begin risky.vbs
<dkhail$16r$1@xxxxxxxxxxxxxxxxx>,
Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> writes:
> Previously we discussed conflicts that arise when a user gets 'injected' with
> non-stop updates. The integrity of the system breaks and below is a very
> recent example, among many. I still get many queries from staff whose
> software broke due to some updates, so it's costing time.
>
> URL: http://news.yahoo.com/s/pcworld/123431
>
> <snip>
>
> Two patches released by Microsoft earlier this year for its Internet Explorer
> browser may cause some Web sites not to load properly.
>
> ...
>
> After installing MS05-038, which was published August 9 on the Microsoft
> Download Center, Web pages containing Component Object Model (COM) objects
> called monikers may not work as expected.
MS have an atrocious record for producing patches which either don't
fix the problem properly, introduce new bugs or break systems when the
patch is installed.
XP SP2 was a classic example. The risk of installing it corporate wide
when it was released was simply too dangerous for many companies even
though it included critical security fixes. I love being a sys admin
amongst other things because it is fun. I don't admin Windows systems
though. That sounds like hell to me.
Code Red was a classic. I've told this story before but I think it
worth it to say it again.
I remember when Code Red first appeared. I didn't know what it was at
the time of course. It was a Sunday evening. My cable modem sat on the
desk next to my monitor. The receive LED would normally flicker every
second or so when I wasn't accessing the Internet. I had snooped before
to see what these packets were and they were primarily ARP broadcasts.
Quite normal.
During the evening the receive LED started flashing more and more
until it was flashing constantly. So I ran tcpdump to see what is
going on. Lots of connection attempts to port 80 on my system. As my
system wasn't listening on port 80 I wasn't too bothered about it.
Next morning I go to work. I tend to start late and finish late and my
colleagues are huddled together looking at snort alerts from our IDS
system. They tell me about the new Code Red exploit and that 3 of our
company's Windows web servers have been infected.
So I go to the guy who is responsible for the Windows servers and tell
him he has 3 infected systems. His response? He goes apeshit. What's
the point of your firewalls he screams. I try and explain why our
firewalls can't protect against OS and application security bugs and
asked him why he hadn't installed the patch from MS. His reply was
that his staff hadn't time to keep installing MS security patches (I
think there were over 100 for the year Code Red was released).
The thing is my cable modem receive LED continues to flicker non-stop
to this day. Most of the crap today is Windows systems broadcasting
thet they are there. Who gives a shit. This is just another example
of crap MS SW design.
Someone recently said ISP's should block PC's that are clearly
infected with spam or whatever zombies. I would go further and block
PC's that send these f'ing broadcast packets all the time. I know it
isn't the users fault but MS's for having such braindead SW but MS
ain't going to change until the pressure to change forces them. Just
look at their attitude to security. They just didn't care until the
adverse publicity became too great.
Remember when Gates announced that security had been raised to the #1
priority at MS? A whole month was dedicated to finding security bugs
in their SW. At the end MS released about a dozen patches. Great eh?
Well not great at all. Only a couple of those patches were for bugs
MS found. The rest were for bugs found by people who had no access
to MS code.
--
Rich Bell in thread: Things I couldn't do if I switched to Linux
Message-ID: <tB7Oe.182$yo7.65@xxxxxxxxxxxxxxxxxxxxxxxxxx>
I am connected to the Net using a Linksys WRT54G router. I don't
get hacked.
|
|
