RE: Microsoft's Early Xmas Present.

From: H C (keydet89at_private)
Date: Thu Jan 03 2002 - 08:59:03 PST

  • Next message: John Sage: "Re: Microsoft's Early Xmas Present."

    > One thing that irritates me is the notion that "the
    > patch has been out for x
    > months and companies should be patched."  
    
    I would have to agree.  I have conducted assessments
    at enough locations to know that simply arbitrary
    installing a patch can do more harm than good.  And
    not all organizations have the staff, technical
    know-how, or hardware to test out patches.
    
    However, I do think that more should be done by
    individual organizations to come up with *some* means
    of dealing with these issues.  Yes, Microsoft has done
    quite a bit with their products to make them a
    management and administrative nightmare, but I am also
    quite sick of hearing the excuse that organizations
    aren't subscribing to the Security Bulletins b/c there
    are just too many to deal with.  It doesn't take much
    more than a few seconds to see if the issue affects
    you at all...if you use Eudora, then an OutLook
    vulnerability won't be an issue, will it?
    
    Arbitrarily installing every patch that comes out
    isn't the answer.  But neither is doing nothing.  Do
    router/firewall ACLs need to be updated?  What about
    IDS signatures?  
     
    > Should admin's be dilligent in patching? 
    > Absolutely.  Laziness is really
    > the only reason for not working on patches. 
    > However, keep in mind that
    > while a shop with 20 servers can be patched
    > carefully in a week or less, a
    > shop with 300 can take significantly more time.
    
    I agree.  However, look at Code Red...had admins
    followed the simple tenet of not allowing unnecessary
    services or functionality, the ida/idq script mappings
    would have been disabled during or following
    installation, and the systems would not have been
    vulnerable.  Many of the affected systems didn't even
    require the functionality.  Same is true for the older
    .htr issue.  
    
    Being diligent w/ patches is certainly something
    important, but it's far more important to be diligent
    w/ issues.  Default installations of products...any
    products...are going to come back and bite you in the
    butt.  
    
    
    __________________________________________________
    Do You Yahoo!?
    Send your FREE holiday greetings online!
    http://greetings.yahoo.com
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Jan 03 2002 - 10:08:44 PST