Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]
From: Bill Sanderson (Bill_Sanderson_at_msn.com.plugh.org)
Date: 08/25/03
- Next message: Bill Sanderson: "Re: e-mail request ostensibly from Microsoft to download a patch"
- Previous message: Ted: ""Logon Failure" Help"
- In reply to: Mike Simone: "Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]"
- Next in thread: Mike Simone: "Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]"
- Reply: Mike Simone: "Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 25 Aug 2003 14:08:55 -0400
"Mike Simone" <msimone69@hotmail.com> wrote in message
news:152bbdf6.0308250706.3c92dcef@posting.google.com...
> "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:<ODGXhylaDHA.1204@TK2MSFTNGP12.phx.gbl>...
> <snip>
>
> There's also a problem with MSBA - sometimes even if you apply the
> patches it recommends the same vulnerablity shows up the next time you
> run the tool. That makes it hard to trust the MSBA, since if it gives
> false weaknesses, why wouldn't it give false securities as well?
(Did I say it was perfect?)
Frankly, I tend to trust MBSA because the patch-detection code comes in the
form of HFNETCHK from a third-party. I've observed the public newsgroup
interactions between Microsoft, who publish the XML file whose details are
used by Shavlik and other third-parties to produce added-value tools, and
Shavlik and other interested members of the public. Mistakes are made in
the XML files, and they are caught by interested 3rd parties, and corrected.
Shavlik also enhances the information in the XML files and republishes their
own versions. I can use Shavlik's tools to second guess Microsoft's and I
can get good support and answers to questions about why/how certain messages
are generated on a given machine, in the public newsgroups.
I've been generally impressed over time with the candid answers and speed of
response to issues with the underlying technology of patch detection.
If you get a "patch not installed" from MBSA after installing the patch, I
would recommend going to the KB article associated with the patch and
checking the file date and size details manually on a given sample machine.
I would think the chances are rather high that it isn't in fact
installed--the patch installers, for a variety of reasons, I'm sure, don't
always give accurate indication of the success of a given install.
Those groups are:
(on msnews.microsoft.com)
microsoft.public.security.baseline_analyzer
microsoft.public.security.hfnetchk
(on news.shavlik.com)
shavlik.hfnetchk
shavlik.hfnetchklt
- Next message: Bill Sanderson: "Re: e-mail request ostensibly from Microsoft to download a patch"
- Previous message: Ted: ""Logon Failure" Help"
- In reply to: Mike Simone: "Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]"
- Next in thread: Mike Simone: "Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]"
- Reply: Mike Simone: "Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
