Earthweb
Images Research Events Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
 SUBJECTS:
 FEATURES:
Search EarthWeb Network

internet.commerce
Be a Commerce Partner
Cheap Digital Camera
Register Domain Name
Plasma Televisions
Computer Deals
Cheap Plasma TVs
Online Degrees
Laptop Computers
Car Insurance Quotes
Auto Insurance
Ecommerce Hosting
KVM over IP
Email Marketing
Car Donations
Memory

IT Management : Columns : Executive Tech: Fix Windows Without Patching

Symantec Data Management Solutions
Whitepaper: The Benefit of Continuous Data Protection
Data volume continues to grow at nearly 40% to 50% each year, making back up of mission critical data very difficult. For any organization looking to manage data growth, improve reliability, and speed data recovery, continuous data protection provides the avenue to address the challenges in a method that will improve overall data protection without weighing down IT with costly solutions.
Register Now to Download.
Whitepaper: Breaking Through the Dissimilar Hardware Restore Challenge
This paper discusses recovery to virtual computer environments, hardware migration strategies, hardware repurposing for optimal resource utilization, meeting recovery time objectives, and increasing disaster tolerance.
Register Now to Download.
Whitepaper: Converging System and Data Protection
From resilience against threats to efficient restoration of normal operations, Symantec can help keep your business up, running, and growing—no matter what happens.
Register Now to Download.
Webcast: Symantec Brings Disk-based Data Protection and Advanced System Recovery Together
Symantec Backup Exec™ and Symantec LiveState Recovery™ allow rapid and easy backup and recovery of virtually any Windows data and Windows system.
Join us for an informative Webcast to learn how to:
  • Create backups and restore to specific system recovery points
  • Maintain data availability and minimize server downtime
  • Eliminate backup windows, improving increased system reliability
  • Dramatically minimize downtime by rapidly recovering entire systems to dissimilar hardware platforms or even to virtual environments
Register Now to Watch.

Related Articles
Pop-ups Are Coming to Screens Near You
How Many Pop-ups Can a Pop-up Stopper Stop?
In PCs, Silence is Golden
What's Protecting Your Open-Access PCs?
- ITSMWatch Newsletter -
email:
IT Focus
Wireless in the Enterprise

Wireless technology continues to make great inroads into networks. But IT pros still must contend with a number of issues such as security, access and integration.

Ready? Set. Go!

Mobile Workers Never Looked So Thin

The Incredible Hidden Wireless Connection

Product Watch
DataPort HotDock - External Drive Enclosure Enables IDE Hot Swap
GateDefender Performa - Gateway-Based E-Mail Anti-Spam and HTTP Content Filtering
PalmSecure - Biometric Identification via Palm Veins
VirusCop - Report Virus Spam, Erroneous E-mail Bounces, Other Spam
REV - Removable Hard Drive Platform for Storage and Backup

more products >>

Datamation Definitions
data mining
ERP
extranet
grid computing
intranet
network appliance
outsourcing
storage
VPN
virus
FREE Tech Newsletters

AMD How-to Article: Driving Windows x64--A 15,000-Mile Checkup, with Tips and Workarounds

Fix Windows Without Patching
February 17, 2004
By Brian Livingston

Brian Livingston What if you could stop a new virus from zooming through your company — without waiting for antivirus firms to update their programs and without waiting for Microsoft's latest patches to be installed on all your PCs?

One vendor that specializes in helping enterprises patch Windows has developed a method to do just that. It's called "cratering."

How Cratering Works

Cratering takes advantage of the fact that Windows NT, 2000, XP, and 2003 support a feature known as Access Control Lists (ACLs). These lists, which reside on PCs and control which files can be accessed, can be modified by network adminstrators at a distance. With the proper software tools, an admin can remotely change the ACLs on hundreds or thousands of PCs in a corporate network without leaving his or her desk.

Using ACLs to halt virus activity has best been described by Leiberman & Associates, a Beverly Hills, Calif., company that sells enterprise-level PC management software to do the job. But the technique can also be performed using free software programs.

How ACLs Can Control Virus Infections

Before we consider those software alternatives, let's first look at the basic steps in controlling a virus infection using ACLs:

Virus detection. If your help desk receives a call that a PC is constantly rebooting or that some program is consuming 100 percent of its CPU time, a new virus that wasn't caught by your antivirus software may be the cause. This was true of the recent MyDoom worm. It was launched by someone on Jan. 26 and quickly became the fastest-speading infection of all time, comprising as many as 1 out of every 12 e-mails at its peak, as measured by e-mail consulting firm MessageLabs. The worm circulated for about two days before updates that recognized it were available for various antivirus programs, according to eEye Digital Security.

File access denial. Viruses work by executing a specific file, which is usually launched automatically from one of the Run lines in the Windows Registry. When an infected machine is examined for programs that are running (using the built-in Windows Task Manager or a similar tool), the virus file can be identified.

Set ACLs to "Deny." Using Cacls.exe, a command-line utility built into Windows, or other tools that are described below, set the ACL for the virus executable to Deny for all users. This prevents any user, or even the operating system itself, from running the executable again. To stop the instance that's already running, reboot the PC. The virus won't start again, even if it's listed in a Run line of the Registry, because access to the file has been denied. In a word, the virus has been "cratered."

With network-management tools, the process of setting ACLs on infected machines and then rebooting them can be automated and run by an administrator from any location on a network.

Inoculating PCs Against Future Virus Infections

The president of Lieberman & Associates, Phil Lieberman, says he came up with the idea of cratering when the infamous MSBlaster worm was wreaking havok with networks around the world last August. The virus made it impossible for one of the infected machines he examined to download a patch.

"The network bandwidth it was using was so high that you literally couldn't get out," Lieberman explains.

He hit upon the idea of preventing the virus executable from running by denying access to it through ACLs. Once this was done and the PC was rebooted, the virus couldn't start and the machine could be upgraded by normal means.

The ACL technique, to be sure, is not a substitute for a rigorous regime of updating Windows and your anti-virus signature files regularly. Nor would it work on a mass basis against a specialized class of viruses that generates new file names at random.

But it does lend itself to crisis situations in which a new virus threatens to overwhelm a corporate network. When your alternatives are (1) disconnecting your entire company from the Internet, or (2) simply prohibiting a file with a certain name from running, the latter option is sure to be less disruptive to your workplace.

Conclusion

Besides the built-in Calcs.exe program mentioned above, Microsoft also provides Xcalcs, a program that's included with copies of the Microsoft Windows Resource Kit. Third-party tools such as SetACL are also available.

More sophisticated network-management suites can automate the setting of ACLs on PCs across entire domains, along with numerous other tasks. Lieberman & Associates' User Manager Pro software has offered such features since version 4.66, which was released last August.

To promote this use of ACLs, Lieberman released on Jan. 27 a white paper on how to defeat the MyDoom virus, along with an older paper entitled Cratering. Both are available in HTML and PDF form at the LANICU white paper page.

Brian Livingston is the editor of WindowsSecrets.com and the coauthor of "Windows Me Secrets" and nine other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.


Executive Tech Archives


JupiterWeb networks:

Graphics.com

Search JupiterWeb:

Jupitermedia Corporation has three divisions:
JupiterResearch


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Jupitermedia Corporate Info | Newsletters | Tech Jobs | E-mail Offers