[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200406171729.i5HHT2h07928@pop-5.dnv.wideopenwest.com>
From: mvp at joeware.net (joe)
Subject: MS Anti Virus?
I think you will be pleasantly surprised by XP SP2 and XP Reloaded and
Windows Server R2. They are listening and they are correcting.
On the services running by default front, MS has finally come around that
corner, if you have installed 2K3 you will note a large reduction in what is
installed by default, that trend will continue.
In terms of the check for patches prior to starting business, that may be a
little too intrusive, at least in my opinion. However if the folks are
running the firewall it shouldn't be an issue. I am especially thinking with
Reloaded and R2 here.
Also if you can chase down the PPTs from the Spring D.E.C. conference held
in Washington D.C. you can see some of the future thinking stuff in terms of
Federation and identity based firewall access to make it easier for home
users to use firewalls and still being able to do what they want to do.
You will note that the number of bugs, at least security related are going
down in the newer version. Most of the issues you see are issues that are
legacy that have "always" been in the product and are being found now and
removed. I.E. It is more likely you will see a bug/hole that affects NT3/4,
2K, XP, and 2K3 versus just 2K3 or XP.
Check out the scope of the various fixes, does the fix go all the way back
to NT4 or later? Most certainly that is code that hasn't been written
recently and you are pointing out things from the past that they are working
on correcting already. It would literally be impossible to go back through
all of the old code and find all of the bad things. Even for this august
body of admins, developers, security folks. Look at BSD and Linux, if being
open to everyone was the answer you wouldn't still be seeing bugs/holes
discovered in the *nixs that have been there for some time and many
revisions, you would only supposedly have new bugs in the latest revisions.
One of Microsoft's biggest strengths and issues has been their support of
legacy apps, systems. They don't want people to break and contrary to
popular opinion do spend a considerable amount of time and effort working to
make it so legacy third party stuff doesn't break on the new stuff even if
the reason for the break is bad coding/processes on the part of the vendor.
An example would be what they did for simcity back in the day, it used
memory incorrectly so MS actually put a special check into the allocator to
protect against that bad use. Note the difference in a company that doesn't
really do that... Apple. Most old stuff will not run on new Apples but you
will find many apps that run on MS-DOS that can still be run on the latest
versions of Windows. I have a couple of programs I wrote in the early 80s
for machine shops that still run fine today, they haven't seen a compiler
since 1987 or so. Actually I just saw the other day a great article on this
but I can't find the link at the moment. The person, however, was
highlighting/complaining about MS's recent swing away from worrying about
legacy as much.
I am not really sure where I stand with the break with legacy argument. On
the plus side it would be nice because they can stop putting in all of the
overhead to support old junk and maybe get rid of a lot of bugs that have
always existed in that code that haven't been exposed. Doing that might
possibly shut up a bunch of the anti-MS camp. However, that would break a
bunch of things and then other anti-MS people would start whining about that
and how MS doesn't care about its users so it isn't even close to a win-win
situation.
If you have an XP machine lying about and haven't played with the XP SP2
Release Candidate, I highly recommend it. If anything, it gives you an idea
of where MS is currently going. Also check out 2K3.
http://www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx
joe
-----Original Message-----
From: Steffen Schumacher [mailto:ssch@...el.dk]
Sent: Thursday, June 17, 2004 12:51 PM
To: joe
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] MS Anti Virus?
On 17.06.2004 11:51:46 +0000, joe wrote:
> However the worms would be blocked if people had patched their machine
> or otherwise properly administrated the machines they were responsible
> for. All of the worms that I think you are probably referring to all
> had patches well in advance of the worm that impacted it, blaster,
slammer, sasser, etc.
>
Agreed.
I'm not saying that MS doesn't provide patches - they do.
I simply think that the amount of bugs in MS' OS' are to great.
If you install windows and attempt to either patch it or install firewall
afterwards while on the live internet - Your chances of getting infected are
quite high. The time it takes to install patches or a firewall may in some
situations be longer then it would take for a user to get infected.
I picture it a bit like a para trooper which has noo means of defense until
he lands and can take cover.
Other OS' like FreeBSD take a different approach. All non vital services are
disabled until the user explicitly installs or enables them.
Microsofts products should provide the means to a secure patch before risky
services like DCOM are enabled.
This should in fact be the case everytime a MS pc starts up.
Otherwise a pc which has been offline for a period may become infected while
patching.
But ultimately MS have to catch more of their serious bugs before releasing
their software. Consider how many resources that are spent on patching.
Could they have been spent revising code in stead?
I wonder what the average load on the windows update server park is...
Powered by blists - more mailing lists