Full Disclosure mailing list archives
Re: RE: Probable new MS DCOM RPC worm for Windows
From: Paul Schmehl <pauls () utdallas edu>
Date: Sat, 27 Sep 2003 14:31:58 -0500
--On Saturday, September 27, 2003 2:53 PM -0400 Karl DeBisschop <kdebisschop () alert infoplease com> wrote:
As food for thought, what if you took an OS that gave you a little lattitude - say Mandrake Linux, which is considered fairly user friendly, and said "If you install this, the default configuration will automatically download and install updates as they come from the vendor" (after UT has done some light verification I'd assume).
That's actually been done at some edus.
That's the real sticking point. Whenever these types of discussions arise (which is often right after another MS debacle) two concerns are raised. As a state agency, we by law cannot work on personal equipment on state time. This means that we cannot support student computers. (Despite this prohibition we do provide small levels of support if they bring their computer to our help desk.) Secondly there is a real concern that if we provide them with any software through any kind of automated methodology that we then become liable for anything that goes wrong.Not that you or I would likely want this on our desltop, but maybe some of your students would. And again, unless their job is computing, I don't think that wish is totally ill-founded. One problem would be that it would be hard then to avoid some degree of responsibility for the quality of the patches.
We've talked about providing them with access to SUS and possibly even SMS, but no decision has been made. I suspect we'll end up not doing it. It's much less troublesome (WRT the two issues I mentioned above) to simply quarantine them when they have a problem and let them figure out the solution on their own or with our assistance.I suppose you could allow students to sign up for a UT-sponsored SMS-style software push for windows. And in the long run, the cost might be less than some of the other efforts you have to undertake to secure things. But the initial outlay might be daunting.
I'm a big believer in doing work now to allow us to do less work later. IOW being proactive rather than reactive.Just sort of thinking out loud -- all these require additional work on your part. But there may be some useful middle ground.
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE: Probable new MS DCOM RPC worm for Windows, (continued)
- Re: RE: Probable new MS DCOM RPC worm for Windows Jordan Wiens (Sep 25)
- SV: RE: Probable new MS DCOM RPC worm for Windows Peter Kruse (Sep 25)
- RE: RE: Probable new MS DCOM RPC worm for Windows Schmehl, Paul L (Sep 25)
- RE: Probable new MS DCOM RPC worm for Windows Brian (Sep 25)
- Port 6881 scans - why? Paul Johnson (Sep 25)
- Re: Port 6881 scans - why? Blue Boar (Sep 25)
- Port 6881 scans - why? Paul Johnson (Sep 25)
- RE: Probable new MS DCOM RPC worm for Windows Carey, Steve T GARRISON (Sep 25)
- Re: RE: Probable new MS DCOM RPC worm for Windows lists (Sep 27)
- Re: RE: Probable new MS DCOM RPC worm for Windows Paul Schmehl (Sep 27)
- Re: RE: Probable new MS DCOM RPC worm for Windows Karl DeBisschop (Sep 27)
- Re: RE: Probable new MS DCOM RPC worm for Windows Paul Schmehl (Sep 27)
- Re: RE: Probable new MS DCOM RPC worm for Windows Karl DeBisschop (Sep 27)
