mailing list archives
RE: Re: Microsoft Security, baby steps ?
From: John.Airey () rnib org uk
Date: Tue, 16 Mar 2004 10:25:52 -0000
From: Troy [mailto:th () zeno com]
Sent: Monday, 15 March 2004 16:35
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Re: Microsoft Security, baby steps ?
On Mon, 15 Mar 2004 09:13:54 -0500, "Edge, Ronald D"
<edge () indiana edu> wrote:
although this could be amusing...
I particularly like the second link, which states on
ordering a security
"Please allow 2-4 weeks for delivery."
By which time of course there will be either:
a) a patch to correct the mistakes in the patch on the CD
which is in mail
b) a whole new round of patches
c) it will be too late to apply them because the users machine
is already trojaned to hell and back.
Actually, that CD only includes the updates as of October 2003. It is
not meant as a replacement for security updates, but just to make it
easier to do a clean install of Windows. I suppose part of it is to
lessen the load on Microsoft's Windows Updates servers, but
it does make
re-installing Windows much easier and faster for the average user who
does not know how to slipstream the updates into the Windows
Slipstreaming Windows 2000 SP4 is relatively easy, however you'll find that
you can't run certain Microsoft Java applications (eg Outlook Web Access
Calendar), nor can you install msjvm.exe either if you do. Slipstreaming an
earlier version and then upgrading to SP4 and Microsoft Java works. The Sun
version of Java doesn't work in this instance either (I've tried).
For 2000 and XP systems you can download the updates from Windows Update and
put them on your own CD together with any service packs. Given how quickly
machines can be infected that's more useful than a CD from Microsoft. Those
of you still supporting NT4 servers are stuck with Windows Update now as
several updates can only be retrieved with the use of a NIC. What is it with
Microsoft and security?
Come on Microsoft. How about putting together a single file that contains
all the "critical" security updates since the last service pack for a given
OS? Then us beleaguered admins can stick it on a CD together with the
relevant service packs and we'd no longer need to use the NIC until a
machine is fully patched. Who knows, perhaps then we'd get sensible results
out of MBSA?
I use kickstart and the genhdlist package with Red Hat to ensure that any
installed system has all the updates installed on the first boot after
installation. Why then does Windows have to lag so far behind?
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk
Shameless movie plug - go see the Passion of the Christ!
NOTICE: The information contained in this email and any attachments is
confidential and may be privileged. If you are not the intended
recipient you should not use, disclose, distribute or copy any of the
content of it or of any attachment; you are requested to notify the
sender immediately of your receipt of the email and then to delete it
and any attachments from your system.
RNIB endeavours to ensure that emails and any attachments generated by
its staff are free from viruses or other contaminants. However, it
cannot accept any responsibility for any such which are transmitted.
We therefore recommend you scan all attachments.
Please note that the statements and views expressed in this email and
any attachments are those of the author and do not necessarily represent
those of RNIB.
RNIB Registered Charity Number: 226227
Full-Disclosure - We believe in it.
RE: Re: Microsoft Security, baby steps ? John . Airey (Mar 16)
Re: Re: Microsoft Security, baby steps ? Geoincidents (Mar 17)
Re: Re: Microsoft Security, baby steps ? Simon Richter (Mar 17)
RE: Re: Microsoft Security, baby steps ? Geo. (Mar 17)