OT: New Virus?

[Richard]

Actually this worm hit a lot of large corporate sites, but they will never let you know due to the PR hit. Working where I do I know my workplace was hit, and since we deal with a lot of other large corporations, I know that they were hit. Luckily we stopped in the user lan before it got into real production.

[Atrocities]

In the last year I have been issued at least six replacement visa cards, visa check cards, and one master card because of worms and hacking successes at banks and bank reciept processing centers. They tell you about it weeks after it happens. Only once was my checking and saving account plunder, and that was back in Nov 2002 and that is still under investigation.

[Thermodyne]

Quote:

Richard said:
Actually this worm hit a lot of large corporate sites, but they will never let you know due to the PR hit. Working where I do I know my workplace was hit, and since we deal with a lot of other large corporations, I know that they were hit. Luckily we stopped in the user lan before it got into real production.

I guess the question would be: Why were you hit?

WSUS is free, and it manages patches quite well.

[Richard]

Quote:

Thermodyne said:

Quote:

I guess the question would be: Why were you hit?

WSUS is free, and it manages patches quite well.

Ask the security guys, I work on the application side not in the general IT side.

But to be honest it's more complex in a big IT shop because there are a ton of applications that have to be carefully tested before patches can be applied. The IT folks have Altiris to push down patches, so that isn't a problem, but you can't patch a machine that is running a lot of complex applications that can vary from in house to 3rd party without certification. This can take awhile, and when they have immediately patched in the past it's actually done more harm then just pushing the patches down immediately.

I am sure there are ways to speed the process up, but not that much.

The real solution is to stop putting mission critical applications on wintel, which is something we are slowly moving towards .

[Thermodyne]

You answered my question. Altiris is not worth what it costs if it was bought at 50% off. Our parent agency runs it and they were hit. We passed on it and were not touched. And we manage a 100+ more systems with a 1/3 of the staff they have. The best thing we have done is to put an update test team in place. We test patches and usually push them out in <24 hours. The test team has a person from the network staff, one of the programmers, and the DBA. We are usually done in a few hours. We also have eliminated a lot of the off brand systems and apps that were in place to basically allow people use what they personally preferred. All of the db’s are on SQL now, and the systems are all x86 with 2k, 03 or XP with the exception of one mainframe that still runs UNIX. [The dinosaur that refuses to die. And keeps two programmers plus a computer operator employed doing basically nothing ] We expected to save some man hours, but we were pleasantly surprised at how much money we saved last physical year. Even though MS runs us about $35 a seat, we were spending $1000s just to keep a few people happy. And we used to spend 10s of thousands on Citrix so that we could keep older systems in service, along with more $1000s to maintain service contracts on same older hardware. And never had any money left in the budget for new hardware. Now we replace it as it goes out of warrantee and spend 0 on service contracts and 0 on Citrix. We actually had money left over to purchase spares at the end of last year. Third party support apps and service contracts are vampires that suck the life out of networks. But it’s hard to convince people that they can do it better and more cost effectively in house.