Full Disclosure mailing list archives
Re: MS-02-052
From: nexus () patrol i-way co uk (Nexus)
Date: Fri, 20 Sep 2002 19:59:53 +0100
----- Original Message ----- From: "Steve" <steve () videogroup com> To: <full-disclosure () lists netsys com> Sent: Friday, September 20, 2002 5:59 PM Subject: Re: [Full-disclosure] Re: MS-02-052
Hehe, right you are. But we've got more valuable things to do with our time than chasing patches that will never fully come through anyway.
Fair one, but you can also remove unused functionality - that would have stopped CR for example, without even a patch.
which generates income. You may see that as an irrational shut-everything-down approach, which is your prerogative.
As it is yours - you just seemed irrational in your post, Mea Culpa ;-)
To be specific it's not MY shit to sort out. If I'm dumb enough to use MS then I would HAVE to sort out their shit. Nice stab though...
It wasn't a stab, merely an observation - I dislike the [percieved] attitude that X is bad and Y is good without looking at the ethos of the vendor and to what extent what functionality is installed Out Of Box. Microsoft ship their stuff with all bells and whistles enabled be default. They have done this for a long time and should be no surprise to anyone, so the first act should be to remove all said bells and whistles you don't use. Yes that's an admin overhead unless you invested time in an automated secure build policy, but if that's what it takes, then it needs to be done. I did the BOFH thing for long enough to know that. You can lock down box A just as well as box B regardless of OS or application, was my point. Sometimes it takes a bit longer and maybe a bit more work and dependant on what skills you or your team have, that may or may not be viable. That's just mitigation of risk which to a large extent is technology independant. Cheers.
Current thread:
- Re: MS-02-052 full-disclosure () lists netsys com (Sep 19)
- Re: MS-02-052 Nick FitzGerald (Sep 19)
- Re: MS-02-052 Jouko Pynnonen (Sep 19)
- Re: MS-02-052 Steve (Sep 20)
- Re: MS-02-052 Nexus (Sep 20)
- Re: MS-02-052 Steve (Sep 20)
- Re: MS-02-052 Nexus (Sep 20)
- Re: MS-02-052 Steve (Sep 20)
- <Possible follow-ups>
- Re: MS-02-052 naked_turkey () hushmail com (Sep 20)
- Re: MS-02-052 gobbles () hush com (Sep 20)
- Re: MS-02-052 John (Sep 20)
- Re: MS-02-052 phc () hush com (Sep 20)
- Re: MS-02-052 full-disclosure () lists netsys com (Sep 20)
- Re: MS-02-052 Moyer, Shawn (Sep 20)
- MS Updates, Was : MS-02-052 Nexus (Sep 21)
- Re Windows Update Nexus (Sep 26)