Re: Securing a Windows 2003 server
chris_at_nospam.com
Date: 05/17/04
- Previous message: Garfield: "Re: Tutorial for Kerio 2.1.5 ?"
- In reply to: Jeff Cochran: "Re: Securing a Windows 2003 server"
- Next in thread: Leythos: "Re: Securing a Windows 2003 server"
- Reply: Alun Jones [MS MVP - Security]: "Re: Securing a Windows 2003 server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 May 2004 02:39:39 GMT
On Sun, 16 May 2004 14:02:23 GMT, jcochran.nospam@naplesgov.com (Jeff
Cochran) wrote:
>On Sun, 16 May 2004 09:59:51 +0000 (UTC), david20@alpha2.mdx.ac.uk
>wrote:
>
>>In article <#1rjsAtOEHA.3044@TK2MSFTNGP10.phx.gbl>, <Karl> writes:
>>>In regards to the fact the windows takes forever for a patch to get
>>>released, you are forgetting the trials and tests they have to perform to
>>>make sure it works. Just cause it fixes the issue doesn't mean that it
>>>won't break somehtng else. They have to perform tests internally as well as
>>>with other software companies to determine if they will hav an issue. And
>>>don't forget the 1 million lines of code that they have to work with :)
>>>
>>You are joking aren't you. The number of inadequately tested microsoft patches
>>released is legendary - they either don't fix the problem or break something
>>else. One of the main holdups for businesses is that they need to fully test
>>all the patches on their systems before pushing them out having been bit in
>>the past by patches which broke other applications. Microsoft's philosophy is
>>the customer tests the products and the customer tests the patches.
>>
>>OK maybe I'm exagerating a bit but putting all the delays down to testing isn't
>>really credible.
>
>Well, actually, it is. There are actually very few Microsoft patches
>released that cause issues in the field, and many of those are
>attributable to oddball combinations of software, outdated hardware
>drivers and third-party products.
Bwahahahaha. You're joking right? Of all the systems I managed,
Microsoft has the worst track record for compatibility problems,
especially conflicts with their own software. A good example was the
recent patch to a previous patch because it caused intermittent
problems with http posts.
I thoroughly test all the MS patches before deploying and I frequently
come up with issues. The support articles for the patches usually
have at least one error (eg give wrong install switches). I normally
don't bother testing the linux patches because I've yet to have an
issue.
>Keep in mind that thousands of systems that crash on a patch is a
>miniscule percentage of the Microsoft operating systems in use. And
>it really does take a long time to test these patches on as many
>combinations as possible, plus m ake sure they integrate with code
>that hasn't even been released yet so mor patches don't need to be
>done to undo previous patches.
Averaging across the total number of patches, systems and problems
I've had - I'd say I'm running 0.5% of the installs having a problem.
The problems range from minor, such as refusing to do a silent install
properly to blue screening the machine on reboot.
>Most Microsoft patches are out before the exploit is tracked in the
>wild, yet still many admins and most home users get compromised
>because they haven't installed the patch. Even with all the
>automation available for updating the systems.
That's because the exploit is usually created using the documentation
provided with the patch.
>In comparison, many other OS patches take as long or longer. Just
>count the number of Linux distros for which patches are unavailable
>even after they appear for other distros. Sun is notorious for slowly
>patching their operating systems, and most OS/400 and SystemXXX
>patches from IBM never go to end users, they go to vendors who may or
>may not release them.
>There is no perfect method yet, and it's doubtful there ever can be
>for patching and updating systems. Just the fact that the millions of
>pirated Windows systems can't be patched leaves plenty of compromised
>systems out there to attack the rest of us.
- Previous message: Garfield: "Re: Tutorial for Kerio 2.1.5 ?"
- In reply to: Jeff Cochran: "Re: Securing a Windows 2003 server"
- Next in thread: Leythos: "Re: Securing a Windows 2003 server"
- Reply: Alun Jones [MS MVP - Security]: "Re: Securing a Windows 2003 server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
