Gartner slams MS security after latest flaw
Posted by Daniel Fleshbourne on 03 October 2002 - 09:53 · 1 comment & 18 views
About the Author
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google
The vulnerability could be used in denial-of-service attack or possibly manipulated to run arbitrary code on vulnerable servers. MS has released a patch to fix the problem, which arises in a buffer overrun flaw with the SmartHTML Interpreter component of FrontPage Server Extensions.
That's nothing particularly out of the ordinary, Gartner sagely notes, but it does provide evidence that "Microsoft has a long way to go before it can deliver on its much-publicised promise of Trustworthy Computing". Gartner Research Director Rich Fogull forecasts that, "due to legacy code and resistance to cultural change, Microsoft will not deliver necessary security improvements before 2004".
The assessment is noteworthy because it was Gartner's assessment that it was time to consider an alternative to IIS in the wake of worms like Nimda and Code Red, that caused Microsoft to formulate its Trustworthy Computing push in the first place. In fairness security is an issue for the whole industry, and Microsoft is always prime target for miscreants. That's the territory that goes with being the world's biggest software company.
Once a PC is infected, VirusScan may not be able to run as the virus can terminate the process before any scanning/removal is accomplished. The following steps will allow for proper VirusScan scanning/removal, by using the command-line scanner.
- Ensure that you are using the minimum DAT specified or higher.
- Close all running applications
- Disconnect the system from the network.
- Go to a command prompt, then change to the VirusScan engine directory:
- Win9x/ME - Click START | RUN, type command and hit ENTER.
- WinNT/2K/XP - Click START | RUN, type cmd and hit ENTER.
- Rename SCAN.EXE to CLEAN.EXE to prevent the virus from terminating the process and deleting files. Type, ren scan.exe clean.exe and hit ENTER.
- First, scan the system directory.
- Win9x/ME - Type clean.exe %windir%systemwin*.exe and hit ENTER.
- WinNT/2K/XP - Type clean.exe %windir%system32win*.exe and hit ENTER.
- Once the scan has completed, Type clean.exe /adl /clean and hit ENTER.
- Rename scan.exe. Type, ren clean.exe scan.exe and hit ENTER.
- After scanning and removal is complete, reboot the system
Apply Internet Explorer patch if necessary.Klez can delete anti-virus software files. It may be necessary to reinstall VirusScan after cleaning a system.Type cd progra~1common~1networ~1viruss~140~1.xx and hit ENTER.
Type cd progra~1common~1networ~1viruss~14.0.xx and hit ENTER