lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3FA289B9.7070808@venom600.org>
From: lists at venom600.org (Ben Nelson)
Subject: Microsoft plans tighter security measures in
 Windows XP SP2

yossarian wrote:
> Most of it appears to be tighten the defaults. Usefull, yes, but not very
> new..
New or not, it is one of the major gripes I always hear from Sys Admins 
in reference to MS software.  No doubt, it should have happened a long 
time ago, but....as they say....better late than never.

  > The application white list is an extension for ICF that has the same
> problem, who knows what apps are valid, who is to manage the list of 'known
> to be good' etc. Usually admins consider the Firewall a thing that just is,
> and often it is managed by a specialized admin. Now every NT-admin will have
> to know the working of an application firewall, and generally, of all the
> installed software. This will raise the TCO, and if companies do not employ
> more and more skilled support staff, the feature will just be in the way,
> and ICF probably disabled.
The application firewall sounds like a good idea.  Of course, it may 
take a few iterations and some bug fixes to get it right and make it 
easy to administer, but you've got to start somewhere and this also 
seems to me like a step in the right direction.  The ultimate fix would 
be to promote better (and more secure code), but since this will also 
protect 3rd party applications that MS has no control over it'll 
definitely help.  A little 'defense in depth' (hardly) ever hurts.

> My 0.02 cents: nice try, but next time go for less is more - less features
> is more security, this is just another featuritis.
I agree that 'less features is more security', but lets face 
it....people (by people, I mean the general public) want features and MS 
is in the business of making money.  More features == more money for 
them.  I don't begrudge them this (I work for a software company 
myself), so taking steps to make the additional features more secure (if 
even by using sane defaults) is a good thing.


I have traditionally been an anti-MS bigot.  However, I am always happy 
to see vendors making an effort (however small it may seem) to improve 
the security of the environment that they provide.  I don't even own a 
Windows machine, but if these 'enhancements' help mitigate the spread of 
things like Blaster and SoBig.F, then I don't have to spend my time 
going through a zillion IDS alerts and wasting CPU cycles on my 
Unix-based MTA filtering out crap emails.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ