Re: Users slam Microsoft Security Analyser

From: Peter (list@easynix.com)
Date: 04/15/02


From: "Peter" <list@easynix.com>
To: <focus-ms@securityfocus.com>, "John Wienand" <JWienand@bna.com>
Date: Mon, 15 Apr 2002 17:28:52 -0400

On the other hand, we should be happy that MS doesn't
produce cars. Otherwise we could hear: "The door locks
don't work right now and you can not close the windows.
Also you can not use the park break......but it is the best car
ever made......"

What happen if you install a new M$ OS? The first
thing you do is downloading patches and fixes for all
the remote security holes. It really would be a joke
if we had to pay for the M$ screw ups.
Peter

>
> I'll second that. I am currently the Security
> Officer/Systems Engineer/Administrator. Oh yeah, I also am
> responsible for end user support for our Web products.
> I grow ever so weary of hearing our QA manager complain that
> her department is always the one that gets the short end of
> the stick. She has 8 testers on her team. I have me.
>
> I routinely tell my manager that it is taking 2-3 hours a
> day (conservative estimate) to perform all administrative
> functions on the servers. (ie backups, event log review,
> etc, etc) And this is a cursory glance at best. He says we
> need to "justify" adding man power. In the mean time, I
> find myself at home, in the evening reviewing the logs.
>
> I did want to tack on one other thought. I was extremely
> amused at the car analogy someone used earlier. Something
> about "if the car manufacturer knows there is a safety
> issue, bring it in and they will take care of it at no cost
> to you". ROTFL
>
> I guess that means that they will put airbags in your car,
> just bring it in. Anti lock brakes? No charge. Yeah
> Right!!! After all, a car just isn't secure if it doesn't
> have all of these features. Oh and as soon as they improve
> the suspension, you got it no charge. Better fuel
> injection, it's yours. Give me a break.
>
> What an absurd comparison. First of all, take a car that
> is seven years old to the dealer and try to get any support
> for free. You will be laughed off the lot. And ongoing
> development and support? Forget about it. If you want the
> latest, you pay premium price.
>
> And sure the dealer provides a lock for the car and a set of
> keys, but it's up to you to watch where you park it and
> always remember to keep it locked. Can you imagine someone
> getting pissed off at the dealer, after his car got stolen,
> because he didn't realize the auto lock unlocked all four
> doors when he got in, and he thought he only had one to lock
> on the way out.
>
> Microsoft constantly upgrades and attempts to improve the
> components of it's OS. Why should $89, or $200 for that
> matter, buy you an eternal path to all the latest they come
> out with?
>
> Quite frankly, we're fortunate they give any updates away
> for free. And you want to b**ch about the fact you have to
> get off your duff and install it? Amazing.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> "Techno Lust"
> <technolust@em To: Thor@HammerofGod.com,
focus-ms@securityfocus.com
> ail.com> cc: (bcc: John
Wienand/BNA Inc)
> Subject: RE: Users slam
Microsoft Security Analyser
> 04/15/2002
> 01:51 PM
>
>
>
>
>
>
> Don't forget overworked SysAdmins.
> I was hired to do be a Network Administrator, and security
> was my top priority, every server was patched to the day (as
> long as the patch passed the tests.) Then the layoffs came.
> MGMT: Hey, your resume says you have programming experience,
> we let the head programmer go, you can take up his slack.
> ME: But...
> MGMT: Oh, and by the way, we let the phone guy go, too.
> ME: But I don't know anything about the phone system!
> MGMT: The phone guy said it runs something called UNIX, your
> resume says you have UNIX experience, you weren't lying were
> you?
> ME: No, I can work the console, but I don't know
> anything about the phones!
> MGMT: Here, this should help. [Hands me: The Beginner's
> Guide to Lucent Phone System Administration.]
> ME: When am I going to have time to patch the servers?
> MGMT: They haven't gone down in months, everything must be
> OK!
> ME: Aaaarrrrgggg!!!!
>
> They want me to spend my time on things they can see.
> Writing code, switching Bob in Accounting's phone number to
> his new office, that sort of thing. When I tell them I need
> to spend a few hours patching all the servers, they get
> irritated. The only time the worry about it is after a
> close call. MY biggest security problem is Management, NOT
> Microsoft. This story was not an exageration, just a
> compilation of things that happened over a few weeks. I
> have somehow managed to keep my servers mostly up to date,
> but hey, if something happens... I warned them.
>
> TL
>
> -----Original Message-----
> From: Peter [mailto:list@easynix.com]
> Sent: Monday, April 15, 2002 11:39 AM
> To: Wim Remes; Thor@HammerofGod.com;
> focus-ms@securityfocus.com
> Subject: Re: Users slam Microsoft Security Analyser
>
>
> Security doesn't start with the OS, it starts with the
> System Admin.
> Most hackers are succesful because of lazy Sys Admins,
> un-educated
> Sys Admins or no Sys Admins at all.
> Many hackers using security holes which are 6 month and
> older. The OS
> actually doesn't matter, this is by any OS.
> I have seen Servers in companys with NO password for the
> Admin
> account. This things are sad but the reallity.......
> Just my $0.02
> Best Regards
> Peter
>
> --
>
> _______________________________________________
> Sign-up for your own FREE Personalized E-mail at Email.com
> http://www.email.com/?sr=signup
>
>
>
>



Relevant Pages

  • Re: Wieless security (was: Suspend bug)
    ... should I also leave my keys in my car and my front ... WEP has zero security effect. ... It's more like having a lock on your car door that doesn't work at ... While it may not provide much in the line of security, ...
    (Fedora)
  • RE: Users slam Microsoft Security Analyser
    ... I am currently the Security ... amused at the car analogy someone used earlier. ... MGMT: Oh, and by the way, we let the phone guy go, too. ... When am I going to have time to patch the servers? ...
    (Focus-Microsoft)
  • Re: Abandoning Corolla - New Auris
    ... lock your valuables out of site. ... With the trunk key slot in the horizontal ... doors are unlocked is the biggest car security exposure I know of. ...
    (alt.autos.toyota)
  • Re: Scantily-clad girls are asking for it
    ... or car owners if they leave their vehicle ... indeed, all women should wear a full, single eye, veiled burkha when out ... Will an insurance policy pay out in those circumstances? ... your house do not conform to certain approved lock types (which a standard ...
    (uk.legal)
  • Re: Scantily-clad girls are asking for it
    ... or car owners if they leave their vehicle ... indeed, all women should wear a full, single eye, veiled burkha when out ... which anybody with no skill whatsoever can open a standard cylinder lock ... your house do not conform to certain approved lock types (which a standard ...
    (uk.legal)