Date: Mon, 9 Feb 2004 12:41:26 -0500 (EST) From: Sean Donelan <sean@donelan.com> Sender: owner-nanog@merit.edu
On Mon, 9 Feb 2004, John Payne wrote:
--On Sunday, February 8, 2004 10:46 PM +0000 Paul Vixie <vixie@vix.com> wrote:
There is nothing wrong with a user who thinks they should not have to know how to protect their computer from virus infections. However, someone attending NANOG should at least have cleaned up slammer before connecting to the wireless...
I have never seen any evidence that security experts or network operators are any better at practicing security than any other user group. In every forum I've been at, the infection rates have been similar regardless of the attendees security experience.
Sometimes the attendees know about the issue, but do not have the power to fix it, e.g. corporate IT deparment controls the laptop they are required to use. Other times, they are oblivious to the equipment being infected.
I wouldn't be surprised if I went to a meeting at the Department of Homeland Security or NSA, their infection rates are similar.
At a recent large (last 6 months) trade show, the show network saw a bunch infected systems pop up at once. The problem was tracked (fairly quickly) to machines brought up by a vendor in their booth that lacked a number of recent Microsoft Windows Critical Updates. I can't say who the vendor was, but they REALLY should have been the FIRST to install any patches. If this happens, what hope do we have for "normal" users. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634