RE: MS defends MBSA
From: Bradley, Tony (tony.bradley@eds.com)Date: 04/24/02
- Previous message: Pidgorny, Slav: "RE: MS defends MBSA"
- Maybe in reply to: H C: "MS defends MBSA"
- Next in thread: Arnott James M Contr AEDC/TEK: "RE: MS defends MBSA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bradley, Tony" <tony.bradley@eds.com> To: "'luke.smith@member.sage-au.org.au'" <luke.smith@member.sage-au.org.au>, focus-ms@securityfocus.com Date: Wed, 24 Apr 2002 12:27:27 -0400
** the opinions expressed are entirely my own and do not necessarily reflect
the opinions of my employer in any way **
I agree really. I think the tool performs reasonably well. I have not had a
chance to play with the full-blown retail version of Shavlik's HFNetCheck
Pro to see if it performs better. For our purposes it has been nicer to have
a GUI interface which is easier to walk non-techie users at remote sites
through and the scans are fairly comprehensive, if slightly erroneous at
times.
Playing devil's advocate though- how far are we going to get if we first
have to check for patches and hotfixes for the tool that is supposed to
check for patches and hotfixes??
Tony Bradley, MCSE_2K, MCSA, MCP, A+
Security Consultant
EDS GM Global Information Protection Programme
Electronic Data Systems
Phone: 248-265-0407 (8-365)
Email: tony.bradley@eds.com <mailto:tony.bradley@eds.com>
"Our real problem, then, is not our strength today; it is rather the vital
necessity of action today to ensure our strength tomorrow." ~ Dwight D.
Eisenhower ~
-----Original Message-----
From: Luke Smith [mailto:luke.smith@member.sage-au.org.au]
Sent: Tuesday, April 23, 2002 6:51 PM
To: focus-ms@securityfocus.com
Subject: RE: MS defends MBSA
I've have been playing with MBSA recently and have found it very useful,
if a little inaccurate. I too have found that it reports some manually
installed patches as missing on some machines, specifically-
MS02-001 Trusting Domains Do Not Verify Domain Membership of SIDs in
Authorization Data
MS01-022 WebDAV Service Provider Can Allow Scripts to Levy Requests as
User
MS02-008 XMLHTTP Control Can Allow Access to Local Files
MBSA insists these hotfixes are missing even though I have
installed/removed/installed them again and again.
I get the same results from HFNETCHK.
MBSA goes far beyond the functionality of HFNETCHK. Having the ability
to scan my user's machines and check them for dubious MS Office security
setting is excellent. For example it found 4 users that had set Excel's
macro security to Low. I'm not too keen on enforcing a macro policy
making this a great passive security tool.
It also checks SQL Servers, IIS configurations (IISLockDown etc)..
I like it; it just needs some bugs cleaned up (or bugs in the hotfixes,
as the case may be), and needs to have its features kept up to date with
new products.
Luke.
-----Original Message-----
From: H C [mailto:keydet89@yahoo.com]
Sent: Wednesday, 24 April 2002 12:09 AM
To: focus-ms@securityfocus.com
Subject: MS defends MBSA
Link to IDG article:
http://idg.net/ic_849313_4394_1-3921.html
The article author, Brian Fonseca, describes the MBSA
as "a more user friendly version of HFNetChk built
around a new GUI". However, the article says that
"users should be aware that differences occur in the
manner notes -- an advisory indicating no patch is
present -- and warnings are posted by each." That
came from Steve Lipner, director of security assurance
at Microsoft.
The article continues:
"Lipner said hotfixes could also lead to MBSA
misinterpretation." Aaaahhhh. Okay. The thing that
got me was the following statement from Lipner: "If a
hotfix was applied to plug a code exploit that did not
come directly from a Microsoft security bulletin, MBSA
will "guess" a system update has occurred".
That being the case...why would a patch be on an MS
system that did not come directly from an MS Security
Bulletin? Would this then provide a means by which a
malicious admin could fool the MBSA reports?
It sounds as if the author is also leaning toward the
usual journalistic FUD with this statement:
"Available for free download, MBSA is designed to
unearth Microsoft product holes". The tool doesn't
unearth holes...it reports patches/hotfixes, and a few
other things.
I, for one, would be interested in hearing anything
anyone has to offer about using this tool...the more
specific ("it rocks" or "it sux" is *not* specific)
the better.
__________________________________________________
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/
- Previous message: Pidgorny, Slav: "RE: MS defends MBSA"
- Maybe in reply to: H C: "MS defends MBSA"
- Next in thread: Arnott James M Contr AEDC/TEK: "RE: MS defends MBSA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
