Re: MS defends MBSA

From: Muhammad Faisal Rauf Danka (mfrd@attitudex.com)
Date: 04/24/02


Date: Wed, 24 Apr 2002 01:24:10 -0700 (PDT)
From: Muhammad Faisal Rauf Danka <mfrd@attitudex.com>
To: H C <keydet89@yahoo.com>, focus-ms@securityfocus.com

It's not bad, it's actually a nice step towards the usual method of finding out discovered holes in a system. the only problem is that again like the rest of microsoft proggies, this bugfinder has a bug too.
It does not actually discovers the holes or something, It just checks for the updates and fixes installed on the system and reports it.

The funniest thing is that If we install a patch/hotfix from CD or something then it does not detect it. But if we install it from windows update then it detects it. hm.... sounds like windows update writes all the downloaded+installed info in a text file and this proggie is just reading it and formatting it into a nice looking XML and making a fool out of admin. I hope it isnt like that but anyway. I wont say it sucks!. Maybe It's going to be every MS admin's tool in future.

It's a good approach towards attaining maximum-security.

Regards,
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
voice: 92-021-111-GEMNET

"Great is the Art of beginning, but Greater is the Art of ending. "

------BEGIN GEEK CODE BLOCK----
Version: 3.1
GCS/CM/P/TW d- s: !a C++ B@ L$ S$ U+++
P+ L+++ E--- W+ N+ o+ K- w-- O- PS PE- Y-
PGP+ t+ X R tv+ b++ DI+ D G e++ h! r+ y+
------END GEEK CODE BLOCK------

--- H C <keydet89@yahoo.com> wrote:
>Link to IDG article:
>
>http://idg.net/ic_849313_4394_1-3921.html
>
>The article author, Brian Fonseca, describes the MBSA
>as "a more user friendly version of HFNetChk built
>around a new GUI". However, the article says that
>"users should be aware that differences occur in the
>manner notes -- an advisory indicating no patch is
>present -- and warnings are posted by each." That
>came from Steve Lipner, director of security assurance
>at Microsoft.
>
>The article continues:
>"Lipner said hotfixes could also lead to MBSA
>misinterpretation." Aaaahhhh. Okay. The thing that
>got me was the following statement from Lipner: "If a
>hotfix was applied to plug a code exploit that did not
>come directly from a Microsoft security bulletin, MBSA
>will "guess" a system update has occurred".
>
>That being the case...why would a patch be on an MS
>system that did not come directly from an MS Security
>Bulletin? Would this then provide a means by which a
>malicious admin could fool the MBSA reports?
>
>It sounds as if the author is also leaning toward the
>usual journalistic FUD with this statement:
>"Available for free download, MBSA is designed to
>unearth Microsoft product holes". The tool doesn't
>unearth holes...it reports patches/hotfixes, and a few
>other things.
>
>I, for one, would be interested in hearing anything
>anyone has to offer about using this tool...the more
>specific ("it rocks" or "it sux" is *not* specific)
>the better.
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! Games - play chess, backgammon, pool and more
>http://games.yahoo.com/

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Run a small business? Then you need professional email like you@yourbiz.com from Everyone.net http://www.everyone.net?tag



Relevant Pages

  • Re: SMS 2003 Software Updates issues
    ... I don't *think* that there are any plans for the MBSA to support OE. ... As Microsoft moves towards the WUS Scanning Engine this ... You can still use normal SMS Software ... > be installed because the KB832894 hotfix has damaged something. ...
    (microsoft.public.sms.misc)
  • Re: SMS 2003 Software Updates issues
    ... I don't *think* that there are any plans for the MBSA to support OE. ... As Microsoft moves towards the WUS Scanning Engine this ... You can still use normal SMS Software ... > be installed because the KB832894 hotfix has damaged something. ...
    (microsoft.public.sms.admin)
  • Re: SMS 2003 Software Updates issues
    ... I don't *think* that there are any plans for the MBSA to support OE. ... As Microsoft moves towards the WUS Scanning Engine this ... You can still use normal SMS Software ... > be installed because the KB832894 hotfix has damaged something. ...
    (microsoft.public.sms.swdist)
  • Re: Discrepancy between MS Update and MSBSA
    ... MBSA and Windows Update analyze systems in different ways. ... system and other Microsoft products such as SQL Server. ... There are also cases where security updates are re-released, ...
    (microsoft.public.windows.server.security)
  • Re: M$ fixes 26 Security Holes
    ... Microsoft Fixes Record 26 Security Holes ... Show us a Mac running Tiger that has been compromised and one we can ...
    (comp.sys.mac.advocacy)