LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

November 2005

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS November 2005

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Microsoft and Cisco
From:	"King, Michael" <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Thu, 3 Nov 2005 16:42:59 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (67 lines)

Greg,

One of the comments that early on went over the mailing list was this:

CCA will expose damaged machines, that will operate ok just surfing the
web, but when you attempt to patch them, will ultimately fail.  The
cause of the failure is a mirad of things ranging to damaged DLL's to a
cornucopia of spyware.

The point is, you would have the same difficulty with that machine, in a
virus outbreak situation, as you would now.


Or, put another way.  The machines will always be messedup, when do you
want, and who do you want to fix it?


One more point. IF it's become a problem, do what I do.  Make a copy of
Cisco's rules, and use those as your rules.  You ultimately control what
is, and what is not required.  We choose to run a week or so behind
"Microsoft's Patch Tuesday" so that issues like this can be understood.
We do however, have to be vigilant that Microsoft does not pull a patch,
since we are not depending on Cisco to update the rules automatically.


Mike

> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List 
> [mailto:[log in to unmask]] On Behalf Of Greg Schaffer
> Sent: Thursday, November 03, 2005 2:30 PM
> To: [log in to unmask]
> Subject: Microsoft and Cisco
> 
> First of all, I am quite glad I stumbled upon this list!  We 
> implemented CCA this past summer and have seen many of the 
> issues being discussed on this list.
> 
> In reference to a thread from last month, we also had 
> instances related to the "902400" Windows Update headache.  I 
> opened a call with Cisco on Oct 14th requesting assistance 
> and have essentially gotten no useful information, just "CCA 
> supports this update".  I thought we were alone in 
> experiencing the problem of some users going to Microsoft's 
> update site and running the update tool, reporting everything 
> clean, whereas CCA denied access because 902400 was not 
> installed.  In the end, I have turned off all Windows update 
> checks excpet for the one to check to see if auto update is running.
> 
> This has created yet another PR black eye for CCA and 
> honestly I'm about ready to reevaluate our CCA stance as 
> well.  It's been a couple of weeks, and I'm just curious what 
> anyone else has done related to this issue if they had the 
> same problem(s).  I considered sending the users to a page to 
> manually install this and other updates, but quite frankly I 
> don't want to add that extra cumbersome layer to the 
> residents whom are already not pleased with CCA's 
> performance.  I'm also very disappointed with Cisco's TAC on 
> this.  I understand it may be ultimately a Microsoft issue 
> but on the other hand CCA should be able to work around it.
> 
> Thanks,
> Greg Schaffer
> Director of Network Services
> Middle Tennessee State University
>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU