In some mail from David LeBlanc, sie said: > > At 09:46 AM 2/8/99 -0500, Chris Brenton wrote: > >Many security audit tools that I've tested would in fact say that the > >system is safe because SP4 has been installed. This is because instead > >of checking file dates, they are looking for registry keys which > >identify what patches have been loaded on the system. > > > >I personally can not say if ISS's scanners fall into the same boat, but > >from my testing I know many do. > > We check file dates when checking for NT patches, and would catch your > example. I don't see how that can be considered "adequate". However, going back to "cops" (could be considered to be the origin of such processing), it appears it performed the same evil. For .dll's and friends which are supplied with service packs, I can't see why you would not use a cryptographic checksum to ensure that the file there is what you think it is. Darren
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:33:42 PDT