Re: Large ISP response to Code Red?

From: Mike Johnson (mikejat_private)
Date: Tue Jul 31 2001 - 05:39:02 PDT

  • Next message: Mike Lewinski: "Re: Large ISP response to Code Red?"

    Seth Arnold [sarnoldat_private] wrote:
     
    > I think picking on the ISPs is the wrong approach. Ask Microsoft why it
    > took over a month before their patches were applied to nearly half a
    > million systems.[1] Ask Microsoft why they don't perform better code
    > audits to find the gaping holes in their software. But don't bother the
    > ISPs too much -- if they start blocking OS/WebServer specific yet
    > RFC-compliant traffic, their customers may not like the intrusion. (I
    > know I don't want my web traffic scanned to protect people who don't
    > patch their systems...) 
    
    Agreed.  The ISPs just can't possibly secure all their customer's
    systems.  They could, if they wanted to, charge the customer if
    the customer attacks (either willingly or not) another.
    
    However, I suppose it's -still- too difficult to keep a Windows box
    up to date (for Joe 'I use Windows because it's easiest' User).  It's
    still a manual process that the user both needs to know about and
    be willing to do.  I recently got my hands on Mac OSX and they have
    automated updates.  When the system is first installed, it asks
    the user if they want to download the updates.  If so, it goes and
    does it.  At the same time, it sets up a schedule for weekly
    -automated- updates.  This means that an OSX box is never more 
    than a week out of date -and- the user has to do -nothing- to
    acomplish this feat.
    
    So, why doesn't Microsoft do this?  Why not schedule automated,
    unattended updates?  Make it such that the user can turn this
    off, but the default should be to update, -especially- for server
    class systems (Win2k Server).  Granted, this doesn't help those
    without an Internet connection, but who cares?  They're not
    a problem.
    
    If Win2k updated itself on a weekly basis, Code-Red (and the next
    and the next and the next Windows based worms) wouldn't have
    been able to infect -nearly- as many systems.
    
    To me, this is the answer.  Server based systems usually have
    plenty of bandwidth.  A different set of patches could be
    offered for the desktop class systems (Win9x, Me, 2k Prof.)
    that might be more bandwidth friendly and only applies to
    the highest priority stuff.
    
    Anyways, Microsoft?  Hello?  Are you there?
    
    > [1] they put an awful lot of effort into copyprotection .. how about
    > 'forced upgrade protection', that disables internet connections when
    > computers are unpatched for 14 days after release of a patch? Or how
    > about machines that automatically apply patches? Or email administrators
    > every time a patch is released? 
    
    Exactly.  Email isn't enough.  Automatically apply patches.
    
    Mike 
    -- 
    Mike Johnson -- mikejat_private
    OpenNMS -- http://www.opennms.org
    --
    Like many things in awk, the majority of the time things 
    work as you would expect them to work.  -- The GNU Awk User's Guide.
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 09:29:58 PDT