Logfile worries

Robin Laing Robin.Laing at drdc-rddc.gc.ca
Mon Sep 18 22:24:33 UTC 2006 

Anne Wilson wrote:
> On Monday 18 September 2006 17:59, Jeff Vian wrote:
> 
>>On Mon, 2006-09-18 at 09:49 +0100, Anne Wilson wrote:
>>
>>>I have logwatch mailing me daily about activity.  This morning the report
>>>from this box has the following lines in the samba section:
>>>
> 
> Yes.  This is XP.  Running as a non-administrator is so crippled as to be 
> useless, and realistically no windows-user is going to learn that there is 
> something equivalent to su - in fact I had not heard of it until this 
> morning, either.
> 


> Yesterday, I was working on her laptop.  I know I gave the correct username 
> and password, but it was rejected.  Doubting for a moment, I tried another 
> password she uses but that also failed, twice, before the original password 
> was accepted.  The other thing I noticed was that when I tried the correct 
> password it was simply rejected, whereas when I tried the alternative one the 
> screen blinked before offering the login dialogue (with fields filled in) 
> again.
> 
> This user is a cautious user, who wouldn't dream of using peer-to-peer or 
> visiting dodgy websites.  She keeps her AV software up to date and scans 
> daily.
> 
> I can think of no way in which that laptop is configured differently to other 
> windows boxes on the LAN.  Do you have anything specific in mind when you 
> talk about 'properly configured'?
> 
> Anne
> 

I know that this may seem obvious but are they using IE with Active-X 
enabled?

There is a an unpatched hole that is being exploited.

http://www.theregister.com/2006/09/18/ie_flaw_warnings_grow/

You only mention anti-virus.  What about adware/spyware scans?

What about a scan with a different anti-virus software package?

All it takes is one visit to one site that has a bad link.  It has 
happened that a good site will have a bad advertising link that will 
infect the machine making it a bad site.

I have had to use an XP machine that was supposed to be up to date and 
the number of spyware/adware applications took me by surprise.  My first 
day was just cleaning the computer.

Good luck.  As Microsoft's has suggested, re-installing is sometimes the 
only sure fix.

-- 
Robin Laing

More information about the fedora-list mailing list