into this newsgroup".
Bottom line.. retype into your own browser web site addresses. Don't
click on links. It's not safe these days. Internet Explorer has major
issues and needs work. [and get on sp2 for XP as soon as it comes out]
I know Jim's site. But, may I point out that it's VERY easy to spoof
emails in here. Without looking at the header file of Lucky's email to
ensure it really and truly was him/her, just looking at the sig line is
NOT enough these days to ensure the integrity of the posting. Sad but true.
Lucky's posting from an OE with a IP address. See all those
anonymous@discussions postings? Those come in from a web interface.
There's a "CDO Interface" in the header file.
It's truly not an attack... it's just a "be careful" because indeed,
again to Lucky, don't take it personally but I don't click on links out
in the public.security newsgroup. Not these days.
BTW seeing that you post in the 98 group...can you do me a favor?
Can you make sure your community knows that there is indeed a security
patch for 04-007 [828028] that is a freely available patch that you just
need to call and get.
I personally think it's beyond belief that while Microsoft has "extended
the life for Win98" they have not provided any mechanism to inform the
98 community that there are still security patches needed for the platform.
Here is an email that I shot off to patchmanagment.org's listserve on
the subject.....
-----------------------------------------------------------------
98/ME is an affected platform but as you have pointed out you have no
documented place other than listserves to back up your information. The
bulletin quietly reminds us that other platforms MAY be vulnerable... we
just didn't realize it... "
The software listed above has been tested to determine if the versions
are affected. Other versions either no longer include security update
support or may not be affected. Please review the Microsoft Support
Lifecycle <http://go.microsoft.com/fwlink/?LinkId=21742>Web site to
determine the support lifecycle for your product and version.
."
is what is stated on 04-007. On the "lifecycle page" it states
Customers can "request security fixes for Windows 98, Windows 98 Second
Edition, Windows Me, and the most current version of their components
until June 30, 2006 through normal assisted-support channels."
For the 98/ME platforms, we will not know via a direct method anymore.
The only way we will know is by either someone having a TAMS or premier
contact letting those of us who don't know that there are patches
available or through our communties like this. The first I heard of
this was through the Full Disclosure listserve. Then it was posted on
the diary page at www.incidents.org. Knowing that ME and 98 are close
relatives, I called and sure enough, found that there were needed
hotfixes for both OSs.
I've emailed some people at Microsoft that have publically given their
names out in the past [like, oh I don't know...but starting off with
steveb@microsoft.com;bgates@microsoft.com ] and kindly reminded them
that it is their new slogan in security of SD3+C and the C stands for
communication. While it's excellent that they are working on better
tools for the future, [see XP sp2 and new reports from the RSA
conference] but I need "C" now.
Steve Ballmer says on the Trustworthy computing page "We know it's not
enough to just do the right things; we have to do them in the right way"
http://www.microsoft.com/mscorp/legal/buscond/
In my emails, I've asked that at a minimum that the information be
placed in the bulletin. {I'd prefer it via Windows update but I'll take
what I can get}
I have been told by a "Premier customer" [they got this info via a paid
contract and thus it's not NDA] that the reason they got why the info is
not in the bulletin nor on Windows Update is that on the 98/ME platform
it is not "wormable". But without these special contacts that I have,
how would I know this? I don't like it one bit that I as a "little
person" would not normally have this information without having the
benefit of some friends who do have the benefit of this. In my SMB
space, we have no support plans.
Unless this policy changes, it will be up to these listserves like this
and related community resources to keep ourselves aware and informed of
the security issues for these "extended life" platforms. We will have
to rely on each other to keep ourselves informed.
Just to keep you up at night consider this......... up to 24% of the
machines surfing Google last month no longer get notifications of
Security issues through the channels that they were accustomed to:
Operating Systems Used to Access Google - January 2004
> >
> >Windows 98 24%
> >Windows XP 45%
> >Windows 2000 18%
> >Windows NT 3%
> >Mac 3%
> >Windows 95 1%
> >Linux 1%
> >Other 5%
http://www.google.com/press/zeitgeist.html
Pardon me while I go send another batch of "hissy fit" emails off to
people.
Susan Bradley
Jon Pitts wrote:
> I followed up on this information and found this on Microsoft's "Product
> Lifecycle Dates" web page..
>
> http://support.microsoft.com/default.aspx?scid=fh;[ln];LifeWin
>
> "Microsoft will not publicly release security hotfixes for Windows
98, Windows
> 98 Second Edition, or Windows Millennium Edition. However, customers may
> request a security hotfix through On-Demand Security Hotfix support,
which is
> offered for these products through June 30, 2006. When a request is
received,
> Microsoft will investigate the issue and try to provide an appropriate
> response to the customer."
>
> It's no secret they prefer to not support Windows98. That's
understandable.
> Unfortunately, we still need to run Win98.
>
> My question is, how would I even know when Windows98 is vulnerable
and needs a
> patch? US-CERT, Microsoft, and the security sites i checked don't mention
> Windows98 with MSO4-007. I can monitor my network activity, but I
really don't
> have time to test each vulnerability.
>
> A lot of otherwise knowledgeable people will argue that windows
95/98/ME don't
> need patching because they are not listed as "affected software" on the
> microsoft advisories. It's certainly easy to read it that way.
>
> Is patching Windows98 a lost cause? Does anyone have a policy in
place for
> this? Are there any studies that quantify the impact of unsupported
windows
> systems on an otherwise patched environment?
>
> Note to any Microsoft reps...how about recognizing this issue on the
Security
> Bulletin's "Affected Software" section with a statement like "Windows98
> and 95 may still be vulnerable but are not supported". or something
else as
> painfully honest. I understand the business arguement but it is seems
to be a
> troublesome situation.
>
> thanks everyone.
> FYI, this is my first post. I'd like to thank everyone for an incredibly
> useful list. I've learned more from this list than anywhere else to date.
>
> -jon
>
>
> Jon Pitts
>
>
>
> Quoting "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]"
> <sbradcpa@pacbell.net>:
>
> ------------------------------------------------------------------------
> http://isc.incidents.org/diary.html?date=2004-02-22
>
> "Windows 98 ASN.1 Patch
> Readers reported to our handlers team that Microsoft is distributing a
> patch for the ASN.1 issue to Windows 98 users per request. If you are
> running Windows 98, contact your Microsoft representative for the
> location of the patch.
>
> As reported earlier, the ASN.1 advisory MS04-007 only covers newer
> versions of Windows. Windows 98 is however still vulnerable.
>
> Workaround: you may want to consider renaming or removing msasn1.dll.
> However, please test this fix carefully as it may break some software.
>
> Careful! Do not trust any patches sent via e-mail. "
>
> --------------------
> I can confirm that if you call MS PSS, option 3 for hotfixes and ask for
> hotfix for Windows 98 and Windows ME for KB 828028 you can easily get
> them FOR FREE.
>
> US (800) 936-4900 or UK (0870) 60 10 100 other numbers through
> http://support.microsoft.com/common/international.aspx?gssnb=1
>
> If you have Windows 98/Me machines, either call that number or contact
> your support/TAM account representative.
>
> Susan
Hugh Candlin wrote:
> Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] <sbradcpa@pacbell.net> wrote in message news:uUQGUwD$DHA.1212@TK2MSFTNGP12.phx.gbl...
>
>>May I just point out that to the average person coming into this group..
>>the fact that that post was...
>>
>>a. majorly cross posted
>
>
> You did notice that they are all micosoft.public newsgroups?
> You are aware that cross-posting is discouraged by many people
> who have absolutely no idea why they are doing so.
> If you have a valid reason, I would be interested in hearing it.
>
>
>>b. and with the sig line of Lucky Strike
>>LS@smokedamagedfurniture.youcandriveitawaytoday.com
>>
>>Of which both together to the reasonably paranoid person ... I wouldn't
>>click on those links either.
>>
>>It looked like a distribution of a virus or bogus code even if it was
>>not. Unfortunately we have to be careful these days.
>
>
> Then why not simply make a polite inquiry to the said newsgroups,
> and solicit opinions as to the perceived integrity of the said poster.
> As far as I am concerned, his integrity is impeccable.
>
> You may wonder why I appear to be hostile. I assure you that I am not.
> It just so happens that you are the second MVP who has seen fit
> to take a cheap shot at a regular poster.
>
> I let the first one slide, taking it for granted that the first "MVP"
> would have the decency to apologize. AFAIK, he has not done so.
>
> Now your unwarranted attack, under the guise of "being careful".
>
> I am sorry, but that justification is totally unacceptable.
> We don't deserve that sort of treatment, and we will not accept it.
>
> Thank you for your understanding.
>
>
>>LuckyStrike wrote:
>>
>>
>>>"Jim Eshelman" <newsgroups@NSaumha.org> wrote in message
>>>news:unpJv%239%23DHA.2432@TK2MSFTNGP11.phx.gbl...
>>>
>>>
>>>>LuckyStrike wrote:
>>>>
>>>>
>>>>>Jim,
>>>>>
>>>>>I just want to thank you for your persistent devotion to help others
>>>>>and for the great links that abound in your wonderful site. I hope
>>>>>the ruckus and uproar I have potentially created will not have any
>>>>>untoward and negative impact. If it has, I extend my sincerest
>>>>>apologies, and hope that in some way I can be forgiven or at least to
>>>>>somehow (how?) make up for it.
>>>>
>>>>You're welcome.
>>>>
>>>>And: I always approve of getting in trouble for doing *something* rather
>>>>than getting in trouble for doing *nothing.* (I believe those are the only
>>>>two available choices, and I try to pick the first one as often as
>>>>possible.) So keep doing wonderful something and enjoy the weather change
>>>
>>>of
>>>
>>>
>>>>the occasional storm to keep life from getting boring.
>>>>
>>>>--
>>>>Jim Eshelman, MS-MVP Windows http://aumha.org/
>>>>AumHa Forums: http://forum.aumha.org/
>>>>Fighting Parasites: http://aumha.org/a/parasite.htm
>>>>Computer Health: http://aumha.org/a/health.htm
>>>>Troubleshooting: http://aumha.org/a/tshoot.htm
>>>>
>>>
>>>--------------------------
>>>Jim - I posted my thanks for your understanding just moments ago.
>>>
>>>Best and *highest* regards,
>>>LuckyStrike
>>>-------------------------------
>>>
>>>
>>
>>--
>>http://www.sbslinks.com/really.htm
>>
>
>
>
-- http://www.sbslinks.com/really.htm
- Next message: N. Miller: "Re: Moncash.net - Virus Alert"
- Previous message: Jupiter Jones [MVP]: "Re: Jupiter Jones -- Thank you!"
- In reply to: Hugh Candlin: "Re: To clarify the link for CWShredder Update"
- Next in thread: Artwilder: "Re: To clarify the link for CWShredder Update"
- Reply: Artwilder: "Re: To clarify the link for CWShredder Update"
- Reply: LuckyStrike: "Re: To clarify the link for CWShredder Update"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
