[21744] in bugtraq
RE: Mitigating some of the effects of the Code Red worm
daemon@ATHENA.MIT.EDU (Linda Custer)
Fri Jul 20 17:27:17 2001
From: "Linda Custer" <custer@alum.mit.edu>
To: <bugtraq@securityfocus.com>, <security@microsoft.com>
Date: Fri, 20 Jul 2001 15:42:05 -0400
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA3MuOCsCl0hG55wCgzCWyoIKBAAAQAAAAVRV9JgRjgke+He2E/GE6zwEAAAAA@alum.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
In-Reply-To: <Pine.GSO.4.30.0107200025590.679-100000@mail>
Microsoft has been so good about locking people out of using Windows XP
and Office XP if they don't activate their product. How about locking
people out of using IIS if they don't keep their patches up to date.
Microsoft has the technology to expire unpatched versions, say, every
30-to-60 days. These computers would then revert to "reduced
functionality" mode where they couldn't connect to the Internet.
-----Original Message-----
From: Ryan Russell [mailto:ryan@securityfocus.com]
Sent: Friday, July 20, 2001 02:45
To: LARD BENJAMIN LEE
Cc: BUGTRAQ
Subject: Re: Mitigating some of the effects of the Code Red worm
...
Having done my usual lecturing, I will say that this is the first time
I've even been willing to entertain the idea of a good worm... I just
don't know what else can fix a problem of this scale. You will never,
ever come to agreement on how it should be done. Either some government
will decide for you, or some hacker who is willing to take one for the
team. I'm not real comfortable with either of those two setting policy
for the Internet.
Ryan
