RE: MBSA and MS's attempts at "security"
From: emann@questinc.orgDate: 04/12/02
- Previous message: Ronald Balk: "Security policy in the Group policy objects are applied successfully but then .asp pages fails"
- Maybe in reply to: H C: "MBSA and MS's attempts at "security""
- Next in thread: Henry Sieff: "RE: MBSA and MS's attempts at "security""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: emann@questinc.org To: focus-ms@securityfocus.com Date: Fri, 12 Apr 2002 12:14:35 -0400
And in a perfect world every software vendor would release software that has
no security holes, and, no hackers would feel the need to try and find
security hold, but lets get real, NO ONE releases such software.
Microsoft is patching their software. They provide the patch for free.
They now even provide a way for very easy ways (GUI based -> MBSA) systems
administrators to find systems that are not patched fully, something that is
NOT a necessity IMHO (providing the tool) because part of being a good
system administrator is having the ability to determine if your system needs
to be patched all by hand, or with a command line tool (HFNetChk). What did
administrators do before HFNetChk was out there? THey had to do it the hard
way right? Check registries, check versions of DLLs by hand, etc.
What is microsoft not doing for free. They're not providing me a way to
centrally deploy patches and fixes. Should they? In my opinion, no.
They've been providing SMS which does this as one of it's features since
before they even started to offer HFNetChk and surely before MBSA. Other
companies rely on selling similar products to make money to stay in
business.
How many other companies who release software provide you with a way to
centrally deploy fixes? Not many I'd have to gues. They provide you with
the fix, and then leave it up to the administrators to deploy it.
If MS didn't even provide the patches, it would be one thing, but they do.
So I don't think anyone has the right to complain that MS is not providing a
way to deploy the patch. That's borderng into the lines of laziness.
-----Original Message-----
From: Ogle Ron (Rennes) [mailto:OgleR@thmulti.com]
Sent: Thursday, April 11, 2002 6:04 PM
To: 'Bourque Daniel'; 'focus-ms@securityfocus.com'
Subject: RE: MBSA and MS's attempts at "security"
There's absolutely no free lunch with Microsoft. You pay and pay and pay.
It's amazing that so many companies like it that they continue to buy more
and more and more from Microsoft.
For those of you who think that the tail should wag the dog, then Microsoft
is moving in the right direction. Personally, I prefer that they didn't
create the security flaw in the first place (security speaking).
Ron Ogle
Rennes, France
> -----Original Message-----
> From: Bourque Daniel [mailto:Daniel.Bourque@loto-quebec.com]
> Sent: Wednesday, April 10, 2002 9:13 PM
> To: 'dadams@scientech.com'; H C; focus-ms@securityfocus.com
> Subject: RE: MBSA and MS's attempts at "security"
>
>
>
> OK, half of the world complain when MS incorporate free tools in their
> products that are available commercially while the other half
> complain when
> they have to buy the tools from a third party...
>
> There is no free lunch peoples!!!
>
> Let just say that at least they are now moving in the correct
> direction
> (security's speaking)...
- Previous message: Ronald Balk: "Security policy in the Group policy objects are applied successfully but then .asp pages fails"
- Maybe in reply to: H C: "MBSA and MS's attempts at "security""
- Next in thread: Henry Sieff: "RE: MBSA and MS's attempts at "security""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
