April 25, 2007

Why I love my Mac

Posted in Commentary at 7:09 am by Michael Sweeney Media

I have not written in the past two weeks, not because I am feeling anti-social but because I had to pull a couple of 24 hour plus days due to a 0 day attack on our Windows network. Yes, like many Mac users, I have to work and live in a Windoze world much to my annoyance but it does pay the bills. In this case, we got slammed by the current unpatched DNS RPC hack which had Rinbot as a payload. The POS came in via one of our VPN connections in China and hit the DNS servers, whack Symantec (not a big fan, even less now) and went nuts.

It took a few days to work out just what had happened and I spent more then a few hours in the windows registry working out a bandaid solution which involved renaming files and putting dummy RO files in place which would break the worms. Microsoft STILL does not have a patch they have been less than helpful over the entire mess. Symantec was rude and nasty until I read the C++ crash report which named their stupid software by name. Then it was “we will get back to you”. They never did with anything helpful. It took Symantec over three days before they had an update that could even SEE the RinBot nasty and even then the version of AV engine we were on was, shall we say, weak. It turns out that their vaunted AV Corporate server software which we had till the virus whacked it, does not update the EXE file, it has to be uninstalled and then reinstalled manually. What a POS.

So during all of this “fun”, my trusty Mini just kept working away while my boss’s laptop died, my co-workers workstation died and most of the servers died. I did figure out about day 2 that the worm was yapping away on port 1025 and then I built some IPsec filters for the Windows servers to block that port. That calmed things down alot as did installing the free AVG software on all 1600 desktops because Symantec could not see the worm but the free AVG could. Now we have to work out which AV solution to settle on because as much as I like AVG, it is not a real enterprise solution, well, neither was Norton as it turned out.

The real life saver came from one of the companies we had just bought several months ago and who are using Cisco’s CSA product. They did not get a single infection though the servers were getting beat on by the worm. CSA saw and blocked it all before we even knew we had problems. So we promptly put CSA on most of our servers and we have plans to roll it out to key desktops and remote users in the near future. Thanks for nothing Microsoft, you are costing us a boatload of money due to your crappy programming.

A side note, some of our older and neglected servers were not affected by the worm until we put CURRENT patches on them, then it was WHAM BAM. So the flaw that Rimbot uses was not present until you installed Microsoft patches from around SP1 for 2003 server. Sp2 is swiss cheese to the worm.

So now we are going back to our regularly scheduled Mac musings. In the coming weeks, I have a new cheapo 200 watt strobe kit I just bought off eBay, I have the Huey/Panatone monitor color adjustment tool and a few other new cools things to play with. I love my AppleTV and the kids have become addicted to “The Incredibles: on it 🙂 They also love to watch themselves on a photo slideshow. I just picked up some new books from Sitepoint for CSS and tableless web design for a current project and I will be writing about them soon.

Did I say that Windoze sucks? For the amount of time lost and money spent trying to protect our Windows boxen, everyone and I mean EVERYONE in the office could have had top flight Macs on their desktop. And yet, people refuse to admit that in some if not many cases, Windows is not the best solution. ::sigh::


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: