>>>http://www.pbs.org/cringely/pulpit/pulpit20020627.html
>>>
>>>
>>>'What bothers me the most about it is not just that we are being sold a bill of goods by the very outfit responsible for making possible most current Internet security problems. "The world is a fearful place (because we allowed it to be by introducing vulnerable designs followed by clueless security initiatives) so let us fix it for you." '
>
>I guess this is the n+1st reason I haven't written a Word document for a number of years, at least nothing important and not longer than a page or two. When I write something for real, it's in HTML format. Even though I have a legal version of Office - if in the next iteration it becomes a mechanism of extortion ("keep paying us or your books will vanish"), I'll pretty much write all my stuff in Notepad.
>
>BTW, is there any possible reason why would SQL server want to access the Web when it boots?

Perhaps it want's to call home?

>
>Also, what is lsasrv.dll and lsass.exe (decribed very thoroughly as "LSA Executable and Server DLL (Export Version)") and why they keep trying to access the other machines in the network using the isakmp port (none of these names are mentioned in the w2k help)?

One description:
http://www.annoyances.org/exec/forum/winxp/r1025341460

Another description:
ISAKMP defines procedures and packet formats to establish, negotiate, modify and delete Security Associations. SAs contain all the information required for execution of various network security services, such as the IP layer services (such as header authentication and payload encapsulation), transport or application layer services, or self-protection of negotiation traffic. ISAKMP defines payloads for exchanging key generation and authentication data. These formats provide a consistent framework for transferring key and authentication data which is independent of the key generation technique, encryption algorithm and authentication mechanism. ISAKMP is distinct from key exchange protocols in order to cleanly separate the details of security association management (and key management) from the details of key exchange. There may be many different key exchange protocols, each with different security properties. However, a common framework is required for agreeing to the format of SA attributes, and for negotiating, modifying, and deleting SAs. ISAKMP serves as this common framework. Have you setup or tried to set up a VPN?

I found this email mesg on the web:
On Tuesday, May 28, 2002 at 11:56 am, Peter wrote:
>I have Win XP, Norton Personal Firewall, and (of course) anit-virus program installed
>on my computer. Just recently, I keep getting a message from Norton Personal Firewall
>which was unusual as being a first time I've seen it since my computer setup for
>almost 6 months.
>
>It says A remote system is attempting to access LSA Shell (Export Version) on your
>computer.
>Details:
>Inbound UDP packet
>Local address,service is (0.0.0.0,isakmp(500))
>Remote address,service is (210.119.29.182,isakmp(500))
>Process name is "C:\WINDOWS\system32\lsass.exe"
>
>Any idea what it is? I don't even know what lsass.exe is. Thanks so much if you
>can also email me =)

>That DNS (210.119.29.182) originates in Korea at the PuKyong National University (Pusan). Sounds fishy to me.

Neither description explains how/can a Korean school could/want to access this guy's computer.

HERE IS A SOLUTION:
"Hi guys, I got exactly the same problem as you reported, Norton asking me about an outside connection to lsass.exe, I have cable with a dynamically assigned IP. I did a search on google for the file and came across a site that lists all the services within Win XP and recommendations whether they can be disabled or not. http://www.blkviper.com/WinXP/servicecfg.htm It's some sort of security site. Anyway, I went into services in Control Panel and disabled LSASS.exe from starting up and that seems to have resolved the problem. Don't know if it's a new attempt by some hacker to gain access to XP systems, I had mine running for 10 months on broadband before this message came up."

There is a virus assoicated with it: http://security-archive.merton.ox.ac.uk/nt-security-199811/0086.html


>
>Fox is the only reason I'm using Windows.

Same for me... no need for VFP... no need for Windows.