Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]

From: Mike Simone (msimone69_at_hotmail.com)
Date: 08/25/03 

Date: 25 Aug 2003 14:21:52 -0700

"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message news:<#yQPyPzaDHA.384@TK2MSFTNGP12.phx.gbl>...

<snip me grousing about MBSA>

> (Did I say it was perfect?)

No, you sure didn't. Sorry if I offended you - I assure you it was
not my intent. I need to make sure I'm not too far in caffiene
withdrawal before I post in the morning - nobody likes an incoherent
cranky guy.

>
> Frankly, I tend to trust MBSA because the patch-detection code comes in the
> form of HFNETCHK from a third-party. I've observed the public newsgroup
> interactions between Microsoft, who publish the XML file whose details are
> used by Shavlik and other third-parties to produce added-value tools, and
> Shavlik and other interested members of the public. Mistakes are made in
> the XML files, and they are caught by interested 3rd parties, and corrected.

Very interesting and good to know.

<snip more good stuff>

> If you get a "patch not installed" from MBSA after installing the patch, I
> would recommend going to the KB article associated with the patch and
> checking the file date and size details manually on a given sample machine.
> I would think the chances are rather high that it isn't in fact
> installed--the patch installers, for a variety of reasons, I'm sure, don't
> always give accurate indication of the success of a given install.

Ah, so I would probably get a more accurate result from the MBSA if I
ran it now.

>
> Those groups are:
> (on msnews.microsoft.com)
> microsoft.public.security.baseline_analyzer
> microsoft.public.security.hfnetchk
>
> (on news.shavlik.com)
> shavlik.hfnetchk
> shavlik.hfnetchklt

Thanks for the info, and again, sorry if I came across poorly in my
original post.

Sincerely,

Mike Simone

Relevant Pages