RE: MS defends MBSA
From: Arendt, Jordan ED0 (Jordan.Arendt@sasked.gov.sk.ca)Date: 04/23/02
- Previous message: Aj Effin Reznor: "Re: Securing IIS"
- Maybe in reply to: H C: "MS defends MBSA"
- Next in thread: Speight, Howard F: "RE: MS defends MBSA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Arendt, Jordan ED0" <Jordan.Arendt@sasked.gov.sk.ca> To: "'H C'" <keydet89@yahoo.com>, focus-ms@securityfocus.com Date: Tue, 23 Apr 2002 11:54:30 -0600
OK,
Here's a totally unscientific test. I scanned a couple of test boxes in the
lab. I scanned each twice, once with HFNetChkPro Enterprise, and once with
MSBA. For each machine, I got identical results. For machine A there were
22 patches that were not applied. Exactly the same in both products (except
the info items in HFNetChkPro Ent were blue and they were yellow in MBSA :)
). Machine B showed 6 missing, again identical in both products.
MBSA has an excellent price to usefulness ratio. MBSA is definitely a good
replacement for HfnetChk. <soapbox> MBSA makes it a whole lot easier for
non-computer literate users to patch their servers. Of course, they would
need to be able to find out about the product first. Microsoft has geared
their products to these type of users by making them easy to use... Hey,
I'll quit rehashing old args </soapbox>. If we hadn't purchased Shavlik's
product, I would be using MBSA. That's not to say I'm unhappy with Shavlik.
HFNetChkPro Enterprise also has an excellent price to usefulness ratio _for
my network_. Patching 50 servers throughout a wide geographic area can be a
bit of a pain, and HFNetChkPro makes this a breeze through the deploy
features. If we only had a few servers I would say that MBSA would do the
trick, as a visit to each server would not be a big deal.
Jordan
-----Original Message-----
From: H C [mailto:keydet89@yahoo.com]
Sent: Tuesday, April 23, 2002 8:09 AM
To: focus-ms@securityfocus.com
Subject: MS defends MBSA
Link to IDG article:
http://idg.net/ic_849313_4394_1-3921.html
The article author, Brian Fonseca, describes the MBSA
as "a more user friendly version of HFNetChk built
around a new GUI". However, the article says that
"users should be aware that differences occur in the
manner notes -- an advisory indicating no patch is
present -- and warnings are posted by each." That
came from Steve Lipner, director of security assurance
at Microsoft.
The article continues:
"Lipner said hotfixes could also lead to MBSA
misinterpretation." Aaaahhhh. Okay. The thing that
got me was the following statement from Lipner: "If a
hotfix was applied to plug a code exploit that did not
come directly from a Microsoft security bulletin, MBSA
will "guess" a system update has occurred".
That being the case...why would a patch be on an MS
system that did not come directly from an MS Security
Bulletin? Would this then provide a means by which a
malicious admin could fool the MBSA reports?
It sounds as if the author is also leaning toward the
usual journalistic FUD with this statement:
"Available for free download, MBSA is designed to
unearth Microsoft product holes". The tool doesn't
unearth holes...it reports patches/hotfixes, and a few
other things.
I, for one, would be interested in hearing anything
anyone has to offer about using this tool...the more
specific ("it rocks" or "it sux" is *not* specific)
the better.
__________________________________________________
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/
- Previous message: Aj Effin Reznor: "Re: Securing IIS"
- Maybe in reply to: H C: "MS defends MBSA"
- Next in thread: Speight, Howard F: "RE: MS defends MBSA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
