Security Patches - Dave Patrick (or anyone) ?

  • Thread starter Thread starter Crazy Horse
  • Start date Start date
C

Crazy Horse

Dave-

(the intro here is a little long... but it does lead to an IMPORTANT
QUESTION)...

Well, the importance of your comments (below) has just come home to me,
in more or less *stark* fashion...

I had successfully gotten my Windows 2000 laptop online, when not long
into the session, I received a pop-up message on my screen (not a browser
pop-up, but some kind of immediate (I assume, TCP/IP) message. It
appeared to be an ad from some kind of diploma mill, or whatever. I
didn't click [Okay], but rather the [X] to close the window.

Shorty thereafter, I received another (IP?) pop-up message, this one
allegedly from Microsoft, warning me of security holes within my W2k's
message handling software; it described the affected systems
(essentially, everything newer than Millennium) and stated that *my*
system, specifically, was affected and that I should go to (I believe)
www.windowspatch.com for more information. This time I may have clicked
[Okay] to close this message.

Anyway, having spent the last 8 years on W'95 and *never* having gotten
this type of message before, I found it to be rather unnerving, to say
the least. So, here's what I've done, just to be on the safe side: I've
returned to the W2k installation procedure and have reformatted my HDD as
a single partition. Next, I'll repartition my drive into three (as
before) and start over again from scratch.¹

*** IMPORTANT QUESTION ***
When I repartition my HDD, the procedure reserves 8 MB for boot menu
information -- an area that I apparently cannot change. HERE'S MY BIG
CONCERN... is it possible that (during my brief unprotected exposure to
the Internet) this 8-MB area (or some other boot-sector-related area of
my HDD) became infected? I'm hoping the answer is "No"... but if it's
"Yes", are there any measures I can take (short of installing a new
hard drive) to undo any possible infection?

I'm grateful for your help (and obviously, somewhat paranoid!)...
_______
-CH
¯¯¯¯¯¯¯
______________________
1. Actually, I had other reasons to do this anyway, since W2k was already
behaving a bit flakey, and I wasn't sure if I had a good "Last known good
configuration" to reboot from.
On my next go-around, after installing W2k, I will apply all service
packs before any additional software loading and/or configuration...
*and* I will install all known, required security patches before I
connect to the 'Net.
 
Greetings --

This type of spam has become quite common over the past several
months, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you may well be open to other threats, such as the Blaster, Welchia,
and Sasser Worms that recently swept cross the Internet. Install and
use a decent, properly configured firewall. (Merely disabling the
messenger service, as some people recommend, only hides the symptom,
and does little or nothing to truly secure your machine.) And
ignoring or just "putting up with" the security gap represented by
these messages is particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH


Dave-

(the intro here is a little long... but it does lead to an IMPORTANT
QUESTION)...

Well, the importance of your comments (below) has just come home to
me,
in more or less *stark* fashion...

I had successfully gotten my Windows 2000 laptop online, when not long
into the session, I received a pop-up message on my screen (not a
browser
pop-up, but some kind of immediate (I assume, TCP/IP) message. It
appeared to be an ad from some kind of diploma mill, or whatever. I
didn't click [Okay], but rather the [X] to close the window.

Shorty thereafter, I received another (IP?) pop-up message, this one
allegedly from Microsoft, warning me of security holes within my W2k's
message handling software; it described the affected systems
(essentially, everything newer than Millennium) and stated that *my*
system, specifically, was affected and that I should go to (I believe)
www.windowspatch.com for more information. This time I may have
clicked
[Okay] to close this message.

Anyway, having spent the last 8 years on W'95 and *never* having
gotten
this type of message before, I found it to be rather unnerving, to say
the least. So, here's what I've done, just to be on the safe side:
I've
returned to the W2k installation procedure and have reformatted my HDD
as
a single partition. Next, I'll repartition my drive into three (as
before) and start over again from scratch.¹

*** IMPORTANT QUESTION ***
When I repartition my HDD, the procedure reserves 8 MB for boot menu
information -- an area that I apparently cannot change. HERE'S MY BIG
CONCERN... is it possible that (during my brief unprotected exposure
to
the Internet) this 8-MB area (or some other boot-sector-related area
of
my HDD) became infected? I'm hoping the answer is "No"... but if it's
"Yes", are there any measures I can take (short of installing a new
hard drive) to undo any possible infection?

I'm grateful for your help (and obviously, somewhat paranoid!)...
_______
-CH
¯¯¯¯¯¯¯
______________________
1. Actually, I had other reasons to do this anyway, since W2k was
already
behaving a bit flakey, and I wasn't sure if I had a good "Last known
good
configuration" to reboot from.
On my next go-around, after installing W2k, I will apply all
service
packs before any additional software loading and/or configuration...
*and* I will install all known, required security patches before I
connect to the 'Net.
 
Since it's unpartitioned you should be relatively safe from infection. Your
anti-virus software should have come with boot disks or a bootable CD-Rom to
allow you to scan for boot sector virus.

http://support.microsoft.com/?kbid=293281

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect


:
Dave-

(the intro here is a little long... but it does lead to an IMPORTANT
QUESTION)...

Well, the importance of your comments (below) has just come home to me,
in more or less *stark* fashion...

I had successfully gotten my Windows 2000 laptop online, when not long
into the session, I received a pop-up message on my screen (not a browser
pop-up, but some kind of immediate (I assume, TCP/IP) message. It
appeared to be an ad from some kind of diploma mill, or whatever. I
didn't click [Okay], but rather the [X] to close the window.

Shorty thereafter, I received another (IP?) pop-up message, this one
allegedly from Microsoft, warning me of security holes within my W2k's
message handling software; it described the affected systems
(essentially, everything newer than Millennium) and stated that *my*
system, specifically, was affected and that I should go to (I believe)
www.windowspatch.com for more information. This time I may have clicked
[Okay] to close this message.

Anyway, having spent the last 8 years on W'95 and *never* having gotten
this type of message before, I found it to be rather unnerving, to say
the least. So, here's what I've done, just to be on the safe side: I've
returned to the W2k installation procedure and have reformatted my HDD as
a single partition. Next, I'll repartition my drive into three (as
before) and start over again from scratch.¹

*** IMPORTANT QUESTION ***
When I repartition my HDD, the procedure reserves 8 MB for boot menu
information -- an area that I apparently cannot change. HERE'S MY BIG
CONCERN... is it possible that (during my brief unprotected exposure to
the Internet) this 8-MB area (or some other boot-sector-related area of
my HDD) became infected? I'm hoping the answer is "No"... but if it's
"Yes", are there any measures I can take (short of installing a new
hard drive) to undo any possible infection?

I'm grateful for your help (and obviously, somewhat paranoid!)...
_______
-CH
¯¯¯¯¯¯¯
______________________
1. Actually, I had other reasons to do this anyway, since W2k was already
behaving a bit flakey, and I wasn't sure if I had a good "Last known good
configuration" to reboot from.
On my next go-around, after installing W2k, I will apply all service
packs before any additional software loading and/or configuration...
*and* I will install all known, required security patches before I
connect to the 'Net.
 
Bruce-

mputer, and
is this helpful?
Click to expand...
----------------------
Very much so... meant to thank you earlier... but it slipped through the
cracks (in my mind!).

Thanks again.
_______
-CH
¯¯¯¯¯¯¯
 
Back
Top