lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <8B32EDC90D8F4E4AB40918883281874D523237@pivxwin2k1.secnet.pivx.com>
Date: Fri, 16 Apr 2004 14:33:26 -0700
From: "Thor Larholm" <thor@...x.com>
To: "Kim Scarborough" <kjs@...icago.edu>, <bugtraq@...urityfocus.com>
Subject: RE: "Delete anti-virus and firewall software" --Microsoft


The Knowledge Base article is no longer available on
support.microsoft.com, but a lot of other sites have a copy:

http://www.kbalertz.com/Feedback_820673.aspx



Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor@...x.com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net> 


-----Original Message-----
From: Kim Scarborough [mailto:kjs@...icago.edu] 
Sent: Friday, April 16, 2004 10:01 AM
To: bugtraq@...urityfocus.com
Subject: "Delete anti-virus and firewall software" --Microsoft


Isn't the "Resolution" in this Knowledge Base article a little, uh,
ill-advised:

<http://support.microsoft.com/default.aspx?scid=kb;en-us;820673>

Isn't this the same company that says things like this under "Mitigating

Factors" in their security bulletins:

"Firewall best practices and standard default firewall configurations
can help protect networks from remote attacks originating outside of the
enterprise perimeter. Best practices recommend blocking all ports that
are not actually being used. For this reason, most systems attached to
the Internet should have a minimal number of the affected ports
exposed."

Unless you want to use Outlook, I guess.

I don't even want to think about the implications of Microsoft
*encouraging* 
Outlook users to uninstall anti-virus software...

-- 
------------------------------------------------------------------------
----
Kim Scarborough
http://www.unknown.nu/kim/
------------------------------------------------------------------------
----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ