RE: Microsoft's Early Xmas Present.

[H C <keydet89 () yahoo com>]

> AFAIK, I can't tell what they are
> going to do
> before hand, and can only install them and then try
> to 
> determine what they did after the fact.  (This may
> prove my
> ignorance of windows patches, but I can live with
> that).

AFAIK, you're pretty much dead on.  One of the biggest
issues I've had since the beginning is not knowing
what a patch does.  Sure, I can understand if a DLL
has an overflow, and the code needs to be replaced. 
However, many of the early patches could have been
handled w/ a 'simple' Registry edit...I put simple in
quotes b/c of the omnipresent MS admonition about
editing the Registry.
 
But then I guess that goes along w/ Microsoft's 'zero
knowledge administration'.

> Well, I find things are not so easy in windows. 
> Just because
> you don't use software doesn't mean it isn't
> installed.  And
> just because you don't know what it is, doesn't mean
> it isn't
> running as a service on your machine.  Now, in
> theory a good
> sysadmin would know what is running, etc.  But
> sometimes it is
> difficult in the windows world.

I'm not sure just _how_ difficult that is.  I'll admit
that it's hard to find out what some of the various MS
services are, but third-party stuff is particularly
easy to track down.

> Case in point is the Universal Plug and Play
> discussions.  Which
> services should be disabled.  If you disabled them
> all, then you
> not only disable the vulnerability but also other
> services which
> depend in some way on the non-vulnerable Universal
> Plug and Play
> components...  So just disabling all the UPnP
> services can cause
> other things to break which may cause problems for
> users...

You're correct...but an implied corrollary to 'disable
unnecessary services' is being able to determine what
is necessary and what isn't.  The UPnP is difficult
enough to understand...I can't see why any site would
be running XP so soon after it's release, as there
hasn't been time for a real 'shake down'.  However, I
do know that there are a great many sites who've been
running XP (however unknowingly) since beta.

> Another case in point is the "I don't run outlook so
> it doesn't
> affect me" (say I use Eudora).  

The comments I'd have to the rest of the post take me
off on a tangent, and off topic.  All are good
points...but perhaps that's better left for another
thread.


__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com