Re: 2003 Web Server Security Flaw

From: Jeff Cochran (jcochran.nospam_at_naplesgov.com)
Date: 12/30/03 

Date: Tue, 30 Dec 2003 17:34:21 GMT

On Mon, 29 Dec 2003 19:13:07 -0500, "Robert Waite"
<bob2dev@tampabay.rr.com> wrote:

>Thanks to Jeff and Karl for useful and throughly professional replies!

Hey there, don't go accusing me of being useful now...

Jeff

>Robert Waite
>
>"Karl Levinson [x y] mvp" <levinson_k@despammed.com> wrote in message
>news:uVQHpKizDHA.2388@TK2MSFTNGP09.phx.gbl...
>>
>> "Jeff Cochran" <jcochran.nospam@naplesgov.com> wrote in message
>> news:3ff93b57.608328620@msnews.microsoft.com...
>>
>> > Not exactly. They may exhibit some client exploits, but in the cases
>> > I've seen you'd have to either browse to a web site or download email
>> > or a file to exploit any holes. Since you wouldn't normally do any of
>> > this on your web server, you're sort of safe.
>>
>> I think you've just come up with a good slogan for the next ad campaign:
>> "Windows 2003: You're sort of safe." Or, "Windows 2003: Don't browse
>the
>> web or check your email." Are we supposed to feel OK that our enterprise
>> server farm is "sort of safe?"
>>
>> If these products such as OE are so unsafe, we should also be upset about
>> them being mandatory and unremovable in workstations as well as server
>> products, where "just don't check your email or browse the web" or "just
>use
>> Group Policy" isn't a very workable option. A truly secure OS would give
>> you a way to disable unneeded components.
>>
>>
>> > Also, you can disable file associations with these programs so even
>> > clicking on a file on a web site won't launch them. Especially
>> > Netmeeting, where remote desktop is disabled by default anyway.
>>
>> A software company that is serious about committing security over
>marketing
>> and market share, they would have done so years ago with these and many
>> other file associations.
>>
>>
>>
>

Relevant Pages