RE: [logs] About Windows NT/2000 logs

From: Steve Wray (steve.wrayat_private)
Date: Tue Mar 05 2002 - 12:48:13 PST

Next message: Steve Wray: "RE: [logs] About Windows NT/2000 logs"

Previous message: Steve Wray: "RE: [logs] About Windows NT/2000 logs"
In reply to: H C: "RE: [logs] About Windows NT/2000 logs"
Next in thread: Marcus J. Ranum: "RE: [logs] About Windows NT/2000 logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> From: H C [mailto:keydet89at_private]
> 
> > Their not being text files probably has something
> > to do with the 
> > wide availability of hacker tools called "text
> > editors" that can be 
> > used to arbitrarily change the contents of such
> > files to cover an intruder's tracks.  
> 
> That brings up several other issues, the most
> important of which is the fact in the zeal to produce
> something that is more resistant to tampering, MS has
> produced a non-scalable auditing system that is
> resistant to use by the Administrators themselves.

They were probably trying to use it as an example of why
they arnt monopolising the software industry?
;)
 
> Or to an Excel spreadsheet...
> 
> > That the OS does not actually come with
> > such a tool is an 
> > oversight that Microsoft will no doubt correct by
> > acquiring one of 
> > the third-party tools that do this, as soon as one
> > of them 
> > demonstrates that there's money to be made.
> 
> Interesting thought...but why hasn't it been done yet?

My impression of NT sysadmins is that many of them have an 
unswerving trust in Microsofts ability to make a system thats so
reliable and secure that one doesnt really need to
watch the logs much. Cognitive dissonance has yet to
plunge many of them into hallucinations yet.

Hence the lack of demand. Except by sysadmins that are
actually aware of reality and are usually smart enough
to come up with a tailored solution that works for
them. Because opensourcedness doesn't infiltrate the
MS world (in MS talk cost is proportional to effectiveness)
these otherwise free solutions are not widely available.

In Linux talk, cost is *inversely* proportional to
effectiveness, hence the plethora of free solutions.
The problem then becomes wading thru the sea of free
solutions to find one that suits ones taste.



---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Steve Wray: "RE: [logs] About Windows NT/2000 logs"
Previous message: Steve Wray: "RE: [logs] About Windows NT/2000 logs"
In reply to: H C: "RE: [logs] About Windows NT/2000 logs"
Next in thread: Marcus J. Ranum: "RE: [logs] About Windows NT/2000 logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 05 2002 - 12:54:32 PST