[Full-Disclosure] Re: MS-02-052 + blackholing MS

From: Steve (steve@videogroup.com)
Date: 09/24/02


From: steve@videogroup.com (Steve)
Date: Tue, 24 Sep 2002 13:12:24 -0400

On Monday 23 September 2002 04:26 pm,
lists_full-disclosure@darkuncle.net wrote:
>It's not about whether or not there have been X advisories for a
> product in the last Y days/weeks/months - when I choose a product
> with an eye towards security, I look at the long-term track record of
> the product, and of related products produced by the same group or
> company. Apache has a pretty stellar track record over its lifetime.
> So does OpenSSH. Microsoft may have had a good month or two lately
> (or not!), but their track record ranks among the worst in the
> industry. That said ...
>
>For me, it's both a matter of principle (I don't like MS software or
> business tactics, and refuse to support either) and practicality (the
> idea of having to admin a Windows network is the stuff nightmares are
> made of; thanks, but no thanks).
>
>Yes, windows server products can be locked down. My gripe is with the
> amount of relative effort required to do so, compared with a good
> free *nix equivalent - FreeBSD, for instance. Not to mention the
> disturbing trend towards patches that have EULAs requiring one to
> give remote administrative access to MS for the purpose of ensuring
> no copyright infringement, etc. (I'm sure they have cleaned up the PR
> disaster that issue was; the underlying corporate attitude that
> caused it has not changed in the last 10+ years.)

The funny part is that this is exactly my view. I took it for granted
that it was shared by most people here. Of course there's a diff
between securing boxes and systems and actually doing all the daily
maintenance. I don't have any idea how many here does both.

Take Dell f.ex. They reboot their 200 Win servers every night to make
sure they are stable the next day. When a company their size decides
it's what's needed, one can only wonder how many other ones does it
too. (NT 3.5x had an automatic reboot built in which would reboot it up
to every 39 days.)

The GUI produces a false promise that it's easy to maintain because it's
easy to look at. I saw a posting someplace where the admin was
complaining that he had to open a config file with an editor! What is
the world coming to. Imagine that! : )

MS has created a currupted concept of what it takes to be an admin. They
are the ones who put together the howto manage their systems which is
used to train every MSE etc. All of which is a pie in the sky unless
you are really, really good. Yet I had no problem getting my very first
Linux box running stably. Which was a broken Slakware version in
-94/95.

(A few years ago I used to provide solutions to windows shops. My
customers covered the US and included the Marine corp as well as small
ISP's etc. About 3000 total. Of all of them only two had uptimes of a
year or more. They were in a glass house scenario. What kind of crap is
that when you don't dare doing anything because it might become
unstable?

Granted, you don't let any idiot play on it, but that applies to any
server. I have no qualms about adding stuff to my key *nix boxes in
fear they might become unstable. They stay up nicely until I bring them
down for whatever reason.)

One just cannot speak of maintaining windows and *nix in the same
breath. Which of course also goes back to the *nix concept of all being
a file and where Bill thought he was smart by making everything an
object. It might be, though I doubt it, but for sure not in his
incarnation.

-- 
 
Steve Szmidt
V.P. Information Technology
Video Group Distributors, Inc.