Re: lets vote for better security

From: Karl Levinson, mvp (levinson_k_at_despammed.com)
Date: 04/11/05 

Date: Mon, 11 Apr 2005 09:49:55 -0400

"Roland Hall" <nobody@nowhere> wrote in message
news:egn0nmoPFHA.1176@TK2MSFTNGP12.phx.gbl...

> : As you know, what I and the OP wanted to be able to do is eliminate IE
and
> : OE-related security vulnerabilities.
>
> That'll never happen. They're written in C++. It's an endless list.
> Stever Balmer already said, in a keynote, "Well, you'd think we'd know how
> to write software without buffer overflows..." (

You've misread what I said. What the OP wanted to do was a way to remove IE
and OE vulnerabilities from Windows, e.g. by having a way to disable IE and
OE.

> : It seems obvious to me that something
> : is very wrong with all MS customers worldwide being required to install,
> and
> : thoroughly test, IE and OE patches onto production servers every 30 to
60
> : days, when IE shouldn't be there in the first place.
>
> But there is no requirement to install and update every 30 to 60 days on
any
> MSFT OS.

You're nitpicking. MS customers are required to either patch their servers
for IE vulnerabilities roughly every 60 days, or accept the risk of leaving
their server unpatched and running vulnerable code.

> : I know, but that doesn't sway me. Since most people don't use most of
> those
> : vendors, why should there be no possible way for such users to disable
> : MSHTML?
>
> Most people? You know what most people use and don't use? You must be
very
> popular. I guess that means most on NNTP are full of it most of the time.

You're nitpicking again. OK, if it pleases you, change the word "most" with
"many." You still haven't done anything to refute my actual argument. Many
people say "Microsoft can't give us a way to disable feature X, because some
people use that." Well, that's a truly terrible argument. Leaving
everything enabled by default is how we got into this security mess in the
first place.

> : Giving users a way to disable IE, and/or making IE disabled by default,
> : doesn't hurt those vendors at all really.
>
> IE is part of the OS. Perhaps you'd just like a big list of
enable/disable
> everything in an OS available to everyone. Would that make it easy?
Fine.
> Run this app: regedit.exe.

What is your point? Are you a troll? This statement makes no sense.

Me: I don't want IE to be integrated with the OS any more.
You: You can't do that, because IE is integrated with the OS.

> MSDE is a security risk? Since when is an app responsible for the primary
> security of a system? What security model are you using?

Yes, MSDE is a security risk. You've heard of SQL Slammer?

MSDE replicates many of the features of SQL Server, including listening for
inbound connections. It sounds like you're arguing that SQL Server is "just
an app" and it shouldn't have any security features, all the security
features should be built into the Windows core. That argument doesn't make
any sense to me.

> : I'm not saying that Mozilla is more secure than MSHTML, nor do I really
> : believe that. I *am* saying that Windows is less secure because you
can't
> : disable powerful and risky components you aren't using, like MSHTML.
>
> Security shouldn't begin and end with your app.

Well, you said that IE is part of the OS, so we're not talking about an app,
but the OS.

> : > > WSH that made the iloveyou virus and others possible gets
> : > > reinstalled by a variety of install programs.
> : >
> : > Which is alleviated when using anti-virus software with script
> : > blocking/scanning.
>
> Which was never possible if you practiced safe computing.

Relying on user practices to keep the OS secure is pretty weak and
ineffectual, especially in an enterprise. Blaming the user doesn't help
here, especially when a simple change in the OS would have mitigated the
problem.

Maybe you weren't around during the ILOVEYOU virus/worm, but an awful lot of
large and small enterprises were affected by it.

> : None of that does anything whatsoever to block VBS files that arrive via
> : NetBIOS file share, P2P, from a .ZIP file, by an attacker putting it
onto
> : the computer, etc. etc.
>
> P2P? Why would you allow peer-peer in a domain model? Why is the share
> open? How does a vbs in a zip hurt you? Why is the system that is
allowed
> to have access to your open as a sieve system not secure and running AV
that
> will scan the zip? Ever hear of IPSec?
>
> Is this how it works? Just forget all security matters and discuss
> possibilities that have no security applied whatsoever?

No, you've misread my entire statement. Netbios viruses don't just spread
via unsecured shares. IPsec does nothing to protect someone who uses
Explorer to browse the X: drive and encounters a virus file there. P2P
would primarily be used at home environments, I didn't say it was used in
corporate environments.

> : That doesn't sway me either. I never said WSH or IE should be disabled
by
> : Microsoft post-Windows install, nor will it. It should be disabled in
the
> : default installation and be disable-able by Group Policy.
>
> Group policy? How many home users are familiar with Group Policy?

As you said earlier, how many home users do you know? If you won't let me
make assumptions about home use, then neither can you.

Why do you assume I'm talking only about home users in some sections and
only about corporate users in other sections?

> : I meant that while it may or may not be possible to disable some of
these
> : via Group Policy, you either have to download and import a MS template
to
> do
> : so, or write your own template to do so. It shouldn't be this hard to
do
> : something that to me seems so natural... e.g. disable functionality you
> : don't need or use, both on a single system and remotely across an large
> : enterprise. By "button," I meant a GUI object, such as a checkbox in a
GP
> : MMC console.
>
> Some things are not easily done for several reasons:
>
> 1. They're dangerous. N00bs shouldn't have easy access. Easy access +
> ignorance = support call

Like you said, putting a checkbox into group policy is not easy access for
"n00bs."

> 2. If you can change it easily, so can your attacker.

Like you said earlier, "If they can change group policy, they already have
access!!!"