Re: [ActiveDir] worm/bot issues

[Jason B]

Good question - and one I've thought about often myself.  It would stand to 
reason though, that there's a "lag" between the time that a virus/explot is 
"released" and the time it takes Symantec/Microsoft/etc, to release a 
fix/update for it - especially since many of the AV companies depend on 
end-users providing data on new viruses to them.

----- Original Message ----- 
From: "Kern, Tom" <[EMAIL PROTECTED]>
To: "ActiveDir (E-mail)" <ActiveDir@mail.activedir.org>
Sent: Wednesday, March 02, 2005 8:51 AM
Subject: [ActiveDir] worm/bot issues

Hi all, i have users that keep getting infected with a worm Symantec calls 
"W32.Spybot.KHO". The thing keeps coming back unless you disable file and 
print sharing.
The thing I don't understand is that all my clients(winxp) virus defs are up 
to date and they are all patched. I use SUS and push out patches on a 
regular basis. I even ran MS baseline security analyzer on the infected 
boxes and they come up good for up to datedness.
I don't really understand how an up to date patched pc can become infected 
over and over.
according to Symantec, the holes that this thing exploits, i've had covered 
awhile ago.
is it possible to be patched and up to date and STILL get infected?
is there anyway out of this quagmire?
thanks
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/