Re: How do you patch yours? (was: Monitor Services on Windows machines)

From: Avleen Vig (
Date: 02/27/03

  • Next message: Marc Fossi: "Re: DMZ boxes in the domain - Bad moderator"
    Date: Thu, 27 Feb 2003 01:53:11 -0800
    From: Avleen Vig <>
    To: Tommaso Di Donato <>

    On Thu, Feb 27, 2003 at 10:35:18AM +0100, Tommaso Di Donato wrote:
    > Hi all!

    Hey Tommaso, you sent this to only me. I think you meant to send it to
    everyone :-)

    > >Windows 2000 gave us the 'indexing service'. a) this hurt performance,
    > >and b) in the majority of situations it was completely unnecessary.
    > >How many people here install a Windows servers an leave the indexing
    > >service turned on?
    > I do not agree completely... I don't think Microsoft helps sysadmins to
    > know exactly that they can switch off the service, w/o compromise the
    > funcutionality. Every time you do something out of the wizard, you receive
    > drastic pop-ups telling you that you are about to die!!!
    > I think every one out there could understand what I mean...

    It is not up to Microsoft to educate you. It's up to you to educate
    Microsoft cannot know to what extend you need to be educated. Yes, they
    could release a *LOT* more information on how the different parts of
    their operating systems interact, enough information that you are able
    to work out on your own what the end result would be. I see no reason
    for them not to do this, from a technical OR business perspective.

    But still, the eduction in either scenario is your responsibility. If
    you administer systems, no matter what the OS, it's up to you to try
    different things, to deliberately try and break things, in order to
    understand what the limits of your system are.
    This extends far beyond security, into the basics of being a good
    administrator. If you don't have these skills or the time to learn them,
    well.... that's another discussion.

    Putting general administration aside and focusing on security again,
    when a new "feature" is introduced, you need to gather as much
    information on it as you can, then apply it to find out if the "feature"
    is required or not. Really you only need to consider the security
    implications in depth if you decide the feature is required and so must
    stay on. If it's not required, you turn it off.
    I also disagree that eduction as you imply for these new features, is
    hard to come by. It's not really. The MS KB is a good start, and
    google+usenet have always given me what else I need.