Re: MS-02-052

[nexus () patrol i-way co uk (Nexus)]

----- Original Message -----
From: "Steve" <steve () videogroup com>
To: <full-disclosure () lists netsys com>
Sent: Friday, September 20, 2002 5:59 PM
Subject: Re: [Full-disclosure] Re: MS-02-052


> Hehe, right you are.
>
> But we've got more valuable things to do with our time than chasing
> patches that will never fully come through anyway.

Fair one, but you can also remove unused functionality - that would have
stopped CR for example, without even a patch.

> which generates income. You may see that as an irrational
> shut-everything-down approach, which is your prerogative.

As it is yours - you just seemed irrational in your post, Mea Culpa ;-)

> To be specific it's not MY shit to sort out. If I'm dumb enough to use
> MS then I would HAVE to sort out their shit. Nice stab though...

It wasn't a stab, merely an observation - I dislike the [percieved] attitude
that X is bad and Y is good without looking at the ethos of the vendor and
to what extent what functionality is installed Out Of Box.   Microsoft ship
their stuff with all bells and whistles enabled be default.   They have done
this for a long time and should be no surprise to anyone, so the first act
should be to remove all said bells and whistles you don't use.   Yes that's
an admin overhead unless you invested time in an automated secure build
policy, but if that's what it takes, then it needs to be done.   I did the
BOFH thing for long enough to know that.
You can lock down box A just as well as box B regardless of OS or
application, was my point.
Sometimes it takes a bit longer and maybe a bit more work and dependant on
what skills you or your team have, that may or may not be viable.   That's
just mitigation of risk which to a large extent is technology independant.

Cheers.