|
|
|
|||||
|
George I thought you might be interested in the fact that our local television station, NBC29, and the UVA computing manager, Mark Smith, are recommending a complete operating system re-install for the average computer user infected with the recent Blaster virus. This is preposterous. Someone should hold these guys accountable for
bad advice that has the potential to cause much more local damage than the
virus ever could. [Here's the Email that Gary Patterson sent to Mark Smith] NBC29 [ran] a story onair and online: .... Mark Smith, UVA computing manager stated, “It’s spreading itself from machine to machine without users having to click on attachments or do anything”. And in the past few days, blaster has infiltrated thousands of personal and corporate computer systems. Smith stated, “At the university we have we have problems on almost every network with at least one or two machines”. But there are preventative measures you can take. Smith says the best option is windowsupdate.microsoft.com, it's the Microsoft supported link that enables you to download a worm preventing program. If you have windows XP, activating the firewall option can also prevent problems. If you've already been attacked, Smith recommends copying all important files onto floppy disks or CD's. Wipe out what's on your computer and then install windows from scratch, then log onto windowsupdate.microsoft.com. Is this really your recommendation? Are you truly suggesting that the public at large should reinstall Windows? As a consultant, people have been calling me all morning asking what files they should backup before reinstalling Windows. As I understand, the fix to this worm is quite minor (remove the msblast.exe file from the system folder and optionally remove the registery autorun command) and does not warrant an operating system reinstall. If you have been misquoted, have you contacted NBC29 regarding a retraction and update to their website? Or do I misunderstand the virus? I appeared to have cleaned it from my system quite easily and Symantec is providing a free utility (http://www.symantec.ca/avcenter/venc/data/w32.blaster.worm.html) that does the work for you. The advice to wipe the hard drive seems extreme. Gary Patterson [Here is Mark Smith's response to Gary Patterson] Reinstalling is our recommendation - the msblast worm is one of at least 6 that are taking advantage of the vulnerability, and the solutions posted by microsoft and the various virus sites only detect a small number. In our environment the recommendation, after much discussion, remains the rebuild because of the inability of the average user to detect and remove the other variants. Mark Smith (electronic mail, August 19, 2003) [Further communication on the subject from Mark Smith] The issue is more complicated than the 'msblast' discussion itself. MSBLAST is the symptom of a more serious system vulnerability - the RPC vulnerability from Microsoft. Our security and communications and systems directors can give you more information about the underlying justification Mark Smith (electronic mail, August 25, 2003)
|
