RE: Users slam Microsoft Security Analyser
From: Schwartz, Stanley (sschwartz@stlo.smhs.com)Date: 04/15/02
- Previous message: John Wienand: "RE: Users slam Microsoft Security Analyser"
- Maybe in reply to: Thor@HammerofGod.com: "Users slam Microsoft Security Analyser"
- Next in thread: Marc Fossi: "RE: Users slam Microsoft Security Analyser"
- Next in thread: Schwartz, Stanley: "RE: Users slam Microsoft Security Analyser"
- Reply: Marc Fossi: "RE: Users slam Microsoft Security Analyser"
- Reply: Laura A. Robinson: "Re: Users slam Microsoft Security Analyser"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Schwartz, Stanley" <sschwartz@stlo.smhs.com> To: focus-ms@securityfocus.com Date: Mon, 15 Apr 2002 15:27:40 -0500
Fair enough.
However.... just because you have all the latest service packs and hotfixes
installed, does NOT mean you're safe. There are vulnerabilities found
(almost) every week, that you're not patched for yet. Which means you're
susceptible without knowing you're susceptible.
Example (read as content): Did you know your Active Directory domain was
susceptible to that Group Policy vulnerability before the alert came out
(which was listed on one of the pages I referenced)? Ignorance IS
bliss....ain't it?
Example (read as content): every time a Nimda or Code Red type virus gets
through to one of our servers (due to a DAT file that isn't programmed to
detect this new variant yet), we are instructed to shut down internet mail,
until our Anti-Virus vendor makes us a version of the DAT that will detect
and clean it. Not many businesses want to do this for very long. ...and
yes, I consider THAT shutting down the enterprise (which I understand isn't
Microsoft directly, but most of these virii targets their code due to
vulnerabilities in it).
"Shutting down the enterprise" = "very bad"
In both of these cases, there is absolutely nothing you can do but wait for
the vendor to come up with a solution.
Stan :)
-----Original Message-----
From: H C [mailto:keydet89@yahoo.com]
Sent: Monday, April 15, 2002 2:51 PM
To: Schwartz, Stanley; focus-ms@securityfocus.com
Subject: RE: Users slam Microsoft Security Analyser
> Sorry! ...but I HAVE to wholeheartedly disagree!
> Windows sys admin's are
> sorely left out in the cold, by Microsoft.
Windows admins leave themselves out in the cold. As a consultant, I've
visited way too many sites at which none of the MCSE's (and MSCE+I's) even
bothered subscribing to or reviewing the MS web site. Most of the admins I
interviewed had never heard of SecurityFocus or NTBugTraq...and of those
that did, none reviewed either on a regular basis.
> Please refer to
> http://securityfocus.com/vulns/stats.shtml. ...and
> make sure to add up all the years listed.
...and read the disclaimer.
> Should I go on?...I think not. :)
I agree. To be honest (and don't take this the wrong way...it's not a
flame) I was looking for some content in your post, rather than vague
references.
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/
- Previous message: John Wienand: "RE: Users slam Microsoft Security Analyser"
- Maybe in reply to: Thor@HammerofGod.com: "Users slam Microsoft Security Analyser"
- Next in thread: Marc Fossi: "RE: Users slam Microsoft Security Analyser"
- Next in thread: Schwartz, Stanley: "RE: Users slam Microsoft Security Analyser"
- Reply: Marc Fossi: "RE: Users slam Microsoft Security Analyser"
- Reply: Laura A. Robinson: "Re: Users slam Microsoft Security Analyser"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
