Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Useless tidbit (MS AntiSpyware)
From: "Des Ward" <des_ward () o2 co uk>
Date: Thu, 12 May 2005 07:49:53 GMT

I'd also recommend learning to use RIS and SUS servers, GPO's and slipstreaming to keep patches up to date. True there 
are still unpatched vulnerabilities out there, but actually patching components such as MSIE is at least as important.

I disagree that malicious code spreads purely due to bad admins. Standard builds deployed by a combination of RIS and 
GPOs could allow greater control over the environment, the balance between useability and security is often a fine one.

Actually putting some thought into builds would be helpful, with basic builds having everthing unused switched off. 
Choosing between similar applications based on their lack of insecure features would help too.

The main problem IMHO is that people don't know what's on their network. It's kinda hard then to apply any advice you 
get.  There's no excuse for this if you have a 1918 network, as you can use the basic version of NeWT to scan your 
network for vulnerabilities and to find out what you actually have.

Technology isn't a panacea, but slating people for using AV/Spyware products shows a lack of understanding of business. 
Or maybe certain people feel you don't need either if you've configured your network properly? (Airgap instead of the 
'net anyone?) Sure the technology isn't perfect, but if it helps prevent further botnet activities on those systems 
controlled by less experienced people I'm certainly not going to make them feel bad for it.
-----Original Message-----
From: Valdis.Kletnieks () vt edu
Date: Thu, 12 May 2005 02:05:23 
To:kurt.buff () gmail com
Cc:steve () bytebusters com, Full Disclosure <full-disclosure () lists grok org uk>
Subject: Re: [Full-disclosure] Useless tidbit (MS AntiSpyware)

On Wed, 11 May 2005 11:30:46 PDT, Kurt Buff said:
If one [or more] of you on the list could be so kind to indicate a
[many] resource[s] that lame hamstung admins would be wise to follow
as guidlines to secure Windows systems.. it would be so much more
productive. espcially  for those lazy a$$ admins who may overlook the
single [or multiple] missed step that lets them become owned, hacked,
infected, unpatched, bugged, spewing, spamming, bots, rooted .... [I
am sure to have skipped a few important ones] ;-P


Google is your friend - start with 'NSA security guidelines windows'.

I'll add in the Center for Internet Security benchmarks:


It covers a lot of the same stuff as the NSA guidelines (which were used as
one of the inputs). Benefits: (1) I don't know if the NSA stuff has been updated
for XP, and (2) the CIS stuff includes a scoring tool which will let you know
which things you've not tightened down.

XP SP2, current patches, and either/both of the NSA/CIS kits - I will *not*
guarantee that it's bulletproof secure, but at least the box won't be sitting
there with a 'HAX0R ME N0W' sign on it.

(No, I didn't work on the CIS Windows stuff, but I'll take at least partial
blame for the Solaris/Linux/AIX ones)

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Kind regards,

Des Ward
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]