MBSA and MS's attempts at "security"
From: H C (keydet89@yahoo.com)Date: 04/10/02
- Previous message: Sherif Makram Saad: "VPN / IPSEC"
- Next in thread: Damien Adams: "RE: MBSA and MS's attempts at "security""
- Reply: Damien Adams: "RE: MBSA and MS's attempts at "security""
- Reply: Marriott, Bill (US - Dallas): "RE: MBSA and MS's attempts at "security""
- Reply: Jack Lyons: "RE: MBSA and MS's attempts at "security""
- Reply: H C: "RE: MBSA and MS's attempts at "security""
- Reply: DonaldB@ecar.org: "RE: MBSA and MS's attempts at "security""
- Reply: emann@questinc.org: "RE: MBSA and MS's attempts at "security""
- Reply: Jack Lyons: "RE: MBSA and MS's attempts at "security""
- Reply: Kevin Kaminski: "RE: MBSA and MS's attempts at "security""
- Reply: Bourque Daniel: "RE: MBSA and MS's attempts at "security""
- Reply: OBrien, Brennan: "RE: MBSA and MS's attempts at "security""
- Reply: Jack Lyons: "RE: MBSA and MS's attempts at "security""
- Reply: Mike Shaw: "RE: MBSA and MS's attempts at "security""
- Reply: Elan Hasson: "RE: MBSA and MS's attempts at "security""
- Reply: Ogle Ron (Rennes): "RE: MBSA and MS's attempts at "security""
- Reply: Ogle Ron (Rennes): "RE: MBSA and MS's attempts at "security""
- Reply: peter pucharkis: "RE: MBSA and MS's attempts at "security""
- Reply: emann@questinc.org: "RE: MBSA and MS's attempts at "security""
- Reply: Henry Sieff: "RE: MBSA and MS's attempts at "security""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 10 Apr 2002 08:35:56 -0700 (PDT) From: H C <keydet89@yahoo.com> To: focus-ms@securityfocus.com
It seems that MS has released the MBSA...a Baseline
Security Analyzer.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/mbsahome.asp
A technical whitepaper is available:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/MBSAWP.asp
Overall, the paper is an interesting read. It's a
document stating MS's intention and commitment to
security.
So why then does the MBSA require the latest version
of IE (5.01 or greater) and MSXML to run? What's
wrong with the standard HTML used by other tools?
So why then does the first page refer to "Code Red"
and "Nimda" as "viruses"?
So why then does the file system check only check to
see if NTFS is installed? The white paper doesn't say
anything at all about checking permissions, for the
existance of NTFS alternate data streams, etc.
One of the SF lists recently had a post regarding MS's
PortQry tool. Contrary to what the poster stated, the
PortQry tool does *NOT* show the port-to-process
mapping...rather, it's nothing more than a port
scanner/banner grabber. How long have such things
already been widely available?
Rather than coming up with ways to further inundate MS
admins with information, MS should be focusing on more
pressing issues, such as:
1. Some way of making patch and SP roll-outs more
painless.
2. Some way of centrally managing and monitoring
EventLogs. Once we get to that point, we can then
focus on making them understandable, and more useful.
Or perhaps MS should focus on making them more useful
(ie, log by IP, rather than NetBIOS name...or both),
and then focus on a facility for centrally managing
them. (HINT: The tools that come with Win2K for
converting EventLog entries to SNMP traps...*NOT* a
good idea. Should have gone with a centralized
EventLog, or a syslog functionality instead.)
3. Some way of viewing the existance (and contents)
of NTFS alternate data streams via 'dir' and Windows
Explorer. How about making the icon for an ADS a page
similar to a .txt or .log file, but with a scarlet
"A"?
4. Some way of preventing or restricting executables
and scripts with a ":" in the name from running.
5. Basic tools that allow for troubleshooting and
incident response *as part of the distribution*!
FoundStone's fport.exe is an invaluable tool, but why
wasn't something like that provided? Why is it so
easy to hide a process from the Task Manager? If it
weren't for the widely available array of freeware
utilities, incident response on NT/2K systems would be
impossible. The '-o' switch was provided in XP...why
couldn't something be written *by Microsoft* that
allows that functionality on NT/2K?
So far, MS's efforts at "security" via the STPP have
been token efforts, at best. Hey, guys...if you're
going to get serious about security...then "just do
it"! Fiddle-farting around, producing tools that have
already been readily available for some time doesn't
go a long way toward showing us how serious you are.
Carv
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
- Previous message: Sherif Makram Saad: "VPN / IPSEC"
- Next in thread: Damien Adams: "RE: MBSA and MS's attempts at "security""
- Reply: Damien Adams: "RE: MBSA and MS's attempts at "security""
- Reply: Marriott, Bill (US - Dallas): "RE: MBSA and MS's attempts at "security""
- Reply: Jack Lyons: "RE: MBSA and MS's attempts at "security""
- Reply: H C: "RE: MBSA and MS's attempts at "security""
- Reply: DonaldB@ecar.org: "RE: MBSA and MS's attempts at "security""
- Reply: emann@questinc.org: "RE: MBSA and MS's attempts at "security""
- Reply: Jack Lyons: "RE: MBSA and MS's attempts at "security""
- Reply: Kevin Kaminski: "RE: MBSA and MS's attempts at "security""
- Reply: Bourque Daniel: "RE: MBSA and MS's attempts at "security""
- Reply: OBrien, Brennan: "RE: MBSA and MS's attempts at "security""
- Reply: Jack Lyons: "RE: MBSA and MS's attempts at "security""
- Reply: Mike Shaw: "RE: MBSA and MS's attempts at "security""
- Reply: Elan Hasson: "RE: MBSA and MS's attempts at "security""
- Reply: Ogle Ron (Rennes): "RE: MBSA and MS's attempts at "security""
- Reply: Ogle Ron (Rennes): "RE: MBSA and MS's attempts at "security""
- Reply: peter pucharkis: "RE: MBSA and MS's attempts at "security""
- Reply: emann@questinc.org: "RE: MBSA and MS's attempts at "security""
- Reply: Henry Sieff: "RE: MBSA and MS's attempts at "security""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
