On Sun, 7 Oct 2001, Bob Tanner wrote:

> Even if your IIS server was patched did NIMDA still effect it? I thought it took
> 48hrs for MS to come out with a patch to "fix" the NIMDA virus.

The patches were available for some time.  It took nearly 48 hours for
some of the anti-virus companies to release their sigs though.  If you
weren't patched, heard the news, then patched, NIMDA could have affected
the system in that time and depending on what AV software you were running
you wouldn't know for 24-48 hours.

I saw an interesting post on /. about a guy who was aware of NIMDA, had
his IIS servers patched, was running IE6, and STILL GOT IT.  Someone on
his network got the e-mail before IE was patched and it spit itself onto
the network.  The admin saw it, clicked once intending to delete it, and
%^#@$'n Windows Explorer decided to open it in the preview pane, infecting
his system.

> I want to make sure I tell clients the facts about NIMDA and IIS so when I
> recommend Linux and Apache, they know I'm being honest.

Easy comparison: Do a search for vulnerabilites on both Apache and IIS on
BugTraq.  Apache comes up with 10 or 15 exploits, IIS comes back with
hundreds more.  Same is true for Sendmail vs Exchange, and Sendmail is one
of the most exploited linux daemons!

-Brian