Thursday, January 22, 2009

In face of Conficker, the crowd...

...rushes to lynch MS.

Ugh. My inbox was hammered today (okay, truth be told...I got like 2 emails...) with the news that USCERT had found that MS's recommendations for disabling AutoRun/AutoPlay functionality, to protect systems in the face of Conficker infections, fell short and just didn't work.

So I was reading USCERT Alert TA09-020A this morning, and the first thing I noticed was that it was dated 20 Jan 2009. Interestingly enough, I'd blogged about this on 5 Dec 2008.

The next thing I noticed was that the Overview statement clearly said that MS's recommendations were "not fully effective", and then went on to describe why...and then buried way down at the bottom of the alert was the update (presumably from 21 Jan 2009) that mentions MS KB953252.

What's funny is that ComputerWorld jumped on the bandwagon...but the absence of any mention of the update to the USCERT alert was glaringly obvious.

This must be that Fog of War that my instructors always talked about...it looks to me as if in the battle against Conficker/Downadup, a bunch of the folks that should be helping and working together are content to point out each others faults. It's also interesting to me that while USCERT and ComputerWorld are busy pointing out MS's flaws, who's helping customers who should've patched against MS08-067 back in October or November? Oh, wait...that's folks like me... ;-)

1 comment:

Extremesecurity said...

Did Downadup/conficker attack your network? I've created a batch file for system administrators to clean/patch/cure infected systems in their networks.

check it out here:

http://extremesecurity.blogspot.com/2009/01/beat-downadupconficker-like-pro-my.html