Well just to add my 2 cents. I feel
that if an administrator chooses to run a Microsoft web server. Than he
should make it part of his daily regiment that when he has his morning cup of
coffee he sits down and reads the latest bug reports available on the web,
including checking the manufactures web sites for current patch
releases. There for if his server is ever infected again with anything
like Nimba or code red style of worms then he can be held
responsible. The only thing I hate is the fact that every other
second my web server is being hit with another "compromised IIS
box's" . Only if every admin in the world understood Unix. If I
were an NT admin I would go to the book store and pick up a book on Unix then
convince the "brass" to switch.
This is just my 2 cents some of you may not
agree with me. For those of you that don't, you just give others machines
to compromise when they have 5 minutes to spare before heading out to dinner
with their families.
Happy Virus Scans. =)
Shane Hambleton
Network Security Engineer
CCSA-CCSE-CCSI
Just an idea, but why not create a public blacklist with "persistent"
unpatched web servers who re-propagate the Code Red and Nimda-style of worms
over and over again - style orbs.org ??
Then all ISP's could use this blacklist to block all outgoing http from
those servers.
Maybe this already exists and I am not aware of it.
Patrick
Happy Apache-user
|