Re: Code Red 2 cleanup; reporting..

[Rafi Sadowsky <rafi-nanog () meron openu ac il>]

 AFAIK ( Not that I'm a W2K expert )
W2K pro comes with IIS installed but but with the service disabled

 Unfortunately it seems that some SW installs enable IIS and/or the
restore/recreate the .idq/.ida mappings without asking(or even notifying)
(which is why removing those mappings isn't a replacement for the patch :-(  )

-       Rafi

On Fri, 10 Aug 2001, Steven M. Bellovin wrote:

> In message <EA9368A5B1010140ADBF534E4D32C728025B06 () condor mhsc com>, Roeland Me
> yer writes:
>
> > > So -- if he wasn't running IIS, what was he running?
> >
> > Win2K boxen are ALWAYS running IIS. It doesn't matter whether you have Pro
> > or Server. ALL Win2K systems need to run the patch. MSFT chose to integrate
> > much of the IIS stuff into DLLs with other system critical stuff. As a
> > result, IIS can't be completely removed without killing off other critical
> > functions. Yes, what they proved in court is even more true with Win2K than
> > with Win98 (Duh! MSFT didn't lie, but they didn't tell the whole truth
> > either). WinXP is even more in that direction, from all reports.
>
> I think you're confusing IIS with Internet Explorer.  And Microsoft
> denies that it's installed by default on Win2K Professional -- see
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp
> XP Beta 2 does have IIS by default; XP RC1 and RC2 do not.
>
> I can't be sure they're telling the whole truth; I can tell you that
> the two Win2K boxes I sometimes use are not listening to anything on
> port 80.
>
> > BTW, is any motion happening, in the direction of finding the author(s)? I'd
> > like to personally thank them, with a new neck-tie. The other end is
> > attached to a huge California oak tree.
> Not that I've heard.
>
>               --Steve Bellovin, http://www.research.att.com/~smb