Security Basics mailing list archives
RE: Windows Vista current flaws
From: "Burton Strauss" <Burton () FelisCatus org>
Date: Thu, 29 Sep 2005 06:47:56 -0500
You clearly are not protecting against one of your students running attack programs, network scans, etc. - since they own the computer they obviously have root access. So, what is it that you are 'protecting' against anyway? Are you trying to protect the unsophisticated computer user from being attacked and exploited? If so, your minimum standards probably do hit that target. But this is NOT an unsophisticated user. And if s/he wants to run beta software, then why do you care. Perhaps purely for informational purposes? If so, you can easily add a notification clause to the network access agreement. You've already got something like this, right? "Student agrees that any operating system software run on any host connected to our network will be legally acquired. For protection of yourself and other students we require you to obtain and apply all security patches for your operating system." "We actively monitor the network and will - without notification - disable your network port or suspend your network access if we observe any hostile or unusual activity origination from your computers." So add: "In the event student chooses to run beta or other pre-release software, s/he will notify network services via email of the nature and version of such operating system software at least 24 hours prior to installation. Student assumes all risks for using any (not just operating system) beta or pre-release software, and we do not provide any support for such beta or pre-release software." -----Burton -----Original Message----- From: Lance.Druger () wellsfargo com [mailto:Lance.Druger () wellsfargo com] Sent: Wednesday, September 28, 2005 5:39 PM To: security-basics () securityfocus com Subject: RE: Windows Vista current flaws This is a residence hall, and not a "work" environment. If this was a bank or other corporation I'd agree with that, but these are students in a dorm room. I still think that there should be some flexibility. Just my 2 cents. Lance Druger -----Original Message----- From: Micheal Espinola Jr [mailto:michealespinola () gmail com] Sent: Tuesday, September 27, 2005 9:28 AM To: security-basics () securityfocus com Subject: Re: Windows Vista current flaws Beta software should not be allowed to run unchecked in a production environment. On 9/27/05, Jon Lawhead <samurai () berkeley edu> wrote:
Greetings all, I work in Network Security for UC Berkeley's residence halls. We have
a list of several "minimum
security standards" that we require all connected computers to meet
before being allowed access to
the network (stuff like having a firewall program, antivirus, etc).
One of the standards involves
having the latest patched version of a secure operating system. I
have a user on the network who
wishes to run a (legitimately acquired, or so he says) version of
Windows Vista beta version.
Before I decide on this, I wanted opinions on whether or not this is a
good idea. My first
instinct is to disallow any beta operating systems simply on the
grounds that they'll be buggy by
definition and may potentially have serious security flaws, but I
can't find anything to back this
up. Just wondering if I could get a few opinions on whether or not
this is a good idea. Thanks!
Jon Lawhead Network Security Coordinator Residential Computing University of California, Berkeley
-- ME2 <http://www.santeriasys.net/>
Current thread:
- Windows Vista current flaws Jon Lawhead (Sep 27)
- Re: Windows Vista current flaws Micheal Espinola Jr (Sep 28)
- Re: Windows Vista current flaws Sean Earp (Sep 28)
- RE: Windows Vista current flaws Joe_Wulf (Sep 28)
- <Possible follow-ups>
- RE: Windows Vista current flaws Roger A. Grimes (Sep 28)
- RE: Windows Vista current flaws Lance.Druger (Sep 28)
- Re: Windows Vista current flaws DMORROW5 (Sep 28)
- RE: Windows Vista current flaws Kofron, Matt (Sep 28)
- RE: Windows Vista current flaws Lance.Druger (Sep 28)
- RE: Windows Vista current flaws Burton Strauss (Sep 30)
- RE: Windows Vista current flaws Cony Zhou 周圣 (Sep 30)
- Re: RE: Windows Vista current flaws kinoka2k (Sep 30)
- Re: Windows Vista current flaws Micheal Espinola Jr (Sep 28)