| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: helmut_hauser at hotmail.com (Helmut Hauser) Subject: Full-Disclosure] Anti-MS drivel I just have to say that Microsoft is working on higher and tighter security [Windows XP Service Pack 2] As far as I can say it looks promising. Maybe it is a bit too late but they are moving - Server 2003 is more secure, most services are tuned off by default and Windows XP goes in that direction. The new virii/worms are getting in the social engineering direction. Look at sven - fake mail microsoft style or sober - "you have been caught" and mimail - which was zipped - indeed proves that after Iloveyou nobody has learned - uh oh - let?s look into it !!!, and not to forget Sobig which pretended to origin from known senders and flooded mailservers. IMHO if another outbreak (very likely) occours it should be on the media (TV and Radio) so even Joe Sixpack knows then: -> Do not run that attatchment ! -> Download THIS update to stay secure. Sometimes it?s to blame us administrators for not installing patches - slammer and blaster patches were released way BEFORE the outbreak(s) occured but most admins did not patch, simply they dont?t even know that there is a patch available ! Could you blame Microsoft on that ? Simply no, cause as admin I have to know about patches/releases, I have to be on the MS security mailinglist and so on. e.g. I had to help out one large organisation (the famous infected notebook thingy) to patch the whole IT, what a nightshift ... *nix admins patch regulary but some (so called) windows admins) don?t - cause they did not realize that there is something to patch ... It?s all about knowledge and education. I recommend the MS SUS server, it?s free, you can test patches before approving them and it is inexpensive compared to SMS But that?s for us admins with a clue, what about the aunt annie and Joe Sixpack ? IMHO Windows may be insecure by default but there are patches and windows update but most private users turn it of by default - heck if I had a modem I would do the same ... What should MS do ? - Put free CDs with Patches everywhere [like [censored] AOL does with their "Software"] - Go to media, even it hurts - Shut down unecessary (insecure) Services - Change the behavior of XP Home (everyone is admin) - create an own install account with warning background - SuSE like with bombs - Include a security tour after (pre)-installation (OEM) - Software vendors - change your installers - most games run only as admin in WinXP ... And I truly agree with Tobias Weisserth that Windows XP Home should have been locked down and hardened for the home user (Joe Sixpack). It?s a crippled version of XP Pro with less features even in the security area, you can patch it - like the german magazine CT pointed out - but that is not manageable for the home user without any clue - heck I have had one mate who put his windows9x into the recycle bin and called me his windows won?t boot anymore. Nothing is impossible ! So don?t blame the Joe Sixpacks around - Media coverage and a better security support is all. just my 0,0002 cents Helmut Hauser Systemadministration EDV
Powered by blists - more mailing lists