Educause Security Discussion mailing list archives
Re: Windows Awareness Question
From: Brian Kaye <bdk () UNB CA>
Date: Fri, 27 Feb 2004 14:14:01 -0400
One thing that Microsoft fails to mention is the fact that the firewall in XP is exposed for anywheres between 15-30 seconds during the boot process. The stack is enable before the firewall starts so you can get compromised during the startup. .....Brian Kaye .....UNB On Fri, 27 Feb 2004, James Moore wrote:
Date: Fri, 27 Feb 2004 10:16:42 -0500 From: James Moore <jhmfa () RIT EDU> Reply-To: The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Windows Awareness Question During times of high worm activity (like now, and probably ...), I have had several reports of systems being compromised before they had finished windows update. On campus we can use a SUS server to speed things up, but we have a large portion of our faculty and staff with home systems, and internet connections. What bothers me about the MS solution is that it allows a window of time for compromise, and I am not sure that window is short enough. And the people who need the greatest protection are often the people who wouldn't know if they were compromised during setup. They would complete the steps, and then believe that they were secure. In the campus environment, many of the larger support organizations have ACL restricted subnets where they build their systems. Jim -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tim McGuffin Sent: Thursday, February 26, 2004 7:36 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Windows Awareness Question http://www.microsoft.com/protect/ will give most users the information they should need. --Tim -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James Moore Sent: Thursday, February 26, 2004 6:29 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Windows Awareness Question I need a resource to take someone through step by step what they need to do when they buy a new PC. It was assembled months ago, it doesn't have 50 patches it needs, and ... I have been asked for a "Where do we start" article. When I help friends out at home, I burn the latest free firewall, free antivirus, free ad-aware, and free anti-spyware to a CD, load that before connecting to the network, and then start windowsupdate after everything else is loaded. How do you advise users of home systems, and students? Jim - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 Office: 585-475-5406 Fax: 585-475-7950 "In cases of defence 'tis best to weigh the enemy more mighty than he seems" - William Shakespeare (Henry V, Act 2, Scene 4) ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Windows Awareness Question James Moore (Feb 26)
- <Possible follow-ups>
- Re: Windows Awareness Question Gary Flynn (Feb 26)
- Re: Windows Awareness Question Melissa Guenther (Feb 26)
- Re: Windows Awareness Question Tim McGuffin (Feb 26)
- Re: Windows Awareness Question Gary Flynn (Feb 26)
- Re: Windows Awareness Question Brian Reilly (Feb 26)
- Re: Windows Awareness Question James Moore (Feb 27)
- Re: Windows Awareness Question Gary Flynn (Feb 27)
- Re: Windows Awareness Question Sallie F Wright (Feb 27)
- Re: Windows Awareness Question Lawrence R. Rogers (Feb 27)
- Re: Windows Awareness Question Brian Kaye (Feb 27)