Security Incidents mailing list archives
RE: Microsoft's Early Xmas Present.
From: H C <keydet89 () yahoo com>
Date: Thu, 3 Jan 2002 11:22:39 -0800 (PST)
AFAIK, I can't tell what they are going to do before hand, and can only install them and then try to determine what they did after the fact. (This may prove my ignorance of windows patches, but I can live with that).
AFAIK, you're pretty much dead on. One of the biggest issues I've had since the beginning is not knowing what a patch does. Sure, I can understand if a DLL has an overflow, and the code needs to be replaced. However, many of the early patches could have been handled w/ a 'simple' Registry edit...I put simple in quotes b/c of the omnipresent MS admonition about editing the Registry. But then I guess that goes along w/ Microsoft's 'zero knowledge administration'.
Well, I find things are not so easy in windows. Just because you don't use software doesn't mean it isn't installed. And just because you don't know what it is, doesn't mean it isn't running as a service on your machine. Now, in theory a good sysadmin would know what is running, etc. But sometimes it is difficult in the windows world.
I'm not sure just _how_ difficult that is. I'll admit that it's hard to find out what some of the various MS services are, but third-party stuff is particularly easy to track down.
Case in point is the Universal Plug and Play discussions. Which services should be disabled. If you disabled them all, then you not only disable the vulnerability but also other services which depend in some way on the non-vulnerable Universal Plug and Play components... So just disabling all the UPnP services can cause other things to break which may cause problems for users...
You're correct...but an implied corrollary to 'disable unnecessary services' is being able to determine what is necessary and what isn't. The UPnP is difficult enough to understand...I can't see why any site would be running XP so soon after it's release, as there hasn't been time for a real 'shake down'. However, I do know that there are a great many sites who've been running XP (however unknowingly) since beta.
Another case in point is the "I don't run outlook so it doesn't affect me" (say I use Eudora).
The comments I'd have to the rest of the post take me off on a tangent, and off topic. All are good points...but perhaps that's better left for another thread. __________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Microsoft's Early Xmas Present. Devdas Bhagat (Jan 02)
- Re: Microsoft's Early Xmas Present. Steve Stearns (Jan 02)
- Re: Microsoft's Early Xmas Present. John Sage (Jan 03)
- Re: Microsoft's Early Xmas Present. Brett Glass (Jan 03)
- Re: Microsoft's Early Xmas Present. John Sage (Jan 03)
- <Possible follow-ups>
- Re: Microsoft's Early Xmas Present. David Kennedy CISSP (Jan 03)
- Re: Microsoft's Early Xmas Present. Ryan Russell (Jan 03)
- RE: Microsoft's Early Xmas Present. Cloppert, Michael (Jan 03)
- RE: Microsoft's Early Xmas Present. H C (Jan 03)
- Re: Microsoft's Early Xmas Present. Valdis . Kletnieks (Jan 03)
- RE: Microsoft's Early Xmas Present. Eric Jon Rostetter (Jan 03)
- RE: Microsoft's Early Xmas Present. H C (Jan 03)
- RE: Microsoft's Early Xmas Present. H C (Jan 03)
- Re: Microsoft's Early Xmas Present. Steve Stearns (Jan 02)