Re: [Full-Disclosure] MS Anti Virus?

From: Steffen Schumacher (ssch_at_wheel.dk)
Date: 06/17/04

  • Next message: Ron DuFresne: "Re: [Full-Disclosure] MS Anti Virus?"
    To: joe <mvp@joeware.net>
    Date: Thu, 17 Jun 2004 20:48:34 +0200
    
    

    I also agree that MS *is* turning their gigantic boat around with regards
    to security. I have yet to see all the new stuff in detail, but what I've
    heard, I've liked!

    In my line of work (ISP) it will be greatly welcomed to have more OS' less
    prone to become infected by worms, as it allows for things such as DDoS to
    be quite an easy task to perform.

    My only fear, is that it may take some time to get there.. ;o)

    /Steffen

    On 17.06.2004 13:31:30 +0000, joe wrote:
    > I think you will be pleasantly surprised by XP SP2 and XP Reloaded and
    > Windows Server R2. They are listening and they are correcting.
    >
    > On the services running by default front, MS has finally come around that
    > corner, if you have installed 2K3 you will note a large reduction in what is
    > installed by default, that trend will continue.
    >
    > In terms of the check for patches prior to starting business, that may be a
    > little too intrusive, at least in my opinion. However if the folks are
    > running the firewall it shouldn't be an issue. I am especially thinking with
    > Reloaded and R2 here.
    >
    > Also if you can chase down the PPTs from the Spring D.E.C. conference held
    > in Washington D.C. you can see some of the future thinking stuff in terms of
    > Federation and identity based firewall access to make it easier for home
    > users to use firewalls and still being able to do what they want to do.
    >
    > You will note that the number of bugs, at least security related are going
    > down in the newer version. Most of the issues you see are issues that are
    > legacy that have "always" been in the product and are being found now and
    > removed. I.E. It is more likely you will see a bug/hole that affects NT3/4,
    > 2K, XP, and 2K3 versus just 2K3 or XP.
    >
    > Check out the scope of the various fixes, does the fix go all the way back
    > to NT4 or later? Most certainly that is code that hasn't been written
    > recently and you are pointing out things from the past that they are working
    > on correcting already. It would literally be impossible to go back through
    > all of the old code and find all of the bad things. Even for this august
    > body of admins, developers, security folks. Look at BSD and Linux, if being
    > open to everyone was the answer you wouldn't still be seeing bugs/holes
    > discovered in the *nixs that have been there for some time and many
    > revisions, you would only supposedly have new bugs in the latest revisions.
    >
    > One of Microsoft's biggest strengths and issues has been their support of
    > legacy apps, systems. They don't want people to break and contrary to
    > popular opinion do spend a considerable amount of time and effort working to
    > make it so legacy third party stuff doesn't break on the new stuff even if
    > the reason for the break is bad coding/processes on the part of the vendor.
    > An example would be what they did for simcity back in the day, it used
    > memory incorrectly so MS actually put a special check into the allocator to
    > protect against that bad use. Note the difference in a company that doesn't
    > really do that... Apple. Most old stuff will not run on new Apples but you
    > will find many apps that run on MS-DOS that can still be run on the latest
    > versions of Windows. I have a couple of programs I wrote in the early 80s
    > for machine shops that still run fine today, they haven't seen a compiler
    > since 1987 or so. Actually I just saw the other day a great article on this
    > but I can't find the link at the moment. The person, however, was
    > highlighting/complaining about MS's recent swing away from worrying about
    > legacy as much.
    >
    > I am not really sure where I stand with the break with legacy argument. On
    > the plus side it would be nice because they can stop putting in all of the
    > overhead to support old junk and maybe get rid of a lot of bugs that have
    > always existed in that code that haven't been exposed. Doing that might
    > possibly shut up a bunch of the anti-MS camp. However, that would break a
    > bunch of things and then other anti-MS people would start whining about that
    > and how MS doesn't care about its users so it isn't even close to a win-win
    > situation.
    >
    >
    > If you have an XP machine lying about and haven't played with the XP SP2
    > Release Candidate, I highly recommend it. If anything, it gives you an idea
    > of where MS is currently going. Also check out 2K3.
    >
    > http://www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx
    >
    >
    >
    > joe
    >
    >
    >
    > -----Original Message-----
    > From: Steffen Schumacher [mailto:ssch@wheel.dk]
    > Sent: Thursday, June 17, 2004 12:51 PM
    > To: joe
    > Cc: full-disclosure@lists.netsys.com
    > Subject: Re: [Full-Disclosure] MS Anti Virus?
    >
    > On 17.06.2004 11:51:46 +0000, joe wrote:
    > > However the worms would be blocked if people had patched their machine
    > > or otherwise properly administrated the machines they were responsible
    > > for. All of the worms that I think you are probably referring to all
    > > had patches well in advance of the worm that impacted it, blaster,
    > slammer, sasser, etc.
    > >
    >
    > Agreed.
    > I'm not saying that MS doesn't provide patches - they do.
    > I simply think that the amount of bugs in MS' OS' are to great.
    > If you install windows and attempt to either patch it or install firewall
    > afterwards while on the live internet - Your chances of getting infected are
    > quite high. The time it takes to install patches or a firewall may in some
    > situations be longer then it would take for a user to get infected.
    >
    > I picture it a bit like a para trooper which has noo means of defense until
    > he lands and can take cover.
    > Other OS' like FreeBSD take a different approach. All non vital services are
    > disabled until the user explicitly installs or enables them.
    >
    > Microsofts products should provide the means to a secure patch before risky
    > services like DCOM are enabled.
    > This should in fact be the case everytime a MS pc starts up.
    > Otherwise a pc which has been offline for a period may become infected while
    > patching.
    >
    > But ultimately MS have to catch more of their serious bugs before releasing
    > their software. Consider how many resources that are spent on patching.
    > Could they have been spent revising code in stead?
    > I wonder what the average load on the windows update server park is...
    >
    >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Ron DuFresne: "Re: [Full-Disclosure] MS Anti Virus?"