RE: Learn from history?

[<full-disclosure () nym hush com>]

> > 1. Keep informed.
> Sure. I'll inform all my 300 customers MS release a bug today, 
> and I'll drop by to all of them to patch tomorrow.

"You" is implied in that statement.

> > 2. Install patches as soon as possible
> That would involve runnning Windows Automated Update every night
> automagically...

1.  Microsoft already provides that feature
2.  As soon as possible for "you"

> > 2. If a patch cannot be installed, find workarounds
> That does not work with the workarounds customer need to facilitate
> life (security <> easy of use, remember)

And the computers/networks will be so easy to use when lines are saturated,
 file systems are corrupted or data are stolen

> > 3. If it is a port-related threat, find out if such ports are 
> > in use, and if not, make sure they are closed. 
> Once the virus is on the LAN it can do whatever it wants.

Hello!  Block the ports BEFORE they hit the LAN.  Proactive security.
Also, do us a favor and don't propogate the shit!

> > Some of the comments overheard this week regarding Sasser:
> I did propose some firewall, but they feel it's too much EUREUREUREUR

And you provided some sort of analysis showing potential losses due to
the lack of a security infrastructure, right?  

> > Will they learn from history? Only history will tell.
> I'm pretty sure they won't. Even most tech guys don't have a clue.

Evidently, thanks for your example.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html