RE: [ISN] Microsoft Security Bulletin (MS98-010)

From: mea culpa (jerichoat_private)
Date: Wed Aug 05 1998 - 16:22:36 PDT

  • Next message: mea culpa: "[ISN] Body of Evidence"

    Reply From: Liam Colvin <randomat_private>
    Aw, c'mon, grab a bit of reality here.
    Users never know, in a very real sense, what is going on behind the scenes
    with regards to their computers and the Internet. When I ran a large Windows
    NT network, we often got calls from users saying that we had brought the
    mainframe down. Excuse me?
    The chief venue for BO to cause problems is for users to bring it down via
    an ActiveX control. Users usually don't really look at signatures on ActiveX
    components, and therefore need to be limited to begin with as to what they
    allowed to do with their browsers. This is an issue for the LAN and Customer
    Services admins to look out for as a normal course of business. Use the
    simple rules of not allowing downloadable components from outside the
    network, no one logs in as admin on NT boxes, etc., etc.
    Also, given the nature of today's switched LANs, a machine acting as a
    server, particularly a Windows 9x machine, would stand out like a store
    thumb on any hub monitoring tool. Which any LAN admin worth their salt
    should be looking out for anyway, just from a network health standpoint.
    BO is again, nothing new. It combines the aspects of a trojan horse with a
    remote control app. It should be and of course will be filterable from an
    anti-virus perspective, as it is not really too different from any other
    virus, except in it's capablities. Not in it's distribution nor it's
    Liam Colvin
    "Will work for entertainment..."
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: New Dimensions International []

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:00:28 PDT