[61918] in North American Network Operators' Group
Re: Microsoft distributes free CDs in Japan to patch Windows
daemon@ATHENA.MIT.EDU (Petri Helenius)
Tue Sep 9 15:22:47 2003
Date: Tue, 09 Sep 2003 22:21:59 +0300
From: Petri Helenius <pete@he.iki.fi>
To: Jack Bates <jbates@brightok.net>
Cc: Sean Donelan <sean@donelan.com>, Ray Wong <rayw@rayw.net>,
nanog@merit.edu
In-Reply-To: <3F5E260F.2010609@brightok.net>
Errors-To: owner-nanog-outgoing@merit.edu
Jack Bates wrote:
>
> I fully expect malicious code and even users to disable the handshake.
> That's fine. If a user happens to become infected, then they can be
> suspended or transfered to *must* perform handshake.
>
> Not everyone uses antivirus software. Not everyone will patch the
> security holes in their current software. Many would object to having
> to perform patches and delay their Internet surfing. Yet with such a
> protocol, a way could be provided for allowing a user to establish a
> connection which only allows them to fix their system without the
> outside world able to attack them and vice versa. Once patched, the
> system would recognize them as patched and allow full IP connectivity.
>
> Imagine how nice it would be if someone buying an XP machine this
> morning could actually connect to the Internet, patch their system,
> and be able to use the Internet without ever having their RPC
> exploited. If a user is infected with a virus, wouldn't it be nice if
> they could purchase A/V software and then be able to perform updates
> and clean their system without causing any harm to the network?
>
I would like to see such functionality to be used for good purposes like
you provide. However,
since the world has itīs share of people who block ICMP because itīs all
evil and break PMTU
and other similar things, this technology should be deployed with
caution to avoid collateral damage.
Who picks up the bill if a windows machine across a DSL line gets
infected, you apply filters to the
connection and subsequently block the E911 VoIP call from the same subnet?
Pete
