Quote:
|
Originally Posted by BBKing
Quote:
|
You could (theoretically) check for all Windows PCs this way.
|
3) It doesn't determine 100% that a particular machine can host the virus - two Windows PCs returning the same string could have one vulnerable, one not, depending on whether patches have been installed. It doesn't have enough information to make a certain judgement. |
True, and the only way I can think of (without monitoring ports used and scanning patterns) would be hack into the machine, and check (in the registry) which patches are installed. Of course, this raises a little issue of privacy, and is illegal..
Quote:
You could force everyone to run an app that walled-gardens them if they've not got all patches installed, but do we really want that?
The surest way is to identify IPs that are sending traffic that looks like it comes from a virus - specific ports, patterns of scanning etc. This can be duplicated by someone on another OS, but it has to be done deliberately and is effectively malicious (if you know how to exploit a vulnerability and program your Linux box to do it, that'll appear indistinguishable from the original infection).
|
Just imagine the situation... Techy people leaving/avoiding AOL because "you have to run their cr*p software", only to join NTL and find they have to run NTL's cr*p software...
BTW, I'm quite happy with the system NTL have in place. Nice to see an ISP actually try and DO something about unpatched users.