From: Alexander Brown (albrown_at_eecs.berkeley.edu)
Date: Fri Sep 12 2003 - 12:49:21 PDT
I would be cautious with this approach; we have had multiple reports in
EECS of compromised XP systems that were unpatched, but "running the
firewall since before they were ever put on the network". I cannot
attest to the accuracy of the reports, but the fact that there have been
multiple reports makes me nervous about recommending this as a solution.
--alex
"Kevin D. Burney" wrote:
>
> I have had success using XP and 2003 by simply enabling the built-in
> personal firewall before connecting to the network. Then you will be safe
> to download your patches.
>
> ---------------------------------------------------------------------------
> Kevin Burney
> kburney_at_uclink.berkeley.edu
> Network and Computer Systems Architect
> Computing Operations and Information Systems
> University of California, Berkeley
> http://cois.vcbf.berkeley.edu
>
> -----Original Message-----
> From: owner-micronet-list_at_uclink4.berkeley.edu
> [mailto:owner-micronet-list_at_uclink4.berkeley.edu] On Behalf Of Eric
> Chamberlain
> Sent: Friday, September 12, 2003 12:08 PM
> Cc: micronet-list_at_uclink.berkeley.edu; ucb-security_at_uclink.berkeley.edu;
> comp-mgrs_at_socrates.berkeley.edu
>
> Microsoft actually recommends, as a best-practice, burning patches to CD and
> updating machines before they are connected to the network.
>
> --
> Eric Chamberlain, CISSP
> Campus Active Directory Architect
> Central Computing Services
> University of California, Berkeley
> http://calnetad.berkeley.edu
>
> -----Original Message-----
> From: owner-ucb-security_at_uclink4.berkeley.edu
> [mailto:owner-ucb-security_at_uclink4.berkeley.edu] On Behalf Of Mike Hunter
> Sent: Friday, September 12, 2003 10:05 AM
> To: Craig Lant
> Cc: micronet-list_at_uclink.berkeley.edu; ucb-security_at_uclink.berkeley.edu;
> comp-mgrs_at_socrates.Berkeley.EDU
> Subject: Re: [Security] Fun with Windows all over again
>
> On Sep 12, "Craig Lant" wrote:
>
> > 3. We will most likely be putting together a CD with
> > patches and appropriate tools to help with securing
> > vulnerable or compromised computers.
>
> As an open-source advocate, unix zealot, and cynic, I'd like to wonder out
> loud whether such a CD conflicts with Microsoft's licensing requirements.
> If it does conflict, I think disregarding the licensing is irresponsible.
> This may have already been brought up.
>
> Mike
> -------------------------------------
> Sent via the ucb-security mailing list.
>
> ------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> For information about Micronet, including subscribing to or unsubscribing
> from its mailing list and finding out about upcoming meetings, please visit
> the Micronet Web site:
> <http://micronet.berkeley.edu/>.
>
> -------------------------------------
> Sent via the ucb-security mailing list.
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Fri Sep 12 2003 - 12:51:19 PDT