On Sun, 7 Oct 2001, Bob Tanner wrote: > Even if your IIS server was patched did NIMDA still effect it? I thought it took > 48hrs for MS to come out with a patch to "fix" the NIMDA virus. The patches were available for some time. It took nearly 48 hours for some of the anti-virus companies to release their sigs though. If you weren't patched, heard the news, then patched, NIMDA could have affected the system in that time and depending on what AV software you were running you wouldn't know for 24-48 hours. I saw an interesting post on /. about a guy who was aware of NIMDA, had his IIS servers patched, was running IE6, and STILL GOT IT. Someone on his network got the e-mail before IE was patched and it spit itself onto the network. The admin saw it, clicked once intending to delete it, and %^#@$'n Windows Explorer decided to open it in the preview pane, infecting his system. > I want to make sure I tell clients the facts about NIMDA and IIS so when I > recommend Linux and Apache, they know I'm being honest. Easy comparison: Do a search for vulnerabilites on both Apache and IIS on BugTraq. Apache comes up with 10 or 15 exploits, IIS comes back with hundreds more. Same is true for Sendmail vs Exchange, and Sendmail is one of the most exploited linux daemons! -Brian