Re: Is complete home security possible?

From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 02/08/05 

Date: Mon, 07 Feb 2005 17:51:12 -0600

In article <pan.2005.02.06.18.28.12.595058@nowhere.lan>, Leythos wrote:

>On Sun, 06 Feb 2005 12:15:16 -0600, Moe Trin wrote:

>> Oh, I forgot - windoze doesn't have that command. Wonder why?
>
>Come on now, that's not quite fare - I have servers that have run for more
>than 3 years without a restart/reboot. My exchange server ran for over a
>year before I installed new AV software on it and the AV product required
>a reboot....

We take our systems down annually for cleaning. The dust bunnies may not
like getting evicted, but the systems run cooler without them.

Thing is, you are also not installing the patches either, and that means
you had to work quite hard de-activating all of the "features" in order to
prevent problems. I'm sure you've seen the joke that says

      Windows has detected that you have moved the
      mouse. Reboot for this change to take effect
                           OK

Many people recommend installing all applicable patches/updates as soon as
they are made available (I happen to be one of this group), while other say
to wait $PERIOD to see if the patch/update is safe, and still others don't
install them because it often breaks other stuff.

You recommend up-thread configuring 'Windows Updates' to install at 3AM every
day, and "Arthur Hagen" responded to recommend Tuesday afternoon PST, due to
Microsoft only releasing security patches on Tuesday mornings. WTF? Do the
people who 'sign off' the patches only work Mondays?

>It's not about Windows, its about how well you know how to configure and
>secure the machines.

You'd think that the admins at Microsoft would know how to do that. Why then
did the "Slammer" (aka Sapphire) worm go through the servers _AT_ Microsoft
last year like a dose of salts - the administrators at Microsoft didn't
want to update because the patch that was available 5-6 months earlier
broke to many things. Hit groups.google.com if you don't believe that.

I'm not saying that non-Microsoft O/S are perfect, nor am I suggesting that
they might be for everyone. If you've been following the *nix news groups
for any length of time, you may have noticed the lowering standard of users
questions - especially since KDE and Gnome have become popular desktops in
the various families of *nix. But even with the explosion of features (most
of which I can somehow manage to live without), there isn't as much problems
keeping the systems secure.

Remember, the only anti-virus applications in *nix are meant to run on
mail and Samba servers to protect the windoze clients.

        Old guy

Relevant Pages

  • Re: patch management policy/practice
    ... Installing patches is certainly a headache. ... There are a variety of ways to get updates easily, ... Microsoft update services built into Windows XP etc., ...
    (microsoft.public.windowsxp.security_admin)
  • Re: patch management policy/practice
    ... Installing patches is certainly a headache. ... There are a variety of ways to get updates easily, ... Microsoft update services built into Windows XP etc., ...
    (microsoft.public.win2000.security)
  • RE: Error after installing July patches on two Advanced Server 2000
    ... Microsoft Online Support ... Microsoft Global Technical Support Center ... | Subject: RE: Error after installing July patches on two Advanced Server ...
    (microsoft.public.win2000.advanced_server)
  • RE: Help with XP Hotfixes and Patches
    ... Help with XP Hotfixes and Patches ... > After installing I immediately went to Windows Update to try and grab ... > I have run the Microsoft Baseline Security Analyzer thru several times ...
    (Focus-Microsoft)
  • RE: Event 1003 After Q321599 & Q319733
    ... I was not running Performance Monitor when I applied the ... that monitors the servers. ... the fact that I applied the patches with the WWW ... >© 2002 Microsoft Corporation. ...
    (microsoft.public.inetserver.iis.security)