Re: MS defends MBSA
From: Muhammad Faisal Rauf Danka (mfrd@attitudex.com)Date: 04/24/02
- Previous message: Pidgorny, Slav: "RE: Microsoft Cluster in DMZ - Need Advice"
- Maybe in reply to: H C: "MS defends MBSA"
- Next in thread: Luke Smith: "RE: MS defends MBSA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 24 Apr 2002 01:24:10 -0700 (PDT) From: Muhammad Faisal Rauf Danka <mfrd@attitudex.com> To: H C <keydet89@yahoo.com>, focus-ms@securityfocus.com
It's not bad, it's actually a nice step towards the usual method of finding out discovered holes in a system. the only problem is that again like the rest of microsoft proggies, this bugfinder has a bug too.
It does not actually discovers the holes or something, It just checks for the updates and fixes installed on the system and reports it.
The funniest thing is that If we install a patch/hotfix from CD or something then it does not detect it. But if we install it from windows update then it detects it. hm.... sounds like windows update writes all the downloaded+installed info in a text file and this proggie is just reading it and formatting it into a nice looking XML and making a fool out of admin. I hope it isnt like that but anyway. I wont say it sucks!. Maybe It's going to be every MS admin's tool in future.
It's a good approach towards attaining maximum-security.
Regards,
---------
Muhammad Faisal Rauf Danka
Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
voice: 92-021-111-GEMNET
"Great is the Art of beginning, but Greater is the Art of ending. "
------BEGIN GEEK CODE BLOCK----
Version: 3.1
GCS/CM/P/TW d- s: !a C++ B@ L$ S$ U+++
P+ L+++ E--- W+ N+ o+ K- w-- O- PS PE- Y-
PGP+ t+ X R tv+ b++ DI+ D G e++ h! r+ y+
------END GEEK CODE BLOCK------
--- H C <keydet89@yahoo.com> wrote:
>Link to IDG article:
>
>http://idg.net/ic_849313_4394_1-3921.html
>
>The article author, Brian Fonseca, describes the MBSA
>as "a more user friendly version of HFNetChk built
>around a new GUI". However, the article says that
>"users should be aware that differences occur in the
>manner notes -- an advisory indicating no patch is
>present -- and warnings are posted by each." That
>came from Steve Lipner, director of security assurance
>at Microsoft.
>
>The article continues:
>"Lipner said hotfixes could also lead to MBSA
>misinterpretation." Aaaahhhh. Okay. The thing that
>got me was the following statement from Lipner: "If a
>hotfix was applied to plug a code exploit that did not
>come directly from a Microsoft security bulletin, MBSA
>will "guess" a system update has occurred".
>
>That being the case...why would a patch be on an MS
>system that did not come directly from an MS Security
>Bulletin? Would this then provide a means by which a
>malicious admin could fool the MBSA reports?
>
>It sounds as if the author is also leaning toward the
>usual journalistic FUD with this statement:
>"Available for free download, MBSA is designed to
>unearth Microsoft product holes". The tool doesn't
>unearth holes...it reports patches/hotfixes, and a few
>other things.
>
>I, for one, would be interested in hearing anything
>anyone has to offer about using this tool...the more
>specific ("it rocks" or "it sux" is *not* specific)
>the better.
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! Games - play chess, backgammon, pool and more
>http://games.yahoo.com/
_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------
_____________________________________________________________
Run a small business? Then you need professional email like you@yourbiz.com from Everyone.net http://www.everyone.net?tag
- Previous message: Pidgorny, Slav: "RE: Microsoft Cluster in DMZ - Need Advice"
- Maybe in reply to: H C: "MS defends MBSA"
- Next in thread: Luke Smith: "RE: MS defends MBSA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
