Re: How to fix broken security in Windows 2000?

• Previous message: Herb Martin: "Re: Windows 2003 Home Directory Not Mapping"
• In reply to: Karl Levinson, mvp: "Re: How to fix broken security in Windows 2000?"
• Next in thread: Pat Walters [MSFT]: "Re: How to fix broken security in Windows 2000?"
• Reply: Pat Walters [MSFT]: "Re: How to fix broken security in Windows 2000?"
• Reply: Charlie Tame: "Re: How to fix broken security in Windows 2000?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 27 Jan 2005 13:42:46 +0900

The lady doth protesteth too much. Or is it one of Arnold's girly-men? Well,
actually the "incident" most reminds me of a certain very prominent judge
who wrote a 20-page explanation of why an apparent personal interest in a
certain case was not really an interest, so there was no reason to recuse
himself. Sorry, but the 20-page explanation goes way *beyond* the appearance
of a conflict. That explanation itself was the most concrete evidence of why
the judge should have recused himself, incredible hypocrisy notwithstanding.
Same with your verbose defenses of your technical abilities in the absence
of technical answers.

Of course, I'm not surprised you can't put up (something of technical
value). I am surprised you aren't smart enough to use the other half of the
old saying. Years ago, way back when the MVP program was useful, I would ask
similar technical questions, and if there was an answer from an MVP, it was
almost certain to be very helpful. Even their questions were helpful in
finding the real source of the problems. Other times my questions went
unanswered, but sufficient research revealed that they really were that
difficult to answer or even define, and the MVPs were correct to wait for
more knowledge.

These days it seems like an MVP will usually respond quickly--but for any
non-trivial question, more often than not, the response is just incorrect.
That is why I asked about the current metrics Microsoft is using to assess
the MVP program. I really suspect you get MVP brownie points for being the
first MVP to answer, and without regard to the utility, correctness, or even
relevance of the answer. I am quite sincerely interested in how Microsoft
does business, even in the ethically dubious tactics. As regards the MVP
program, I think it was probably easy for Microsoft to tip the scales in
this way, since most technically competent people are too busy to donate
lots of time to Microsoft's greater glory. (Yes, I'm being slightly tongue
in cheek, since I'm sure you do it to help the suffering customers--but
Microsoft is still willing to make a bit more money by milking your
efforts.)

Regarding your (Levinson's) list of candidates for MVP incompetence, I'm
sorry, but I don't track people for their inability to be helpful. I
remember people for their competence, especially technical competence. I
used to know the names of a number of MVPs--but I recognize none of the
names you mentioned. Just piling the evidence up, aren't you? Now excuse me
while I forget your name, too.

As I am prone to do, I'll commit the folly of mentioning technical matters
in what is eminently not much of a technical thread. Now that I can run SFC
again, it issues the same unable-to-verify complaints about a number of
files. Still no hint about *which* files are too new or *which* security
certificates are still missing. (However, I'm supposed to receive a new
computer in a month or two, so I think I'll just ignore it until then. Maybe
I'll convert this old one to Linux?)

Karl Levinson, mvp wrote:
> "Shannon Jacobs" <shanen@my-deja.com> wrote in message
> news:OvKU5AbAFHA.4044@TK2MSFTNGP11.phx.gbl...
>
>> Several of my earliest attempts along the
>> missing-security-certificate path were to try to reinstall some of
>> the recent security certificate updates that WindowsUpdate had
>> provided. I was not able to do so from the Microsoft site, and none
>> of the MVPs even thought to suggest that approach.
>
> Well, if reinstalling the patches didn't fix the problem, isn't it a
> good thing we didn't suggest it?
>
> Windows Update absolutely lets you see and re-install whatever
> patches are on your system, but it has no possible way of knowing
> about patches that were pushed down by your IT staff using who knows
> what method, nor would we. You would have to contact your IT staff
> for that.
>
> Your only statement in your OP regarding patches was this:
>
> "Some possibility it may have been caused by a WindowsUpdate,
> possibly even one that was pushed onto my machine by the corporate IT
> people."
>
> With that vague level of detail, of course your IT people knew how to
> fix the problem and we didn't. Your IT people knew which patch they
> had pushed out to cause the problem, and we still don't.
>
> Even now, you still haven't provided enough information about which
> patch or file was the problem, but you expect us to magically know
> the answer in a minute to a problem you've been struggling with for
> months. I can only guess that the patch you're talking about might
> be the May 2004 root certificates update over 7 months ago, but I
> would be hesitant to waste your time offering suggestions like
> reinstalling this or that patch based on that guess [and since this
> didn't fix your problem, it's a good thing I didn't sugest it]. You
> still haven't shared enough detail about the fix to help anyone else
> learn from your experience.
>
>> Using the link I provided (which actually came from someone in my
>> company), I was able to find a file which fixed the damage.
>
> How do you know your IT people didn't get the answer to this problem
> from Microsoft, or from an MVP?
>
>> I am not certain if that
>> file is the same one that exists somewhere on the Microsoft site, or
>> if it was a special version. However, I am absolutely certain the
>> Microsoft search engines failed to find it, and the MVP program
>> participants also failed to find it--or even to suggest looking for
>> it.
>
> Most problems with Microsoft patches are due to pre-existing problems
> with the configuration of the PC. If no one else on the planet has
> ever had your problem, then why would you expect the solution to be
> in the Microsoft knowledge base? Note that your problems [getting
> answers from the MS search engine or from the newsgroups, your
> computer breaking in the first place] always seem to be because
> someone at Microsoft has failed you, never because of you, say,
> entering the wrong description or deleting root certificates.
>
>> The part that is apparently rubbing you the wrong way is my general
>> comments about what Microsoft has done to the MVP program. If so,
>> you should quit acting in a way that provides additional evidence.
>> So far you are only reinforcing my belief that Microsoft has pretty
>> much destroyed the MVP program by getting rid of the most
>> technically competent people.
>
> Which of the Microsoft MVPs do you think are not technically
> competent? Is it Ed Skoudis? Stuart McClure? Roberta Bragg? Tom
> and Debra Littlejohn Shinder? Mark Russinovich? Mark Minasi? I
> would like to know why you think the MVP program has fewer or less
> competent MVPs. How and why exactly would Microsoft want to spend
> money and time on the MVP program, but intentionally choose the worst
> candidates? How and why would they destroy the program by increasing
> their support for it?
>
> If Microsoft is solely in it for the money, as you claim, then why
> spend a single cent on the MVP program in the first place? You do
> realize that Microsoft has given you access to pretty much the same
> knowledge database that their paid support technicians use when you
> call them, correct? And that Microsoft lists the phone numbers of
> other companies that offer cheaper tech support on their support web
> site? There are certainly some valid criticisms that can be levied
> at Microsoft, but your criticisms of Microsoft make little sense and
> border on paranoia.
>
>> Or perhaps
>> they have simply changed the incentive system so the MVPs are
>> encouraged to post meaningless answers even when they have no idea
>> of what the answer is?
>
> The link I posted may not have fixed your problem, but it is the
> answer to what you asked: "what are the dependencies and
> troubleshooting steps for certificate problems related to SFC?"
>
> I also tried in my post to clear up some of your misconceptions about
> how PKI certificates work that were causing you to angrily think
> Microsoft was trying to re-write PKI specifications. You have yet to
> prove or suggest why the link I posted was meaningless. What exactly
> was it in the link that did not apply to the question you asked?
>
> The award MVPs get from Microsoft is relatively small and hardly
> compensates me for all the time I spend here. If you think I post
> thousands of posts here every year because of this award or because
> it gets me some kind of points, you are very mistaken.
>
>> Certainly I admit that some of my queries are liable to be
>> non-trivial. Whatever the reason, I also believe this negative
>> change to the MVP program is a deliberate policy on the part of
>> Microsoft to discourage customers from relying on no-cash-involved
>> support.
>
> I see. Microsoft has increased the number of MVPs over the past two
> or three years in order to discourage relying on free support. That
> makes lots of sense.
>
>> In truth, the main technical value I get from the newsgroups in
>> recent years, and the only reason I will sometimes resort to them
>> (and usually only after some weeks of struggle), is that the process
>> of describing the problem more precisely and completely for a public
>> post is sometimes helpful in understanding the solution.
>
> I see. So, you don't really need anything from us. You solve the
> problem entirely on your own, just by typing it down here to us.
> Microsoft and the MVPs caused the problem, hide the solution to the
> problem from you, solely for monetary greed on the part of all of us,
> and you single-handedly solve the problem. Might I recommend posting
> your next question to microsoft.public.test? You'll get the same
> results.
>
> I'm not sure how exactly coming back here to insult us and express
> your disappointment in our not solving the answer fits in with this,
> given that you didn't really expect us to solve the problem, but then
> again, I'm just an MVP, so I have trouble tying my shoes in the
> morning.
>
>> Not so in this particular case, however. This
>> time it was just a lucky cross-reference that caught my eye. (I
>> cannot provide a link to that source since it is internal to the
>> corporate intranet, not public.)
>
> That's convenient. And that prevents you from posting details about
> the fix too?
>
>> Today I do have a new technical problem from another friend, but I'm
>> not yet stumped or desperate enough to describe it here. Thanks, but
>> no thanks.
>
> No problem. When you encounter problems too tough for you to solve,
> we'll be here to help.
>
> kind regards,
>
> Karl Levnson, CISSP

• Previous message: Herb Martin: "Re: Windows 2003 Home Directory Not Mapping"
• In reply to: Karl Levinson, mvp: "Re: How to fix broken security in Windows 2000?"
• Next in thread: Pat Walters [MSFT]: "Re: How to fix broken security in Windows 2000?"
• Reply: Pat Walters [MSFT]: "Re: How to fix broken security in Windows 2000?"
• Reply: Charlie Tame: "Re: How to fix broken security in Windows 2000?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]