Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Re: Microsoft Security, baby steps ?
From: John.Airey () rnib org uk
Date: Tue, 16 Mar 2004 10:25:52 -0000

-----Original Message-----
From: Troy [mailto:th () zeno com]
Sent: Monday, 15 March 2004 16:35
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Re: Microsoft Security, baby steps ?


On Mon, 15 Mar 2004 09:13:54 -0500, "Edge, Ronald D" 
<edge () indiana edu> wrote:

although this could be amusing...
http://www.microsoft.com/security/protect/cd/order.asp

I particularly like the second link, which states on 
ordering a security
CD:

"Please allow 2-4 weeks for delivery."

By which time of course there will be either:
    a) a patch to correct the mistakes in the patch on the CD 
       which is in mail
or
    b) a whole new round of patches
or
    c) it will be too late to apply them because the users machine 
       is already trojaned to hell and back.

Actually, that CD only includes the updates as of October 2003. It is
not meant as a replacement for security updates, but just to make it
easier to do a clean install of Windows. I suppose part of it is to
lessen the load on Microsoft's Windows Updates servers, but 
it does make
re-installing Windows much easier and faster for the average user who
does not know how to slipstream the updates into the Windows 
install CD.

Slipstreaming Windows 2000 SP4 is relatively easy, however you'll find that
you can't run certain Microsoft Java applications (eg Outlook Web Access
Calendar), nor can you install msjvm.exe either if you do. Slipstreaming an
earlier version and then upgrading to SP4 and Microsoft Java works. The Sun
version of Java doesn't work in this instance either (I've tried). 

For 2000 and XP systems you can download the updates from Windows Update and
put them on your own CD together with any service packs. Given how quickly
machines can be infected that's more useful than a CD from Microsoft. Those
of you still supporting NT4 servers are stuck with Windows Update now as
several updates can only be retrieved with the use of a NIC. What is it with
Microsoft and security?

Come on Microsoft. How about putting together a single file that contains
all the "critical" security updates since the last service pack for a given
OS? Then us beleaguered admins can stick it on a CD together with the
relevant service packs and we'd no longer need to use the NIC until a
machine is fully patched. Who knows, perhaps then we'd get sensible results
out of MBSA?

I use kickstart and the genhdlist package with Red Hat to ensure that any
installed system has all the updates installed on the first boot after
installation. Why then does Windows have to lag so far behind?

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk 

Shameless movie plug - go see the Passion of the Christ!

- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault