Full Disclosure mailing list archives
RE: Re: Microsoft Security, baby steps ?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 18 Mar 2004 12:40:08 +1300
"Geo." <geoincidents () getinfo org> wrote:
It doesn't address the issue. The requirement is that some MS customers need to patch without putting the machine on the internet. For whatever reasons.
Absolutely. Much _worse_ though, is that _FAR TOO FEW_ MS customers actually seem to practice something like that. In a corporate environment I woud expect to see that as a very widespread requirement (though maybe those who do it have most of the the small-ish pool of really clueful Windows techs who know what a slipstreamed install point is and so on, so _they_ do not see any major problems there...).
Is that such an unreasonable request?
No, it's not, but it may be the case that MS thinks it has such requirements pretty well covered. Perhaps MS should be doing a lot more/better work educating its (medium to large) customers how to do system design, testing and rollout? Focussing on patch management (as it is somewhat at the moment) kinda assumes that there is a "system" worth patching, but if that has not been well-designed from the outset, in most cases you are better off re-doing the base OS implementation, rolling that out _then_ dealing with patching, which will be much better designed into a system spec'ed and implemented today than the existing one from several years back (assuming it was ever actually "designed" -- Ghost, et al. are cool, but they aren't much as system management tools _per se_). Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: Microsoft Security, baby steps ?, (continued)
- Re: Re: Microsoft Security, baby steps ? Geoincidents (Mar 16)
- Re: Re: Microsoft Security, baby steps ? Daniele Muscetta (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Dave Horsfall (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Daniele Muscetta (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Ron DuFresne (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Daniele Muscetta (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Guido van Rooij (Mar 18)
- Re: Re: Microsoft Security, baby steps ? Geoincidents (Mar 16)
- Re: Re: Microsoft Security, baby steps ? Geoincidents (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Simon Richter (Mar 17)
- RE: Re: Microsoft Security, baby steps ? Geo. (Mar 17)
- RE: Re: Microsoft Security, baby steps ? Nick FitzGerald (Mar 17)
- RE: [inbox] Re: Re: Microsoft Security, baby steps ? Curt Purdy (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Jeremiah Cornelius (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Valdis . Kletnieks (Mar 17)
- RE: Re: Microsoft Security, baby steps ? Geo. (Mar 17)
- RE: Re: Microsoft Security, baby steps ? Nick FitzGerald (Mar 17)