[56832] in North American Network Operators' Group
RE: Code red- Returning?
daemon@ATHENA.MIT.EDU (McBurnett, Jim)
Tue Mar 18 13:38:24 2003
Date: Tue, 18 Mar 2003 13:37:45 -0500
From: "McBurnett, Jim" <jmcburnett@msmgmt.com>
To: "Marty Armstrong" <MartyA@patchlink.com>
Cc: <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
This is a multi-part message in MIME format.
------_=_NextPart_001_01C2ED7D.77AB81FE
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Marty,
this would be great news, IF I wasn't the victim..
I did read the article when I got my NW Fusion this month..
This needs to go to the folks who are infected...
=20
Is this the correct place for an Advertisement?
=20
=20
Jim
=20
-----Original Message-----
From: Marty Armstrong [mailto:MartyA@patchlink.com]
Sent: Tuesday, March 18, 2003 12:57 PM
To: McBurnett, Jim
Cc: nanog@merit.edu
Subject: RE: Code red- Returning?
Network World evaluated several Patch Management tools on March 3rd. =
PatchLink Update won the Blue Ribbon Award. Also, none of our customers =
were hit by Slammer. PatchLink Update's flexibility helped it best three =
other products tested.
Please see the attached link to read about our Blue Ribbon Award from =
Network World Fusion for Patch Management . =
http://www.nwfusion.com/reviews/2003/0303patchrev.html=20
Review:=20
Windows patch management tools
PatchLink Update's flexibility helped it best three other products =
tested.
By Mandy Andress, Network World Global Test Alliance
Network World, 03/03/03
With Microsoft releasing more than 230 security bulletins since the =
beginning of 2000 - most of those requiring some sort of corrective =
action to fix a hole in one of its Windows-based products - the numbers =
speak for themselves: Windows patch management in an enterprise =
environment is a nightmare.=20
We tested four stand-alone Windows patch management products - BigFix's =
Enterprise Suite, Gravity Storm Software's Service Pack Manager 2000, =
PatchLink's Update and Shavlik Technologies' HfNetChk Pro to find out if =
they improve patch deployment. (See "Not in the game" for declining =
vendors.)=20
Patch management tools should identify accurately which patches are =
missing on each system, provide an easy means to deploy patches and =
provide administrative reports tracking patch status across multiple =
machines.=20
The products we tested (see How we did it) attack the problem in two =
ways - with or without agent software. Agent-based products - such as =
those from PatchLink and BigFix - can greatly reduce network traffic by =
offloading processing and analysis to the target system, saving data =
until it needs to report to the central server. But they also force an =
administrator to manage software on all systems the product analyzes.=20
With agentless products - such as those from Shavlik and Gravity Storm - =
you don't have any distributed management issues, but whenever a scan is =
requested all tests and communications travel over the network. If =
scanning a domain with a large number of systems, the increase in =
network traffic can be quite significant.=20
PatchLink's Update 4.0 earned the Network World Blue Ribbon award for =
its ease of use, flexibility, automation and letting you easily create =
deployment packages.=20
PatchLink has two components - PatchLink Update Server and the agent. =
The Update Server is installed on a Windows 2000 Server with SP2 and =
Internet Information Server (IIS). The installation process sets up a =
Microsoft Data Engine (MSDE) database, which can be upgraded to a full =
SQL Server after installation. This upgrade is recommended for large =
organizations.=20
You easily can push the agents to targeted machines using the Agent =
Install Wizard, or agents can be installed during the logon process.=20
For management purposes, administrators connect to the PatchLink server =
through a Web interface, which lets you view reports, deploy packages, =
create packages and view system inventory.=20
PatchLink, the company, monitors Microsoft and other vendors, such as =
Citrix Systems and Adobe, for newly released patches. PatchLink =
engineers test the patches, put them into PatchLink's proprietary =
package format and deploy them to customers' local PatchLink servers =
through a periodic subscription-checking process, which occurs over =
Secure Sockets Layer at a time the administrator configures.=20
Administrators receive e-mail informing them of a new patch on the =
PatchLink server. If it is a critical patch, it also is downloaded to =
the Update Server on the customer's network. Noncritical patches will be =
downloaded at the administrator's request.=20
PatchLink automatically caches critical patches on the Update Server, a =
marked difference from BigFix and the agentless products. Caching =
patches is useful and the recent Sapphire/Slammer SQL Server worm proves =
the point. If a worm or other malicious act is taking place that slows =
down the Internet, how will administrators download patches to their =
critical servers? With cached patches, you already have the files at =
your location.=20
Best Regards,
Marty Armstrong
martya@patchlink.com
PatchLink Corporation
3370 N. Hayden Road
Suite 123-175
Scottsdale, AZ 85251
(P) 480-970-1025 Ext. 136
(F) 480-970-6323
<<http://www.patchlink.com/>>
PatchLink Update Awarded Blue Ribbion from Network World Fusion
For the article go to: =
http://www.nwfusion.com/reviews/2003/0303patchrev.html
PatchLink Update Receives Network Computing Editor's Choice Award for =
Patch Management
For the article go to: =
<<http://www.patchlink.com/media_room/nwc92002.pdf>>=20
-----Original Message-----
From: McBurnett, Jim [mailto:jmcburnett@msmgmt.com]
Sent: Tuesday, March 18, 2003 10:50 AM
To: nanog@merit.edu
Subject: Code red- Returning?
Has anyone out there noticed an increase in a Code-Red patterned virus?=20
I know about the Microsoft bug that came out yesterday/last night.=20
But I am seeing the same symptoms as Code Red,=20
800+ hits in the last 12 hours, from the same Class A network I am on.=20
The amount is increasing per hour..=20
It started with 50 the first hour and now it just about 150 an hour...=20
Thoughts?=20
thanks,=20
Jim=20
------_=_NextPart_001_01C2ED7D.77AB81FE
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<TITLE>Code red- Returning?</TITLE>
<META content=3D"MSHTML 6.00.2722.900" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D668153518-18032003><FONT face=3DArial color=3D#0000ff =
size=3D2>Marty,</FONT></SPAN></DIV>
<DIV><SPAN class=3D668153518-18032003><FONT face=3DArial color=3D#0000ff =
size=3D2>this=20
would be great news, IF I wasn't the victim..</FONT></SPAN></DIV>
<DIV><SPAN class=3D668153518-18032003><FONT face=3DArial color=3D#0000ff =
size=3D2>I did=20
read the article when I got my NW Fusion this =
month..</FONT></SPAN></DIV>
<DIV><SPAN class=3D668153518-18032003><FONT face=3DArial color=3D#0000ff =
size=3D2>This=20
needs to go to the folks who are infected...</FONT></SPAN></DIV>
<DIV><SPAN class=3D668153518-18032003><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D668153518-18032003><FONT face=3DArial color=3D#0000ff =
size=3D2>Is=20
this the correct place for an Advertisement?</FONT></SPAN></DIV>
<DIV><SPAN class=3D668153518-18032003><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D668153518-18032003><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D668153518-18032003><FONT face=3DArial color=3D#0000ff =
size=3D2>Jim</FONT></SPAN></DIV>
<DIV><SPAN class=3D668153518-18032003><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px =
solid; MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Marty Armstrong=20
[mailto:MartyA@patchlink.com]<BR><B>Sent:</B> Tuesday, March 18, 2003 =
12:57=20
PM<BR><B>To:</B> McBurnett, Jim<BR><B>Cc:</B>=20
nanog@merit.edu<BR><B>Subject:</B> RE: Code red-=20
Returning?<BR><BR></FONT></DIV>
<DIV>
<P><FONT size=3D2>Network World evaluated several Patch Management =
tools on=20
March 3rd. PatchLink Update won the Blue Ribbon Award. Also, none of =
our=20
customers were hit by Slammer. PatchLink Update's flexibility helped =
it best=20
three other products tested.</FONT></P>
<P><FONT size=3D2></FONT></P>
<P><FONT size=3D2>Please see the attached link to read about our Blue =
Ribbon=20
Award from Network World Fusion for Patch Management . <A=20
=
href=3D"http://www.nwfusion.com/reviews/2003/0303patchrev.html">http://ww=
w.nwfusion.com/reviews/2003/0303patchrev.html</A><SPAN=20
class=3D718525417-18032003> </SPAN></FONT></P>
<P><FONT size=3D2></FONT></P>
<P><FONT size=3D2></FONT></P>
<P><FONT size=3D2>Review: </FONT></P>
<P><FONT size=3D2>Windows patch management tools</FONT></P>
<P><FONT size=3D2>PatchLink Update's flexibility helped it best three =
other=20
products tested.</FONT></P>
<P><FONT size=3D2>By Mandy Andress, Network World Global Test=20
Alliance</FONT></P>
<P><FONT size=3D2>Network World, 03/03/03</FONT></P>
<P><FONT size=3D2>With Microsoft releasing more than 230 security =
bulletins=20
since the beginning of 2000 - most of those requiring some sort of =
corrective=20
action to fix a hole in one of its Windows-based products - the =
numbers speak=20
for themselves: Windows patch management in an enterprise environment =
is a=20
nightmare. </FONT></P>
<P><FONT size=3D2>We tested four stand-alone Windows patch management =
products -=20
BigFix's Enterprise Suite, Gravity Storm Software's Service Pack =
Manager 2000,=20
PatchLink's Update and Shavlik Technologies' HfNetChk Pro to find out =
if they=20
improve patch deployment. (See "Not in the game" for declining =
vendors.)=20
</FONT></P>
<P><FONT size=3D2>Patch management tools should identify accurately =
which=20
patches are missing on each system, provide an easy means to deploy =
patches=20
and provide administrative reports tracking patch status across =
multiple=20
machines. </FONT></P>
<P><FONT size=3D2></FONT></P>
<P><FONT size=3D2>The products we tested (see How we did it) attack =
the problem=20
in two ways - with or without agent software. Agent-based products - =
such as=20
those from PatchLink and BigFix - can greatly reduce network traffic =
by=20
offloading processing and analysis to the target system, saving data =
until it=20
needs to report to the central server. But they also force an =
administrator to=20
manage software on all systems the product analyzes. </FONT></P>
<P><FONT size=3D2>With agentless products - such as those from Shavlik =
and=20
Gravity Storm - you don't have any distributed management issues, but =
whenever=20
a scan is requested all tests and communications travel over the =
network. If=20
scanning a domain with a large number of systems, the increase in =
network=20
traffic can be quite significant. </FONT></P>
<P><FONT size=3D2><STRONG>PatchLink's Update 4.0 earned the Network =
World Blue=20
Ribbon award for its ease of use, flexibility, automation and letting =
you=20
easily create deployment packages. </STRONG></FONT></P>
<P><FONT size=3D2>PatchLink has two components - PatchLink Update =
Server and the=20
agent. The Update Server is installed on a Windows 2000 Server with =
SP2 and=20
Internet Information Server (IIS). The installation process sets up a=20
Microsoft Data Engine (MSDE) database, which can be upgraded to a full =
SQL=20
Server after installation. This upgrade is recommended for large=20
organizations. </FONT></P>
<P><FONT size=3D2>You easily can push the agents to targeted machines =
using the=20
Agent Install Wizard, or agents can be installed during the logon =
process.=20
</FONT></P>
<P><FONT size=3D2>For management purposes, administrators connect to =
the=20
PatchLink server through a Web interface, which lets you view reports, =
deploy=20
packages, create packages and view system inventory. </FONT></P>
<P><FONT size=3D2>PatchLink, the company, monitors Microsoft and other =
vendors,=20
such as Citrix Systems and Adobe, for newly released patches. =
PatchLink=20
engineers test the patches, put them into PatchLink's proprietary =
package=20
format and deploy them to customers' local PatchLink servers through a =
periodic subscription-checking process, which occurs over Secure =
Sockets Layer=20
at a time the administrator configures. </FONT></P>
<P><FONT size=3D2>Administrators receive e-mail informing them of a =
new patch on=20
the PatchLink server. If it is a critical patch, it also is downloaded =
to the=20
Update Server on the customer's network. Noncritical patches will be=20
downloaded at the administrator's request. </FONT></P>
<P><FONT size=3D2>PatchLink automatically caches critical patches on =
the Update=20
Server, a marked difference from BigFix and the agentless products. =
Caching=20
patches is useful and the recent Sapphire/Slammer SQL Server worm =
proves the=20
point. If a worm or other malicious act is taking place that slows =
down the=20
Internet, how will administrators download patches to their critical =
servers?=20
With cached patches, you already have the files at your location. =
</FONT></P>
<P><FONT size=3D2></FONT></P>
<P><FONT size=3D2>Best Regards,</FONT></P>
<P><FONT size=3D2></FONT></P>
<P><FONT size=3D2>Marty Armstrong</FONT></P>
<P><FONT size=3D2></FONT></P>
<P><FONT size=3D2>martya@patchlink.com</FONT></P>
<P><FONT size=3D2>PatchLink Corporation</FONT></P>
<P><FONT size=3D2>3370 N. Hayden Road</FONT></P>
<P><FONT size=3D2>Suite 123-175</FONT></P>
<P><FONT size=3D2>Scottsdale, AZ 85251</FONT></P>
<P><FONT size=3D2>(P) 480-970-1025 Ext. 136</FONT></P>
<P><FONT size=3D2>(F) 480-970-6323</FONT></P>
<P><FONT size=3D2><<http://www.patchlink.com/>></FONT></P>
<P><FONT size=3D2></FONT></P>
<P><FONT size=3D2>PatchLink Update Awarded Blue Ribbion from Network =
World=20
Fusion</FONT></P>
<P><FONT size=3D2>For the article go to:=20
http://www.nwfusion.com/reviews/2003/0303patchrev.html</FONT></P>
<P><FONT size=3D2>PatchLink Update Receives Network Computing Editor's =
Choice=20
Award for Patch Management</FONT></P>
<P><FONT size=3D2>For the article go to:=20
<<http://www.patchlink.com/media_room/nwc92002.pdf>>=20
</FONT></P></DIV>
<BLOCKQUOTE=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px =
solid">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> McBurnett, Jim=20
[mailto:jmcburnett@msmgmt.com]<BR><B>Sent:</B> Tuesday, March 18, =
2003 10:50=20
AM<BR><B>To:</B> nanog@merit.edu<BR><B>Subject:</B> Code red-=20
Returning?<BR><BR></FONT></DIV><!-- Converted from text/rtf format =
-->
<P><FONT face=3DArial size=3D2>Has anyone out there noticed an =
increase in a=20
Code-Red patterned virus?</FONT> <BR><FONT face=3DArial size=3D2>I =
know about=20
the Microsoft bug that came out yesterday/last night.</FONT> =
<BR><FONT=20
face=3DArial size=3D2>But I am seeing the same symptoms as Code =
Red,</FONT>=20
<BR><FONT face=3DArial size=3D2>800+ hits in the last 12 hours, from =
the same=20
Class A network I am on.</FONT> <BR><FONT face=3DArial size=3D2>The =
amount is=20
increasing per hour..</FONT> <BR><FONT face=3DArial size=3D2>It =
started with 50=20
the first hour and now it just about 150 an hour...</FONT> </P>
<P><FONT face=3DArial size=3D2>Thoughts?</FONT> </P>
<P><FONT face=3DArial size=3D2>thanks,</FONT> <BR><FONT face=3DArial =
size=3D2>Jim</FONT> </P><BR></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------_=_NextPart_001_01C2ED7D.77AB81FE--
