RE: New Virus Expected to hit today (fwd)

I've got a user that does extensive programming in Virtual PC. We've
struggled in trying to make sure that her Virtual PC is up to date to
prevent it from being nailed by all these worms.

She found out from Microsoft that the KB835732 fix, which plugs up the
Sasser worm hole, breaks W2K in Virtual PC. Now our issue of course is
that in order to use Virtual PC she'll have to go without this fix. How
vulnerable is she?

Does the Apple firewall create any protection for her in Virtual PC?

-Michelle

====
Michelle Bautista
510-643-0657
Department Onsite Computing Support (DOCS)
U.C. Berkeley

---------- Forwarded message ----------
Date: Tue, 27 Jul 2004 19:00:51 -0700
From: Ellen England <Ellen.England@ucop.edu>
Subject: RE: New Virus Expected to hit today

Hi Justin,
Remember this thread? I've gotten a new PowerBook at home, and I
installed Virtual PC on it, so I've been through this same issue again.
I've finally gotten some answers though, after hours of research and
paying $35 to Bill Gates, and installing and backing out over and over
again. It turns out it is specifically the KB835732 fix that breaks
Windows 2000, running under VPC.

I would like to back out all my VPC stuff on my iMac here and start over
from scratch at some point, and apply all the critical system updates
EXCEPT for that one. However, that leaves me vulnerable to the Sasser
worm. I think (I hope) it's not an issue at home because my Mac/VPC is
behind the Airport firewall. But what about here? Would that impose too
much of a threat?

The Microsoft help desk didn't even know about this, despite people in
VPC newsgroups saying it has been reported to MS...I found out about it
by poking around on the internet. I think it's scandalous that this
problem exists and MS is not pursuing it. There must be lots of people
out there using VPC, and they emphasize that you need to be protected
from viruses, but then when you run their fix it creams your system.

Let me know if you think it's too dangerous to run a system without
protection from Sasser.

Any comments or advice from any of you other Mac people?
Thanks,
Ellen

      Yeah, send me the screen capture if you can, I have no idea
      why this is happening.

      -Justin

      -----Original Message-----
      From: Ellen England [mailto:Ellen.England@ucop.edu]
      Sent: Tuesday, May 04, 2004 3:33 PM
      To: sarnoski@berkeley.edu
      Subject: RE: New Virus Expected to hit today

      Hi Justin,

      Well I applied the KB835732 Update and it did its
      Crash/Restart dance over and over. This time however I was
      able to revert to the previous system (before the Update) so
      I'm back up and running. However, how do I apply the fix
      now??

      I was able to capture the screen that reported what the
      problem is--it may not contain anything you don't already
      know, but I'll attach it in case it provides any clues.

      Help!

      Ellen

            I was wondering the same thing!

            Actually the best bet is to install the fix for
            this particular bug (fix # KB835732), without
            installing the full service pack that has been
            crashing your system.

            The Sasser worm bug fix can be found, downloaded,
            and run from Microsoft at:

http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB
            -D2342FBB6C00&displaylang=en

            (the executable link is on the right side)

            However, make sure you save the VPC before
            installing this fix, maybe it was this small fix
            that was looping it!

            Thanks,

            -Justin

            -----Original Message-----
            From: Ellen England
            [mailto:Ellen.England@ucop.edu]
            Sent: Tuesday, May 04, 2004 1:43 PM
            To: sarnoski@berkeley.edu
            Subject: Re: New Virus Expected to hit today

            Hi Justin,

            I'm looking for some advice about running the
            Update on my VPC. As you know, the last Update
            we tried to run left my Windows in an endless
            loop of crashing and restarting, so I'm nervous
            about applying more Updates. I know I need to
            deal with the worm though, so what do you suggest
            I do?

            Thanks,

            Ellen

            Attention CDL Staff,

                  The "Sasser" worm that takes
                  advantage of a new exploit in the
                  Microsoft Windows operating system is
                  on the loose and is expected to
                  circulate around the network during
                  the next few days. More information
                  is available at http://www.sarc.com

                  To guard against this threat please
                  make sure your Windows computers are
                  fully updated by navigating to
                  http://v4.windowsupdate.microsoft.com/en/default.asp
                  and clicking on "Scan for Updates".

                  Please contact the DOCS Staff at
                  510-987-0506 if you have any
                  questions or require help in updating
                  your system.

                  Thank you,

                  Departmental On-site Computing
                  Support

                  cdlib-help@socrates.Berkeley.edu

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.
Received on Wed Jul 28 09:16:48 2004