Re: 2003 Web Server Security flaw

From: Robert Waite (bob2dev_at_tampabay.rr.com)
Date: 12/29/03 

Date: Sun, 28 Dec 2003 19:46:30 -0500

Moir is right and buried in his last reply was the answer.

Too bad it took so much work to get a direct & simple answer to a simple
question;
but, in my 20 years experience with user groups since Compuserve, such is
par for the course.

At least you two replied, did not flame me, and I appreciate that.

A basic principle from security GURUs that I accept is:
"Disable all unnecessary services and don't install unnecessary programs in
order to reduce
yet undiscovered attack points by a hacker."

Win 2003 acknowledges that principle in a major way, but far from
completely.

Have you two noticed how many Services, not necessarily used, still are
STILL installed
BY DEFAULT as Started or Manual. I have Disabled about 20 and my Web Server
still
does it's job. Smaller memory footprint, too!

Even Admins who pay no attention to security, patches, etc don't allow a
user to be at
the console running Outlook Express, Netmeeting or Media Player.

So, if you two are right, in the next two years, we will hear on no Win2003
Web Server sites
being compromised because of flaws, buffer over-runs, etc in those three
programs. Right?

Respectively,
Robert Waite

"Robert Moir" <bofh@mvps.org> wrote in message
news:%23qC7vLZzDHA.1412@TK2MSFTNGP11.phx.gbl...
> Nobody wrote:
>
>
> > I am curious though as to which DLLs you are referring?
>
> I think he means the ones he's imagining because he doesn't realise the
> files are protected by windows system file checker thingy.
>
>

Quantcast