There’s got to be a better way

In the wake of Blaster, reader Chuck Krueger writes in with his thoughts on the patch management nightmare:

There is another factor that has not been addressed in the “Patching” issue; dial-up connections.

I just set up a new PC  with Windows XP with Service Pack 1a. The install went smoothly but when it came time to patch the system, it was a bit of a shock. There were 34 M bytes of Security patches to be installed. I have a cable modem so it only took 40 minutes to download, but can you imagine doing that on a dial-up account.  And that was just the Security patches, when I looked at the other recommended patches, there was another 12 M bytes to download. It takes a phone modem too long to update. Also there are a lot of people who do not have unlimited Internet access or who use a free service that does not have a local number. There are cost factors for some people.

So there has to be a better way to provide the updates to people. The system as it is now requires you to go to Microsoft’s website to download the patches. On option would be to provide images on servers, preferably to the ISP’s server or the corporate network servers, throughout the Internet. This should apply to Linux and OS X also.

Microsoft is now considering using automatic updates. Considering the problems with patches and service packs causing problems, I do not believe that is a good idea. Also, can you imagine millions of computers

hitting the update site automatically to install the latest patch. It would be interesting to see if the servers would stand up to the potential load.

Whatever system is established will have problems but something has to be done. The solution should involve every operating system manufacturer, not just Microsoft.

Great insight from Chuck. Thanks for writing in.

Today’s bug patches and security alerts:

Conectiva patches sendmail vulnerability

Sendmail 8.12.0 and greater could be subject to a denial-of-service vulnerability when the DNS map feature is turned on. In some cases the flaw could be exploited to run arbitrary code on the affected machine. Users should download Version 8.12.9 to fix the problem. For more, go to:

https://www.nwfusion.com/go2/0901bug1a.html

**********

Debian issues new node packages

A buffer overflow in LinuxNode, an Amateur Packet Radio Node program, could be exploited remotely to gain root access to the affected machine. For more, go to:

https://www.debian.org/security/2003/dsa-375

**********

New up2date and rhn_register packages from Red Hat

Red Hat has released new up2date and rhn_register used in accessing the Red Hat Network. The new packages contain updated certificates for authentication. For more, go to:

https://rhn.redhat.com/errata/RHSA-2003-267.html

**********

Today’s roundup of virus alerts:

Blaster-E, F – Two new variants of the original Blaster worm with some minor variations to the registry key it uses and the embedded message in the code. (Sophos, Panda Software)

W32/Lovgate-P – A combination of the Lovegate-L worm with the W32/Parite-A compressed inside. The compression kills the effectiveness of this combo. (Sophos)

Kelar.A, B – Like the Blaster worm, Kelar exploits the RPC DCOM vulnerability in Windows via port 135. The worm drops the HackTool/NTRootKit package on the infected machine to give a remote attacker access. (Panda Software)

W32/Raleka-B – Similar to Kelar, this worm exploits the RPC DCOM vulnerability and installs a backdoor program on the infected machine. (Sophos)

W32/Nugosh-A – A mass-mailer worm that drops a backdoor program on the infected machine. (Sophos)

**********

From the interesting reading department:

Microsoft to revamp patch management software

In the wake of recent ugly worm episodes, Microsoft is planning to overhaul its much maligned patch management architecture in an effort to ease the frustrations of corporate users. Network World, 09/01/03.

https://www.nwfusion.com/news/2003/0901mspatch.html

WLAN security: A big problem for small nets

Emerging standards and products aim to remedy the problem. Network World, 09/01/03.

https://www.nwfusion.com/net.worker/news/2003/0901netlead.html

Netgear router quirk perturbs college

If you own a Netgear router, Annie Stunden would like you to stop pinging her network. Network World, 09/01/03.

https://www.nwfusion.com/news/2003/0901wisconsin.html

NetScreen to add application layer security to gear

NetScreen Technologies later this year will improve its security products to help customers combat attacks disguised as innocuous traffic that might sneak by traditional firewalls. Network World, 09/01/03.

https://www.nwfusion.com/news/2003/0901netscreen.html

Teenager arrested in Blaster worm case

A Minnesota teenager will appear in federal court in St. Paul Friday to face charges stemming from the release of a variantof the virulent W32.Blaster Internet worm that ravaged computer systems worldwide earlier this month. IDG News Service, 08/29/03.

https://www.nwfusion.com/news/2003/0829teen.html

Microsoft posts beta of installer linked to patch mgmt. overhaul

Microsoft Friday shipped the first beta of a software installer that is one key piece in a forthcoming overhaul of the company’s patch management architecture. Network World Fusion, 08/29/03.

https://www.nwfusion.com/news/2003/0829mspatch.html

Hackers Steal 13,000 Credit Card Numbers

The Navy has canceled 13,000 credit cards used for government expenses after discovering that hackers had downloaded card numbers and billing records, Defense Department officials said. Washington Post, 08/23/03.

https://www.nwfusion.com/go2/0901bug1b.html

IBM monitor recall widened

IBM will expand its recall of certain monitors to include an additional 63,000 units with circuit boards that could overheat,the U.S. Consumer Product Safety Commission (CPSC) said Thursday. IDG News Service, 08/28/03.

https://www.nwfusion.com/news/2003/0828ibmmon.html