Re: Ten least secure programs

["Chris Berry" <compjma () hotmail com>]

> From: John Horn <jhorn1 () security ci tucson az us>
> Hmmm... Well, I think you should re-arrange the list in order of
> severity with the most unsecure programs at the top. Done this way,
> the top few would be some arrangement of MS-Word, MS-Excel, ActiveX,
> Outlook (various versions), MS-IE, IIS and SQL-Server. Telnet,
> Sendmail, FTP and their ilk would have to come further down the list.

I've since added rsh and activeX.  MS word and excel are vulnerable to macro 
viruses but that's pretty much taken care of by using a decent virus scanner 
nowadays, so I didn't feel they qualified for top ten.  IE didn't seem to be 
that much worse than any of the other browsers (except opera), and is pretty 
easy to secure by locking down the settings.  The only big SQL-Server one 
I've heard of is Slammer, which is supposedly fixed now.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Encrypt everything, and ask questions later."

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
    
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
         
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------