RE: M$ - so what should they do?

["Eric Paynter" <eric () arcticbears com>]

On Mon, June 21, 2004 6:14 pm, Stuart Fox (DSL AK) said:
> You've got some valid points but there is one thing that you've overlooked
> - auditing.
[...]
> Having said that, I've never actually met anyone who uses the registry
> auditing, but I'm sure they're out there.

I actually knew a group who once tried to use Windows auditing. After
working on it for months they gave up. I never got the full details of
why, but apparently it doesn't work exactly as expected. Something to do
with the fact that in some cases, it logs what you *could have done*
rather than what you *actually did*. In other words, if in the audit logs,
when it says it granted permission to do something, that doesn't mean you
actually did it. Just that you were granted permission to do it, which to
many implies that you did it. However, it wouldn't hold up in court as
evidence of something having been done.


> It tends to be more related to issues such as dll's needing to be
> registered etc.

Registered where? ;-)

-Eric

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html