Microsoft distributes free CDs in Japan to patch Windows
Petri Helenius
pete at he.iki.fi
Tue Sep 9 19:21:59 UTC 2003
Jack Bates wrote:
>
> I fully expect malicious code and even users to disable the handshake.
> That's fine. If a user happens to become infected, then they can be
> suspended or transfered to *must* perform handshake.
>
> Not everyone uses antivirus software. Not everyone will patch the
> security holes in their current software. Many would object to having
> to perform patches and delay their Internet surfing. Yet with such a
> protocol, a way could be provided for allowing a user to establish a
> connection which only allows them to fix their system without the
> outside world able to attack them and vice versa. Once patched, the
> system would recognize them as patched and allow full IP connectivity.
>
> Imagine how nice it would be if someone buying an XP machine this
> morning could actually connect to the Internet, patch their system,
> and be able to use the Internet without ever having their RPC
> exploited. If a user is infected with a virus, wouldn't it be nice if
> they could purchase A/V software and then be able to perform updates
> and clean their system without causing any harm to the network?
>
I would like to see such functionality to be used for good purposes like
you provide. However,
since the world has it´s share of people who block ICMP because it´s all
evil and break PMTU
and other similar things, this technology should be deployed with
caution to avoid collateral damage.
Who picks up the bill if a windows machine across a DSL line gets
infected, you apply filters to the
connection and subsequently block the E911 VoIP call from the same subnet?
Pete
More information about the NANOG
mailing list