Re: Why not patch all windows and not just legal copies
- From: "Michael Davis \(Comcast.Net\)" <netguru@xxxxxxxxxxx>
- Date: Sat, 17 Jun 2006 21:09:30 -0400
I'll take your replies in order
people getting patches from non Microsoft sources open themselves up to a
host of "issues". IMHO the best solution would be to remove the validation
requirement from the genuine Microsoft site or put the genuine microsoft
patches on a FTP somewhere under a CVS (Common Versioning System) like
system to verify that they have not been tampered with.
it takes true IT savvy to patch a pirated OS and the typical thief isnt
going to go the distance since the slope of the hill is too steep.
if it can be stolen it will be and if its worth anything (or worthless in
some cases) it will be. The problem is that stolen Windows is more like a
weapon than a TV. A better anology would be that of someone stealing a
loaded gun (bootleg windows) and everyone having to wear bullet proof vests
(firewalls and updates). Then he gets armor peircing ammo (new threats) and
we need much stronger vests or different shields. Best to remove the threat
the Armor Piercing ammo poses because he will always be able to steal a gun
(bootleg windows) and we are already wearing bullet proof vests (Firewalls,
updates etc).
Consider what happened with Polio, we had a cure but only deployed it to
Industrial nations, the result was we virtually eleminated it from the
industrial world. We then went thru a series of flareups caused by our
globally connected society. Travellers to 3rd world countries would bring it
back to un-innoculated industrial society and the result would be clusters
of polio in a time when it was cured. HOW did it eventually get handled,
Bill & Melinda Gates Foundation pushed tons of money into making sure
everyone globally is going to be innoculated OR live in an area where its
been eleminated. All hot spots will be identified and put out so in then end
Polio will go the was of smallpox.
Regarding the strength of an atttacker, we live in a reactive society and
cannot predict the next move. Sophisticated hackers can easily shift like
the HIV virus (where the chemicals we use to fight the virus become less
effective as HIV mutates) so we must reduce the attack surface and offer a
very easy path for these thieves to patch their nasty computers. Otherwise
we will continue to see stuff like botnets of 400,000 computers each sending
6 pieces of SPAM a day trying to bypass increasingly expensive anti-SPAM
technology, new phishing scams and system being compromised.
Will it slow them down. IMHO it will provided we reach most of them. WHY,
Hyothetically, if Microsoft released a patch that forced all non-domain
connected Windows XP to patch to current then we would literally see a
massive reduction to the number of computers AVAILABLE to be exploited and
no new computers could be exploited since they would be patched in a matter
of hours.
IMHO the issue is that these thieves are connected to me via the global
Internet so my concern is purely selfish. I spend tons of time running
Spyware Doctor and chastising my clients for letting AV definitions lapse or
subscriptions expire. Recently I ran an experiment on a system that scanned
clean with a bunch of tools and it was still making connections to the
Internet (turned out to be a Stealth Trojan). The client was irritated that
I was hogging the system and was unimpressed with the detection of the
trojan until it turned out to be a keystroke logger that was phoning home.
lastly, "Comprehension has never been a prerequsite for compliance" the
vast majority of people with pirate OS got them from system builders with
bootleg software or cownloaded Windows ISO's from WAREZ sites. in both cases
the skill level is rather low and they simply dont patch when they encounter
the validation failure on the Microsoft site. A simple way needs to be
afforded them so we can reduce the global attack surface.
"Shenan Stanley" <newshelper@xxxxxxxxx> wrote in message
news:OfXvvwmkGHA.1324@xxxxxxxxxxxxxxxxxxxxxxx
Michael Davis (Comcast.Net) wrote:
There is a bigger picture here and its not personal data
protection. The simple fact is that there are millions of unpatched
computers that are serving as breeding grounds for malware of all
kinds as well as being used by hackers as bots.
Simply indicating that users can back up their data doesnt address
the impact the unpatched computer has when used as a weapon (bot
launching pad) nor the cost in labor incurred by us collectively
when we respond to the issues botnets cause.
So, you are saying that since you stole my TV, if it doesn't work with
your entertainment system, I should provide the cabling to make it work
properly?
No one has stopped (although I am sure the attempt is being made) the
people from getting patches through other means. Sure - it takes effort -
but the truth is - it should have taken some effort to steal the stuff in
the first place. If you are unwilling to continue the effort of using the
stolen stuff, you should have never stolen the original stuff... Isn't
that known as the snowball effect?
I see what you are saying - the end-result is machines that get infected
and attack legitimate machines - and can make more progress because they
have a broader base (the unpatched machines) to attack from.
However - you can look at that another way..
The stronger you know an attacker can be - the stronger the defenses must
be. So one could argue that such security has improved because the styuff
was stolen and is remaining unpatched. The only machines left being
infested are those who do not take the time to patch their stolen systems.
It's going to happen in any case - patched machines or not. Would it slow
if there were more patched systems or would it speed up because the bots
already there would have new feeding grounds (the patched code) and be
able to learn to get around these patches?
More than likely - it would not slow the onslaught to make it easier for
the ones with stolen stuff to patch their systems.. It would have no
effect probably. The people who get hacked are usually not those who
stole the stuff, but those who did not take the time to secure the OS.
Laziness, a large factor, still exists. And since the automatic updates
still patch critical issues (legit or not) at the moment - these people
are unbelievably lazy if they both stole the OS and didn't turn on the
automatic updates. heh
What I am saying is that you are saying it is the unpatched systems that
are breeding grounds for attacks and bots and hackers..
Yeah - we agree.
What I don't think is that the reason they are unpatched is leaning (in
the majority) towards the stolen systems.. Because those people know how
to protect their systems and do. Allowing those who did not legitimately
license their OS an easier path to patching will not have any effect on
the many people who do not patch because they do not bother to understand
they need to.
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
.
- References:
- Why not patch all windows and not just legal copies
- From: Michael Davis \(Comcast.Net\)
- Re: Why not patch all windows and not just legal copies
- From: Shenan Stanley
- Re: Why not patch all windows and not just legal copies
- From: Michael Davis \(Comcast.Net\)
- Re: Why not patch all windows and not just legal copies
- From: Shenan Stanley
- Why not patch all windows and not just legal copies
- Prev by Date: Re: cant turn windows firewall on
- Next by Date: Re: Why not patch all windows and not just legal copies
- Previous by thread: Re: Why not patch all windows and not just legal copies
- Next by thread: Re: Why not patch all windows and not just legal copies
- Index(es):
Relevant Pages
|
