lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu May 12 08:50:05 2005
From: des_ward at o2.co.uk (Des Ward)
Subject: Useless tidbit (MS AntiSpyware)

I'd also recommend learning to use RIS and SUS servers, GPO's and slipstreaming to keep patches up to date. True there are still unpatched vulnerabilities out there, but actually patching components such as MSIE is at least as important.

I disagree that malicious code spreads purely due to bad admins. Standard builds deployed by a combination of RIS and GPOs could allow greater control over the environment, the balance between useability and security is often a fine one.

Actually putting some thought into builds would be helpful, with basic builds having everthing unused switched off. Choosing between similar applications based on their lack of insecure features would help too.

The main problem IMHO is that people don't know what's on their network. It's kinda hard then to apply any advice you get.  There's no excuse for this if you have a 1918 network, as you can use the basic version of NeWT to scan your network for vulnerabilities and to find out what you actually have.

Technology isn't a panacea, but slating people for using AV/Spyware products shows a lack of understanding of business. Or maybe certain people feel you don't need either if you've configured your network properly? (Airgap instead of the 'net anyone?) Sure the technology isn't perfect, but if it helps prevent further botnet activities on those systems controlled by less experienced people I'm certainly not going to make them feel bad for it.
-----Original Message-----
From: Valdis.Kletnieks@...edu
Date: Thu, 12 May 2005 02:05:23 
To:kurt.buff@...il.com
Cc:steve@...ebusters.com, Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: [Full-disclosure] Useless tidbit (MS AntiSpyware)

On Wed, 11 May 2005 11:30:46 PDT, Kurt Buff said:
> > If one [or more] of you on the list could be so kind to indicate a
> > [many] resource[s] that lame hamstung admins would be wise to follow
> > as guidlines to secure Windows systems.. it would be so much more
> > productive. espcially  for those lazy a$$ admins who may overlook the
> > single [or multiple] missed step that lets them become owned, hacked,
> > infected, unpatched, bugged, spewing, spamming, bots, rooted .... [I
> > am sure to have skipped a few important ones] ;-P
> > 
> > steve
> 
> Google is your friend - start with 'NSA security guidelines windows'.

I'll add in the Center for Internet Security benchmarks:

http://www.cisecurity.org

It covers a lot of the same stuff as the NSA guidelines (which were used as
one of the inputs). Benefits: (1) I don't know if the NSA stuff has been updated
for XP, and (2) the CIS stuff includes a scoring tool which will let you know
which things you've not tightened down.

XP SP2, current patches, and either/both of the NSA/CIS kits - I will *not*
guarantee that it's bulletproof secure, but at least the box won't be sitting
there with a 'HAX0R ME N0W' sign on it.

(No, I didn't work on the CIS Windows stuff, but I'll take at least partial
blame for the Solaris/Linux/AIX ones)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Kind regards,

Des Ward

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ