Re: SQL Server 120 Trial

From: Steve Kass (skass@drew.edu)
Date: 01/29/03

• Next message: Quin Kan: "Slammer worm a threat to SQL Server 7?"
• Previous message: JOE: "SQL SP3 on .NET SERVER EVAL WORM"
• In reply to: Hal Berenson: "Re: SQL Server 120 Trial"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: skass@drew.edu (Steve Kass)
Date: 28 Jan 2003 18:41:58 -0800

I can't help wonder if Micosoft books like this,
  MCSE: Microsoft SQL Server 2000 Database Design and Implementation Training Kit
which contain the Evaluation Edition CD, have anything
to say about best security practices. Will Microsoft
be recalling all of its publications in order to replace
the CD?

SK

"Hal Berenson" <haroldb@truemountainconsulting.com> wrote in message news:<#nyc16hxCHA.1636@TK2MSFTNGP12>...
> The logic, right or wrong, is that since it's only evaluation software you
> can just remove it if there is a problem. You are only using it for
> evaluation, right?
>
> As much as I hate to say this, you should immediately remove the Enterprise
> Evaluation Edition from your machine. In my opinion, user's should not
> install this software until Microsoft either re-releases the download with
> SP3 pre-installed or at least makes it possible to install SP3 on it.
>
> --
> Hal Berenson
> True Mountain Consulting
>
>
> "Steve" <steve.turnbull@northlincsnet.org> wrote in message
> news:039801c2c5f9$a4e9a7a0$cef82ecf@TK2MSFTNGXA08...
> > I can appreciate that Microsoft doesn't want to support
> > software that is known to be easily 'cracked', but surely
> > they should be able to implement a way of keeping this
> > software secure?
> >
> > Everybody is affected by worms such as Slammer, not just a
> > few developers running SQL. There must be a hundreds of
> > people out there - particularly students - who are using
> > all sorts of trial edition software that is exposed to
> > security risks.
> >
> > Thanks for the reply,
> > Steve
> >
> >
> >
> > >-----Original Message-----
> > >Unfortunately, the Evaluation Edition of SQL Server
> cannot be
> > >upgraded with security fixes or service packs. While I
> am interested
> > >to hear any official word about the wisdom of
> distributing software
> > >with known critical vulnerabilities, I think the best you
> can do for this
> > >particular problem now is to follow these Microsoft
> instructions:
> > >
> > >2) If you cannot apply this patch immediately, the
> following options can
> > >limit propagation of the worm:
> > >A) Block UDP port 1434 inbound and outbound traffic at
> your firewalls.
> > >B) You may also block UDP port 1434 inbound traffic on
> your Microsoft
> > >SQL 2000 Servers. Following this instruction may result
> in support
> > >issues as this port performs name resolution.
> > >
> > >There is usually no support provided for evaluation
> software, but it's
> > >hard for
> > >me to understand how Microsoft can ignore the fact that
> its evaluation
> > >software
> > >is contributing to serious and widespread havoc and
> continue that
> > >practice, to say
> > >nothing about the likelihood anyone currently evaluating
> SQL Server will
> > >decide it's
> > >just fine and dandy.
> > >
> > >Steve Kass
> > >Drew University
> > >
> > >
> > >Steve wrote:
> > >
> > >>I have only recently installed the trial version of SQL.
> I
> > >>can't afford to upgrade just yet, but I am also unable
> to
> > >>install the required service packs/patches to cope with
> > >>the Slammer worm.
> > >>
> > >>I am sure that this could be a major issue, with a lot
> of
> > >>people worlwide being unable to correct the problem.
> > >>
> > >>Is there a workround? Is it possible to successfully put
> > >>the patch onto the 120 trial version, even though it
> says
> > >>service pack 2 must be installed.
> > >>
> > >>Help and advice appreciated (don't want to un-install if
> I
> > >>don't have to...)
> > >>
> > >>Steve
> > >>
> > >>
> > >
> > >.
> > >

---

• Next message: Quin Kan: "Slammer worm a threat to SQL Server 7?"
• Previous message: JOE: "SQL SP3 on .NET SERVER EVAL WORM"
• In reply to: Hal Berenson: "Re: SQL Server 120 Trial"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Management studio with "evaluation period has expired" ... you better let us know if the SQL Server instance itself working and has not expired? ... Even if the Evaluation Period is over, an Evaluation Edition instance would not stop working until it is stopped and started. ... (microsoft.public.sqlserver.tools) Re: Common Criteria Certification ... go the entire Microsoft evaluation staff two months ago - we know this ... evaluations but Microsoft had pulled the plug on the project so he suddenly ... Vista in D.C. before 2010 when we see that certification. ... Kim Jong, MCSE ... (microsoft.public.windowsxp.security_admin) Re: SQL Server 120 Trial ... evaluation software you ... >> I can appreciate that Microsoft doesn't want to support ... the Evaluation Edition of SQL Server ... >>>A) Block UDP port 1434 inbound and outbound traffic at ... (microsoft.public.sqlserver.security) RE: Evaluation Period Expired ... Thank you for posting to the SBS Newsgroup. ... As Marina said, if the evaluation version is expired, we have to reinstall ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: SQL Server 120 Trial ... I can appreciate that Microsoft doesn't want to support ... the Evaluation Edition of SQL Server ... (microsoft.public.sqlserver.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)