|
Home > Archive > IIS Server Security > May 2004 > ** READ THIS BEFORE POSTING - answers to frequently asked questions 2004.05.14
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
** READ THIS BEFORE POSTING - answers to frequently asked questions 2004.05.14
|
|
| Karl Levinson [x y] mvp 2004-05-14, 12:51 pm |
| Before you post a question to a Microsoft.public.*.security newsgroup, note
that your question may already be answered below:
Answers to Top Frequently Asked Questions:
http://securityadmin.info
I'm getting an LSASS error message, and/or I have the Sasser virus.
1) Run anti-virus that is configured to download the latest updates every
week or even every day. www.grisoft.com is free anti-virus.
2) You also need to install all the patches for your system software from
http://windowsupdate.microsoft.com, starting with the MS04-011 patch.
Microsoft generally releases security patches on the second Tuesday of more
or less every month. [Theh MS04-011 patch is also available here:
http://www.microsoft.com/technet/se...n/ms04-011.mspx
.... though you still want to visit the Windows Update site to get all
patches.]
3) Once you're infected, you may need to download and run a free Sasser
virus removal tool such as the Stinger tool from www.McAfee.com or the free
tool from http://www.microsoft.com/security/incident/sasser.asp
4) You're not running a firewall, or your firewall isn't protecting you.
Running a firewall would have protected you from this. Free firewall
software is available from www.kerio.com, www.zonealarm.com and/or
www.sygate.com
5) You need to do ALL of these things, or you won't have much success.
You should also make sure you get the latest Microsoft patches monthly and
anti-virus updates at least weekly.
My question is not mentioned below. How do I get an answer immediately,
with no waiting?
http://securityadmin.info/faq.htm#moreinfo
See also: http://www.google.com/groups?as_ugr...rosoft.public.*
See also: http://www.google.com/advanced_group_search
See also: http://www.google.com
I want to post a problem or question to the newsgroup. What info do I need
to post in order to get a correct answer quickly?
http://securityadmin.info/faq.htm#netiquette
I just heard about a new Microsoft security patch update. Where can I get
the patch?
http://windowsupdate.microsoft.com OR
http://www.microsoft.com/technet/security/current.asp
I just installed a Microsoft security patch update, and now my computer is
having problems.
http://securityadmin.info/faq.htm#patchbroke
I received an email from Microsoft / Microsoft Support / Microsoft Internet
Security Center claiming to be a security patch [or comprehensive Internet
Explorer update]. Is this a virus?
http://securityadmin.info/faq.htm#microsoftemail
ALSO NOTE: www.grisoft.com is free antivirus, USE IT.
I received a virus email from a Microsoft email address. Who do I report
this to?
http://securityadmin.info/faq.htm#microsoftemail
I have the RPC Blaster worm "virus," what do I do?
http://www.microsoft.com/security/incident/blast.asp
ALSO NOTE: www.grisoft.com is free antivirus, USE IT.
My computer is giving RPC Remote Procedure Call messages.
There is a TFTP message or file on my computer.
My computer keeps locking up, and/or rebooting, or telling me that it will
reboot in 1 minute.
http://www.microsoft.com/security/incident/blast.asp
ALSO NOTE: www.grisoft.com is free antivirus, USE IT.
Where can I download the Blaster worm / RPC DCOM patch?
http://windowsupdate.microsoft.com OR
http://www.microsoft.com/technet/security/current.asp
I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I
want to replace this file.
http://securityadmin.info/faq.htm#jdbgmgr
I forgot my Windows logon password and can't log in. How do I reset it?
http://securityadmin.info/faq.htm#password
I have a problem or a question with a virus or with antivirus.
http://securityadmin.info/faq.htm#virus
NOTE: www.grisoft.com is free antivirus, USE IT.
Why is Outlook Express blocking my attachments as "unsafe"?
http://securityadmin.info/faq.htm#attachments
How do I stop getting pop-up messages? Or adware? Or spyware?
http://securityadmin.info/faq.htm#pop-ups
How do I block people from viewing adult or objectionable content on a
computer?
http://securityadmin.info/faq.htm#contentfilter
How do I block spam emails?
http://securityadmin.info/faq.htm#spam
There is a Content Advisor password blocking me from certain web sites.
http://securityadmin.info/faq.htm#contentadvisor
How do I delete an FTP folder that a hacker put on my computer and I cannot
delete?
http://securityadmin.info/faq.htm#ftpfolder
Have I been hacked? What do I do if I've been hacked?
http://securityadmin.info/faq.htm#hacked
How do I re-secure a computer that has been hacked?
http://securityadmin.info/faq.htm#re-secure
How do I test or improve the security on my computer to avoid being hacked?
http://securityadmin.info/faq.htm#harden
How do I investigate a suspicious IP address that may be trying to hack me?
http://securityadmin.info/faq.htm#trace
How do I report a hacker?
http://securityadmin.info/faq.htm#reporthacker
How do I use a port scanner or vulnerability scanner to test my security?
http://securityadmin.info/faq.htm#portscanner
How do I encrypt my files and/or hard drive?
http://securityadmin.info/faq.htm#encryption
How do I get a firewall? IDS?
http://securityadmin.info/faq.htm#firewall
I want to use the IPSec filtering or IP filtering feature of Windows to
block certain ports and have a problem or question.
http://securityadmin.info/faq.htm#ipsec
I have a problem or question with the XP ICF firewall.
http://securityadmin.info/faq.htm#icf
I have a problem or question with the IIS URLScan tool.
http://securityadmin.info/faq.htm#urlscan
How do I change the banner on my computer or server to hide what software
version I'm using?
http://securityadmin.info/faq.htm#banner
How do I enable Windows Auditing to tell who logged into Windows or who
accessed a file?
http://securityadmin.info/faq.htm#auditing
How do I inspect and disable programs that start up when Windows starts?
http://securityadmin.info/faq.htm#startup
How do I use RUNAS or let someone use RUNAS to run commands as administrator
without having to type the password?
http://securityadmin.info/faq.htm#runas
How do I let non-administrator users run Defrag or change their IP address?
http://securityadmin.info/faq.htm#runas
My question is not mentioned above. How do I get an answer immediately,
with no waiting?
http://securityadmin.info/faq.htm#moreinfo
See also: http://www.google.com/groups?as_ugr...rosoft.public.*
See also: http://www.google.com/advanced_group_search
See also: http://www.google.com
I want to post a problem or question to the newsgroup. What info do I need
to post in order to get a correct answer quickly?
http://securityadmin.info/faq.htm#netiquette
Note that this is NOT a full list of all the questions answered in the FAQ.
Chances are, your question has probably already been answered. The complete
FAQ is at:
http://securityadmin.info/faq.htm#contents
I hope this is helpful. Feedback, suggestions and criticism regarding the
FAQ are welcome and may be emailed to me.
kind regards,
Karl Levinson, CISSP, MCSE, MVP
email: levinson_k@despammed.com
| |
|
| 1 post a month it's a enough.
Thanks
Roger
"Karl Levinson [x y] mvp" <levinson_k@despammed.com> wrote in message
news:us4taYaOEHA.3964@TK2MSFTNGP10.phx.gbl...
> Before you post a question to a Microsoft.public.*.security newsgroup,
note
> that your question may already be answered below:
>
> Answers to Top Frequently Asked Questions:
> http://securityadmin.info
>
> I'm getting an LSASS error message, and/or I have the Sasser virus.
> 1) Run anti-virus that is configured to download the latest updates
every
> week or even every day. www.grisoft.com is free anti-virus.
> 2) You also need to install all the patches for your system software
from
> http://windowsupdate.microsoft.com, starting with the MS04-011 patch.
> Microsoft generally releases security patches on the second Tuesday of
more
> or less every month. [Theh MS04-011 patch is also available here:
> http://www.microsoft.com/technet/se...n/ms04-011.mspx
> ... though you still want to visit the Windows Update site to get all
> patches.]
> 3) Once you're infected, you may need to download and run a free Sasser
> virus removal tool such as the Stinger tool from www.McAfee.com or the
free
> tool from http://www.microsoft.com/security/incident/sasser.asp
> 4) You're not running a firewall, or your firewall isn't protecting
you.
> Running a firewall would have protected you from this. Free firewall
> software is available from www.kerio.com, www.zonealarm.com and/or
> www.sygate.com
> 5) You need to do ALL of these things, or you won't have much success.
> You should also make sure you get the latest Microsoft patches monthly and
> anti-virus updates at least weekly.
>
> My question is not mentioned below. How do I get an answer immediately,
> with no waiting?
> http://securityadmin.info/faq.htm#moreinfo
> See also: http://www.google.com/groups?as_ugr...rosoft.public.*
> See also: http://www.google.com/advanced_group_search
> See also: http://www.google.com
>
> I want to post a problem or question to the newsgroup. What info do I
need
> to post in order to get a correct answer quickly?
> http://securityadmin.info/faq.htm#netiquette
>
>
> I just heard about a new Microsoft security patch update. Where can I get
> the patch?
> http://windowsupdate.microsoft.com OR
> http://www.microsoft.com/technet/security/current.asp
>
> I just installed a Microsoft security patch update, and now my computer is
> having problems.
> http://securityadmin.info/faq.htm#patchbroke
>
> I received an email from Microsoft / Microsoft Support / Microsoft
Internet
> Security Center claiming to be a security patch [or comprehensive Internet
> Explorer update]. Is this a virus?
> http://securityadmin.info/faq.htm#microsoftemail
> ALSO NOTE: www.grisoft.com is free antivirus, USE IT.
>
> I received a virus email from a Microsoft email address. Who do I report
> this to?
> http://securityadmin.info/faq.htm#microsoftemail
>
> I have the RPC Blaster worm "virus," what do I do?
> http://www.microsoft.com/security/incident/blast.asp
> ALSO NOTE: www.grisoft.com is free antivirus, USE IT.
>
> My computer is giving RPC Remote Procedure Call messages.
> There is a TFTP message or file on my computer.
> My computer keeps locking up, and/or rebooting, or telling me that it will
> reboot in 1 minute.
> http://www.microsoft.com/security/incident/blast.asp
> ALSO NOTE: www.grisoft.com is free antivirus, USE IT.
>
> Where can I download the Blaster worm / RPC DCOM patch?
> http://windowsupdate.microsoft.com OR
> http://www.microsoft.com/technet/security/current.asp
>
> I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or
I
> want to replace this file.
> http://securityadmin.info/faq.htm#jdbgmgr
>
> I forgot my Windows logon password and can't log in. How do I reset it?
> http://securityadmin.info/faq.htm#password
>
> I have a problem or a question with a virus or with antivirus.
> http://securityadmin.info/faq.htm#virus
> NOTE: www.grisoft.com is free antivirus, USE IT.
>
> Why is Outlook Express blocking my attachments as "unsafe"?
> http://securityadmin.info/faq.htm#attachments
>
> How do I stop getting pop-up messages? Or adware? Or spyware?
> http://securityadmin.info/faq.htm#pop-ups
>
> How do I block people from viewing adult or objectionable content on a
> computer?
> http://securityadmin.info/faq.htm#contentfilter
>
> How do I block spam emails?
> http://securityadmin.info/faq.htm#spam
>
> There is a Content Advisor password blocking me from certain web sites.
> http://securityadmin.info/faq.htm#contentadvisor
>
> How do I delete an FTP folder that a hacker put on my computer and I
cannot
> delete?
> http://securityadmin.info/faq.htm#ftpfolder
>
> Have I been hacked? What do I do if I've been hacked?
> http://securityadmin.info/faq.htm#hacked
>
> How do I re-secure a computer that has been hacked?
> http://securityadmin.info/faq.htm#re-secure
>
> How do I test or improve the security on my computer to avoid being
hacked?
> http://securityadmin.info/faq.htm#harden
>
> How do I investigate a suspicious IP address that may be trying to hack
me?
> http://securityadmin.info/faq.htm#trace
>
> How do I report a hacker?
> http://securityadmin.info/faq.htm#reporthacker
>
> How do I use a port scanner or vulnerability scanner to test my security?
> http://securityadmin.info/faq.htm#portscanner
>
> How do I encrypt my files and/or hard drive?
> http://securityadmin.info/faq.htm#encryption
>
> How do I get a firewall? IDS?
> http://securityadmin.info/faq.htm#firewall
>
> I want to use the IPSec filtering or IP filtering feature of Windows to
> block certain ports and have a problem or question.
> http://securityadmin.info/faq.htm#ipsec
>
> I have a problem or question with the XP ICF firewall.
> http://securityadmin.info/faq.htm#icf
>
> I have a problem or question with the IIS URLScan tool.
> http://securityadmin.info/faq.htm#urlscan
>
> How do I change the banner on my computer or server to hide what software
> version I'm using?
> http://securityadmin.info/faq.htm#banner
>
> How do I enable Windows Auditing to tell who logged into Windows or who
> accessed a file?
> http://securityadmin.info/faq.htm#auditing
>
> How do I inspect and disable programs that start up when Windows starts?
> http://securityadmin.info/faq.htm#startup
>
> How do I use RUNAS or let someone use RUNAS to run commands as
administrator
> without having to type the password?
> http://securityadmin.info/faq.htm#runas
>
> How do I let non-administrator users run Defrag or change their IP
address?
> http://securityadmin.info/faq.htm#runas
>
>
> My question is not mentioned above. How do I get an answer immediately,
> with no waiting?
> http://securityadmin.info/faq.htm#moreinfo
> See also: http://www.google.com/groups?as_ugr...rosoft.public.*
> See also: http://www.google.com/advanced_group_search
> See also: http://www.google.com
>
> I want to post a problem or question to the newsgroup. What info do I
need
> to post in order to get a correct answer quickly?
> http://securityadmin.info/faq.htm#netiquette
>
> Note that this is NOT a full list of all the questions answered in the
FAQ.
> Chances are, your question has probably already been answered. The
complete
> FAQ is at:
> http://securityadmin.info/faq.htm#contents
>
>
> I hope this is helpful. Feedback, suggestions and criticism regarding the
> FAQ are welcome and may be emailed to me.
>
> kind regards,
> Karl Levinson, CISSP, MCSE, MVP
> email: levinson_k@despammed.com
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.686 / Virus Database: 447 - Release Date: 14/05/04
| |
| Noah Centenero 2004-05-16, 3:34 am |
| agreed.
-Noah C.
"Roger" <rborduas@hotmail.com> wrote in message
news:edTwuPwOEHA.736@tk2msftngp13.phx.gbl...
>1 post a month it's a enough.
>
> Thanks
> Roger
>
>
>
> "Karl Levinson [x y] mvp" <levinson_k@despammed.com> wrote in message
> news:us4taYaOEHA.3964@TK2MSFTNGP10.phx.gbl...
> note
> every
> from
> more
> free
> you.
> need
> Internet
> I
> cannot
> hacked?
> me?
> administrator
> address?
> need
> FAQ.
> complete
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.686 / Virus Database: 447 - Release Date: 14/05/04
>
>
| |
| Karl Levinson [x y] mvp 2004-05-16, 9:34 am |
| Not everyone agrees. I'm not sure what the negative impact to daily posting
is, since you can just easily ignore the post. I would think it would
benefit you if it reduced the ratio of signal to noise and reduced the
number of posts you had to respond to [assuming you're a regular around
here?].
The Microsoft public newsgroups are unique in Usenet in that a large number
of people use the Microsoft web site GUI, where any post that is older than
a day is pretty much hidden from view. It seemed clear to me that when I
was posting this once a month, it wasn't doing much to help. The owner of
the microsoft.public.security.virus FAQ also posts that FAQ daily.
I had been posting the FAQ every one to two weeks, but increased the
frequency in the past two weeks due to the repeated posting of Sasser
virus-related questions. I won't always be posting it daily, this is an
exceptional situation.
"Noah Centenero" <apersonatexampledotcom> wrote in message
news:%23CTcVZxOEHA.3708@TK2MSFTNGP10.phx.gbl...
> agreed.
> -Noah C.
>
> "Roger" <rborduas@hotmail.com> wrote in message
> news:edTwuPwOEHA.736@tk2msftngp13.phx.gbl...
success.[vbcol=seagreen]
immediately,[vbcol=seagreen]
report[vbcol=seagreen]
it?[vbcol=seagreen]
security?[vbcol=seagreen]
software[vbcol=seagreen]
starts?[vbcol=seagreen]
immediately,[vbcol=seagreen]
>
>
| |
| Roger 2004-05-19, 11:41 pm |
| 1 post a month it's still a enough and you not suppose to crosspost.
Thanks
Roger
--
Roger
** Ge sé ke g'sui poury an frensai écri **
Supprimer SPAM dans le courriel
Remove SPAM from e-mail
"Karl Levinson [x y] mvp" <levinson_k@despammed.com> wrote in message
news:uxIDlZ0OEHA.1160@TK2MSFTNGP09.phx.gbl...
> Not everyone agrees. I'm not sure what the negative impact to daily
posting
> is, since you can just easily ignore the post. I would think it would
> benefit you if it reduced the ratio of signal to noise and reduced the
> number of posts you had to respond to [assuming you're a regular around
> here?].
>
> The Microsoft public newsgroups are unique in Usenet in that a large
number
> of people use the Microsoft web site GUI, where any post that is older
than
> a day is pretty much hidden from view. It seemed clear to me that when I
> was posting this once a month, it wasn't doing much to help. The owner of
> the microsoft.public.security.virus FAQ also posts that FAQ daily.
>
> I had been posting the FAQ every one to two weeks, but increased the
> frequency in the past two weeks due to the repeated posting of Sasser
> virus-related questions. I won't always be posting it daily, this is an
> exceptional situation.
>
>
> "Noah Centenero" <apersonatexampledotcom> wrote in message
> news:%23CTcVZxOEHA.3708@TK2MSFTNGP10.phx.gbl...
newsgroup,[vbcol=seagreen]
updates[vbcol=seagreen]
software[vbcol=seagreen]
of[vbcol=seagreen]
the[vbcol=seagreen]
protecting[vbcol=seagreen]
> success.
monthly[vbcol=seagreen]
> immediately,
I[vbcol=seagreen]
I[vbcol=seagreen]
computer[vbcol=seagreen]
> report
hoax,[vbcol=seagreen]
> it?
a[vbcol=seagreen]
sites.[vbcol=seagreen]
hack[vbcol=seagreen]
> security?
to[vbcol=seagreen]
> software
who[vbcol=seagreen]
> starts?
> immediately,
I[vbcol=seagreen]
the[vbcol=seagreen]
regarding[vbcol=seagreen]
>
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.688 / Virus Database: 449 - Release Date: 18/05/04
|
|
|
|
|