> -----Original Message----- > From: Gary Flynn [mailto:[EMAIL PROTECTED] > Sent: Friday, September 26, 2003 8:06 AM > To: '[EMAIL PROTECTED]' > Subject: Re: [Full-Disclosure] RE: Probable new MS DCOM RPC > worm for Windo ws > > > I would think a better way of determining if a patch is > actually installed on a system is by examining the files on > the system rather than to depend upon symptoms (scanners) or > installation logs (registry entries).
True, but *I'm* not going to physically touch (or even virtually touch) 2000+ machines looking at file properties. Are you? Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
