I tend to be somewhat obsessive about keeping all the computers I'm directly responsible for updated with patches and hotfixes. This attention to detail has paid off: I have yet to have a virus or security exploit on one of my personal computers, nor have I had to deal with malware outbreaks or anything of that nature.
Unfortunately, I'm not always able to convey that sense of urgency to my friends and clients. A friend (who is also a client) recently asked me to try to clean up a seriously infected computer. The system ran his company's cash register and point-of-sale systems, and due to a casual corporate attitude about Web surfing when business was slow, had managed to acquire quite a collection of viruses and malware. I'd been trying to convince this client to change his choice of point-of-sale systems because the one he has runs properly only when the account it runs under has full administrative access rights. However, he'd purchased the business only a few months earlier and didn't have the financial resources to dump the system and migrate the 5 years of customer and inventory data it contained.
After I removed literally hundreds of infected files and dozens of malware applications, the computer still wasn't running right, and I decided that it would be simpler (for me) to wipe the hard drive and reinstall the OS and applications. Fortunately, the client had been religious about running the automated backup routine I'd written for him, so the actual application data files were backed up onto another computer and were free of corruption and infection.
To simplify the installation process, I used an XP installation CD-ROM that included Service Pack 2 (SP2). The combined OS/SP2 installation reduced the amount of time needed for the reinstall because I didn't have to go through the Windows Update process too many times to make sure that I'd dealt with all the latest security concerns. So, in a process we're all too familiar with, I wiped the hard drive, reinstalled the OS, updated it, and installed antivirus and anti-malware software.
These steps brought me to the point of reinstalling the application software. The easy part would be reinstalling the standard office automation applications. The point-of-sale software would require a little more work, but my client knew that product and would handle that installation himself. My only real concern was ensuring that he had a solid, reliable system on which to install the application.
After going over with my client all the things I'd done on the computer, the only software that had to be reinstalled (other than the point-of-sale software) was Microsoft Office. After reinstalling Microsoft Office XP, I went to the Office Update Web site and installed the required updates--of which there were quite a few.
Thinking I was finished with my portion of this project, I double-checked the configuration to make sure everything was ready to go. You can imagine my consternation when I discovered that installing and updating Office XP had compromised the OS's security by reintroducing an exploit that I'd already patched--specifically, the JPEG buffer overrun exploit described in Microsoft Security Bulletin MS04-028. (Microsoft now has a tool that's designed to find and alert you to this exploit, which can be reintroduced after the installation of several widely used Microsoft applications. For details about the GDI+ Detection Tool, go to http://support.microsoft.com/default.aspx?scid=kb;en-us;873374.)
This whole experience reminded me--rather forcefully--of something I'd forgotten. In the past, if you installed applications after installing certain service packs or hotfixes, you often had to reinstall the service pack or hotfix because the application installation replaced files that you'd patched. This concern is still valid--perhaps even more valid in these security-conscious days than it once was--and you shouldn't let that fact slip from your mind.
Off topic (but of considerable interest), I want to invite you to test your Active Directory (AD) and Group Policy skills against your peers in the IT Prolympics. Before you start, you can download a free reference guide about AD and Group Policy. Then, take a 20-question multiple-choice test. Finally, complete a timed virtual AD lab to demonstrate your skills in a real-life setting.
Windows IT Pro will select three winners based on their overall scores. The gold medalist will win an all-expense-paid trip to TechEd 2005, and all three winners will be featured in the January issue of Windows IT Pro. To sign up for the competition, go to http://www.windowsitpro.com/itprolympics--you have until November 26 to complete the test and the virtual lab. Good luck!