RE: Microsoft's Early Xmas Present.

From: H C (keydet89at_private)
Date: Thu Jan 03 2002 - 11:22:39 PST

  • Next message: Eric Jon Rostetter: "RE: Microsoft's Early Xmas Present."

    > AFAIK, I can't tell what they are
    > going to do
    > before hand, and can only install them and then try
    > to 
    > determine what they did after the fact.  (This may
    > prove my
    > ignorance of windows patches, but I can live with
    > that).
    
    AFAIK, you're pretty much dead on.  One of the biggest
    issues I've had since the beginning is not knowing
    what a patch does.  Sure, I can understand if a DLL
    has an overflow, and the code needs to be replaced. 
    However, many of the early patches could have been
    handled w/ a 'simple' Registry edit...I put simple in
    quotes b/c of the omnipresent MS admonition about
    editing the Registry.
     
    But then I guess that goes along w/ Microsoft's 'zero
    knowledge administration'.
    
    > Well, I find things are not so easy in windows. 
    > Just because
    > you don't use software doesn't mean it isn't
    > installed.  And
    > just because you don't know what it is, doesn't mean
    > it isn't
    > running as a service on your machine.  Now, in
    > theory a good
    > sysadmin would know what is running, etc.  But
    > sometimes it is
    > difficult in the windows world.
    
    I'm not sure just _how_ difficult that is.  I'll admit
    that it's hard to find out what some of the various MS
    services are, but third-party stuff is particularly
    easy to track down.
    
    > Case in point is the Universal Plug and Play
    > discussions.  Which
    > services should be disabled.  If you disabled them
    > all, then you
    > not only disable the vulnerability but also other
    > services which
    > depend in some way on the non-vulnerable Universal
    > Plug and Play
    > components...  So just disabling all the UPnP
    > services can cause
    > other things to break which may cause problems for
    > users...
    
    You're correct...but an implied corrollary to 'disable
    unnecessary services' is being able to determine what
    is necessary and what isn't.  The UPnP is difficult
    enough to understand...I can't see why any site would
    be running XP so soon after it's release, as there
    hasn't been time for a real 'shake down'.  However, I
    do know that there are a great many sites who've been
    running XP (however unknowingly) since beta.
    
    > Another case in point is the "I don't run outlook so
    > it doesn't
    > affect me" (say I use Eudora).  
    
    The comments I'd have to the rest of the post take me
    off on a tangent, and off topic.  All are good
    points...but perhaps that's better left for another
    thread.
    
    
    __________________________________________________
    Do You Yahoo!?
    Send your FREE holiday greetings online!
    http://greetings.yahoo.com
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Jan 03 2002 - 12:40:49 PST