October 27th, 2008, 02:36 PM
You still did not quite cover MLF's questions
What was executed ...with administrator privledges...on a server?? and how?
What was the role of this server??
How did the lack of a AV cause an infection?? It is a reactive approach?
There is no problem with leaving a server logged on as administrator, in fact it can prevent a console remote login by another user (although security policies should be preventing this anyway)..... In saying that, if the server is left unattended, the user should lock the computer, requiring to enter the password again to access.
Both our servers are logged on with ADMINISTRATOR at all times. Dont ask my why. I believe it started duplicating files on a share that the marketing department uses and then just spread like wild fire.
Also, depending on software installed, it may need a user account logged on to work (Read: Application based feed Vs. Installed Service)
Last edited by CybertecOne; October 27th, 2008 at 02:39 PM.
"Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
- Albert Einstein
By C:\Saw in forum Operating Systems
Last Post: February 20th, 2008, 06:26 PM
By acdspit00 in forum AntiOnline's General Chit Chat
Last Post: September 8th, 2006, 10:33 AM
By treanglin in forum Security News
Last Post: August 17th, 2006, 02:59 PM
By muert0 in forum Operating Systems
Last Post: August 27th, 2004, 03:14 AM
By tampabay420 in forum Programming Security
Last Post: February 14th, 2003, 01:36 PM
Tags for this Thread