We took a bit of a beating just now at work.

worm?
Take it to the vet. They have pills for that. ;)

http://www.cnn.com/2005/TECH/internet/08/16/computer.worm/index.html

Take it to the Vet. They have patches for that!

The network we use to look up info got hit, it was affecting everyone in the county.

WSUS (http://www.microsoft.com/windowsserversystem/updateservices/default.mspx)

I've lost count of the number of times over the years that I've had the luxury of reading about this crap in the news and not worrying about my networks... I keep my isht patched and monitored. Controlled automation is a wonderful thing.

WSUS (http://www.microsoft.com/windowsserversystem/updateservices/default.mspx)

I've lost count of the number of times over the years that I've had the luxury of reading about this crap in the news and not worrying about my networks... I keep my isht patched and monitored. Controlled automation is a wonderful thing.
I don't worry much about it either..
http://www.debian.org/logos/openlogo-100.jpg
-ajb

Our group policy here prevents the use of windows update.

Then there is the fact that 150,000 desktops and who knows how many servers running legacy proprietary software make patch management a little more difficult.

Doesn't it only affect windows 2000?

Our group policy here prevents the use of windows update.

Then there is the fact that 150,000 desktops and who knows how many servers running legacy proprietary software make patch management a little more difficult.

LOL. Usually you only disable WU via GP when you have another system in place. Guess not, haha.

With 150,000 desktops, I would think an automated deployment tool would be absolutely necessary. They could be selective about the patches applied too, just need a testing lab set up, and triage the patches before testing. Do a staged rollout of the critical security updates, looking for reports of problems. They can be lazier about the less critical patches. And all of this could be scheduled, since the second Tuesday of every month has been patch release day for quite a few vendors for a while now.

Depending on the scope of the problem, I wonder if they realize that such an approach doesn't meet SOX control objectives... Somehow I don't think the shareholders would accept their excuses if this worm was truly destructive, as it could have been.

Oh well, their problem. I would never stay employed with a company that expects me to stay in a reactive stance, with little chance of process improvement. It's just not worth it. Job satisfaction > money, and there's plenty of other opportunities out there.

Doesn't it only affect windows 2000?

No, early unpatched versions of XP are vulnerable as well.

LOL. Usually you only disable WU via GP when you have another system in place. Guess not, haha.

With 150,000 desktops, I would think an automated deployment tool would be absolutely necessary. They could be selective about the patches applied too, just need a testing lab set up, and triage the patches before testing. Do a staged rollout of the critical security updates, looking for reports of problems. They can be lazier about the less critical patches. And all of this could be scheduled, since the second Tuesday of every month has been patch release day for quite a few vendors for a while now.

Depending on the scope of the problem, I wonder if they realize that such an approach doesn't meet SOX control objectives... Somehow I don't think the shareholders would accept their excuses if this worm was truly destructive, as it could have been.

Oh well, their problem. I would never stay employed with a company that expects me to stay in a reactive stance, with little chance of process improvement. It's just not worth it. Job satisfaction > money, and there's plenty of other opportunities out there.


Patches were actually scheduled to go out and just hadn't yet. You can't honestly believe that we don't have automated processes for all this. We actually have pretty good patch management here and its pretty impressive when you look at our size.

Ha Ha Ha Ha Ha Ha Ha
http://images.apple.com/macosx/images/indextop20050504.jpg

Ha Ha Ha Ha Ha Ha Ha
http://images.apple.com/macosx/images/indextop20050504.jpg


:D :D :D

Ha Ha Ha Ha Ha Ha Ha

Yeah... the problem is that if OS X were more popular... more virii and worms and spyware would be written to exploit it.

I use a G4 running OS X at home though