Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Operating Systems Security, "Microsoft Security, baby steps"
From: Todd Burroughs <todd () hostopia com>
Date: Fri, 19 Mar 2004 01:49:42 -0500 (EST)




On Thu, 18 Mar 2004, Schmehl, Paul L wrote:

Updating any OS is a pain in the ass, but all of them have
flaws and need to be updated.  I find that at least with the
UNIX-like ones, you can go on the Net and do your updates
faster than you get rooted.

This is foolish thinking.  Do you really think that, when a patch comes
out, *then* the hackers start working on exploits?  The exploits were
being used *long* before the patch comes out.  The only thing a patch
gets you is protection against *future* hack attempts against *that*
weakness.

Wasn't that something that MS tried to say, the "hackers" are reverse
engineering our patches?  That was funny, but the sad thing is that a
lot of people will believe it.

What I meant is that you can most likely actually use the Internet to get
patches with a fresh install before you get taken over, not that somehow
UNIX-like systems make patches before the exploits are out there and being
used ;-)  It's quite apparent by other threads on the list that this is
not generally the case with Windows.  Just being patched doesn't mean
that you are safe, but it's better than running well known security holes.

Obviously, if you go on the Net with all services running, especially
on an unpatched box, you're gonna get rooted pretty quickly.

Todd Burroughs

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]