[Dshield] MS SUS (formerly Mydoom (A, B) and Doomjuice.A WormRemoval Tool (KB836528), 2/13/2004)
areust at comcast.net
Wed Feb 18 05:57:41 GMT 2004
SUS and more
I am in the process of reconfiguring a SUS server. My first original look
was disappointing in the Lack of Service packs/NT 4.0 support. I saw win2k
service packs come in but could not deploy them. I had the opportunity to
speak with some of the developers and Yes that was on everyone wish list.
It was promised in the delayed SUS 2.0 along with Office fixes. Initially
SUS was designed to support a 200 machine environment (single server)
larger was "go to SMS." MS created the SUS plugin to allow an SUS server to
bring the hotfixes and services packs to where SMS could deal with them.
This was a big deal as everyone started disabling Active X (inside the
firewall) which was required for WindowsUpdate.
During the 2003 Microsoft Security Symposium, I spoke with MS SUS folks and
Shavlik Representatives. I and a friend installed two separate
installations of the Lite Version (reporting is disabled). We noted right
off that there were severe problems with Wireless.. That has been fixed. I
noted that in my Lab environment, (20 machines, mixed NT 4.0 [workstation
and server], Win2K [Pro and various Server flavors], and XP [Pro or RC-2003
Server] Problems in an AD Domain. These problems as I deduced were related
to how RPC functions to log into the XP environment.. The error that it
gave was very lame (admin rights required) even attempting to use the
Domain Admin account.. It Failed! I could hook into the machine using
"net use \\machine\ipc$ /u:domain\admin password"
with no problem, that was proof that RPC was not having a problem. The
"same" error was reported for various other errors that had separate other
solutions. Only an undefined/undertrapped error. It came to a point that
they did not want to hear it anymore.. They stopped responding. So for
that, I will advertise for Shavlik! I Will Not spend money there! They
received several hundred hours of advanced Beta testing without so much as
a "Thank You." We all contribute many hours of testing and "professional"
troubleshooting that are in some cases "unrewarded." Some companies will
acknowledge "professional" help and provide "Not for Resale" (Free or at
Reduced cost) software that help you recommend/sell their product.. It
allows you to play and learn, or find the correct product for your
individual situation. It now seems that is a dying thing.
I look at the footprint it leaves (HFNetchk Pro), and what software update
services leaves on the machines - it is comparable. With the pre 4.x
version I do not see a way to uninstall a bad hotfix, or a way to define a
bad install of a hotfix. It goes back to testing the odd machine with
QFECheck, the attempting to reapply the broken hotfix.
Put together 20 mixed machines and go test.. Oops I forgot the Lite version
now only allows ten machines, beside the lack of reporting. It was sad
because I thought that they had a solution to account for the lack of MS NT
4.0 support. No SUS does not support NT 4.0!
If you have 5 machines and do not care about reporting, go grab the Lite
version. It will take care of what you need.. Then you do not have to pay
anything, However it is a Resource Hog!
Yes Shavlik created the slim model HFNetchk, this is not the first time
that MS has purchased services. In the Win 9.x era "Defrag" carried
Symantec's Copyright (Speedisk) and others. So in this case it easier to
license a version of software (built to specifications) than build it or
buy the company. But then we all know that MS has a 10+ billion operating
If you have money go to http://www.stbernard.com/ they have one that works.
At 12:31 PM 2/16/2004 -0500, you wrote:
> Sorry about that, the caffeine had not set in yet.
> The problem with SUS is exactly that the limitations stated my MS.
> Back when I was testing it you could not push SP's, only hot fixes.
> I don't know if they have fixed this limitation or not? Why go halfway
> another tool when you could go all the way with one tool HFNetChk.
> SUS was designed and created by Shavlik for MS, MS just chooses to use
> a watered down version. Don't get me wrong, it's a good tool but it
> has a way too go. I just don't feel comfortable waiting.
> SMS is a good product but very cumbersome and pricy.
> > -----Original Message-----
> > From: John Holmblad [mailto:jholmblad at aol.com]
> > Sent: Monday, February 16, 2004 11:30 AM
> > To: General DShield Discussion List
> > Subject: Re: [Dshield] MS SUS (formerly Mydoom (A, B) and
> > Doomjuice.A WormRemoval Tool (KB836528), 2/13/2004)
> > Paul,
> > I assume the missing word in your post is "waste". I have not
> > used either product to date but I am familiar with both. Can
> > you elaborate on why you think SUS is worthless, especially
> > since it is also free? I know that Microsoft is reasonably up
> > front about the limitations of SUS and positions it for the
> > small to medium enterprise to ease the management of
> > Microsoft OS security patches. As you are probably aware
> > Microsoft also has Systems Management Server (SMS) for
> > managing large deployments of Microsoft systems. I don't know
> > very much about that product but I know that it is NOT free.
> > --
> > Best Regards,
> > John Holmblad
> > Televerage International
> > (H) 703 620 0672
> > (M) 703 407 2278
> > (F) 703 620 5388
> > www page: www.vtext.com/users/jholmblad
> > primary email address: jholmblad at aol.com
> > backup email address: jholmblad at verizon.net
> > text email address: jholmblad at vtext.com
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or unsubscribe), see:
> > http://www.dshield.org/mailman/listinfo/list
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see:
More information about the list