funsec mailing list archives
RE: MS MSRT
From: "Todd Towles" <toddtowles () brookshires com>
Date: Fri, 3 Feb 2006 09:09:24 -0600
DrSolly wrote:
Should they have released it if the infection rate was just a few thousand?
If it was ready to be released, why not? The MSRT is really geard toward the clueless public, IMHO. They don't know if it is release yesterday, today or on Black Tuesday. But they do know if they data is gone. As you said, most corporates don't use auto updates and therefore any non-patch release shouldn't make much of a wave at all.
It's always a judgement call whether to do an extra release, because it will put some people to a certain amount of trouble (I'm guessing that corporates won't let patches auto-install, but would want to test that they don't break something imortant before rolling them out). You might do an extra release if there's strong evidence of a widespread problem. But in this case, there wasn't strong evidence - am I right in thinking that all the AV companies rate this as a minor threat, and it's only the Blackworm Task Force that is the driving force behind the publicity?
I know OneCare called it "moderate"...the spread isn't very big but the damage threat is pretty big. I wouldn't release the MSRT either if a new worm was released that just opened notepad and was spread to one million people..but Blackworm can do real damage. Destructive payload appear to be more rare as well. -Todd _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: MS MSRT Todd Towles (Feb 03)
- RE: MS MSRT Drsolly (Feb 03)
- <Possible follow-ups>
- RE: MS MSRT Todd Towles (Feb 03)
- RE: MS MSRT Randy Abrams (Feb 03)
- RE: MS MSRT Todd Towles (Feb 03)
- RE: MS MSRT Gregory Hicks (Feb 03)