Brace yourself

**GroundZero3** · March 26th, 2009, 04:00 PM

It surprises me that people still dont patch their boxes, even with legit copies

Beware Conficker worm come April 1 : Christopher Null : Yahoo! Tech

**EXreaction** · March 26th, 2009, 04:38 PM

I bet you wouldn't believe that at our tech school, pretty much all the computers I've tested have a backdoor trojan installed that gets transferred around via usb key.

All of the computers in the networking tech lab I am in are all infected and have deepfreeze installed on.

Luckly I've been using Vista on my laptop, so I could stop it before it would try to do anything when I would plug the usb drive back into my machine. But I didn't notice it until I tried plugging the USB drive into another machine with an anti-virus installed (happened to be some other systems in the school that had mcafee installed).

**GroundZero3** · March 26th, 2009, 05:15 PM

I have worked for three different school divisions trust me I know all to well

The biggest problem and this goes for any environment with software loads, you don't know how those new updates will effect all your software. The man power alone to test how the update will affect installed (espically when ms was releasing them every other week) would be virtually impossible.

**EXreaction** · March 26th, 2009, 06:07 PM

Well, luckily pretty much all the hardware setups here are identical, so one should be able to setup a single install and clone it to all the machines.

**GroundZero3** · March 26th, 2009, 06:17 PM

Yes but after you clone those machines you need to deploy the updates, and trust me even if they are all the same those updates can act screwy (not loading properly, network issues, etc) and cause some issues with the machine operation/software.

And just because all the machines are identical, they might not have all the same software. Some school district only install math software in math class rooms.

So its a very complicated animal, you cant just have wsus running and think everything will update perfectly fine.

**EXreaction** · March 26th, 2009, 09:21 PM

It's definitely something I'd like to try some day.

Although I may get the opportunity at some point in doing that with the computer lab we have in our classroom. I suppose I could give it a try with a bunch of VM's sometime, but doing that is no fun.

**GroundZero3** · March 26th, 2009, 09:22 PM

Why not? Vms are pretty much next to the best thing and you can do it all on one machine!

I do everything in vms

**EXreaction** · March 26th, 2009, 09:38 PM

Eh, I don't know, I just don't like doing all that in VM's.

Although I suppose it would be nicer on my desktop, I've only been trying that stuff on my laptop, which isn't as nice to work with (especially with the 5400 RPM hard drive).

**Coolzer** · March 27th, 2009, 06:24 AM

Originally Posted by EXreaction

I bet you wouldn't believe that at our tech school, pretty much all the computers I've tested have a backdoor trojan installed that gets transferred around via usb key.

Hey Ex just out of interest, how did you remove the Trojan?

**GroundZero3** · March 27th, 2009, 10:03 AM

Protecting Against the Rampant Conficker Worm - PC World

**EXreaction** · March 27th, 2009, 01:00 PM

I didn't try removing them from the desktops, but on my laptop I could just show the protected OS files and they were listed on the flash drive and could just be deleted.

**Coolzer** · March 28th, 2009, 04:21 AM

yeah mine sometimes makes copies of the folders and disguise them as an .exe. so if you don't have extensions enabled you get hit with the virus. If you right click the drive you get like strange gibberish...eg:i^jkh

**KarmaKiller** · March 31st, 2009, 10:13 AM

Security experts have made a breakthrough in their five-month battle against the Conficker worm, with the discovery that the malware leaves a fingerprint on infected machines that is easy to detect using a variety of off-the-shelf network scanners.

The finding means that, for the first time, administrators around the world have easy-to-use tools to positively identify machines on their networks that are contaminated by the worm. As of mid-Monday, signatures will be available for at least half a dozen network scanning programs, including the open-source Nmap, McAfee's Foundstone Enterprise and Nessus, made by Tenable Network Security.

Busted! Conficker's tell-tale heart uncovered â€¢ The Register

**GroundZero3** · March 31st, 2009, 10:16 AM

Excellent thanks for the update!

**KarmaKiller** · March 31st, 2009, 10:18 AM

I figured it would help someone.

**EXreaction** · March 31st, 2009, 11:37 AM

I don't get what their battle was against the worm. I mean, wasn't this worm targeting something that was already patched over a year ago now? I can see the problem with zero day exploits, but when you've got machines that have not been patched for months it may be time to start rethinking your system policies.

**GroundZero3** · March 31st, 2009, 11:42 AM

Originally Posted by GroundZero3

I have worked for three different school divisions trust me I know all to well

The biggest problem and this goes for any environment with software loads, you don't know how those new updates will effect all your software. The man power alone to test how the update will affect installed (espically when ms was releasing them every other week) would be virtually impossible.

Please reread above, on top of a lot of people having warez copy of windows and not being able to update (last time I checked). Deploying updates to a large scale network isn't as easy as it sounds. Yes WSUS does work but it can cause some problems and some network admins are lazy.

**EXreaction** · March 31st, 2009, 12:00 PM

Yes, but still, 6 months should be enough time to patch a critical security vulnerability.

Those running illegal copies who can not update will just have to deal with it themselves.

It's a hell of a lot more work to fix a security issue after you've been attacked than it is to install a patch to prevent it.

**GroundZero3** · March 31st, 2009, 12:05 PM

Let me give you an example

We have several images made for different models, each image can have up 25+ different type of software installed. So if we have 6 different models of images with different software you do the math. The time it takes to test out each image with all the software to see how it reacts to an update is no easy task. The man power alone is staggering, you just don't go out there and install updates and when something breaks you don't go "oopsie my bad"