Re: Securing a Windows 2003 server
phn_at_icke-reklam.ipsec.nu
Date: 05/07/04
- Next message: Bit Twister: "Re: Securing a Windows 2003 server"
- Previous message: Kevin Wheeler: "W2k3 security template"
- Maybe in reply to: Roger Abell [MVP]: "Re: Securing a Windows 2003 server"
- Next in thread: Bit Twister: "Re: Securing a Windows 2003 server"
- Reply: Bit Twister: "Re: Securing a Windows 2003 server"
- Reply: Phillip Windell: "Re: Securing a Windows 2003 server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 7 May 2004 13:53:02 +0000 (UTC)
Phillip Windell <@.> wrote:
> <chris@nospam.com> wrote in message
> news:oeoj90tp143bqt8gll17huh7vtmthumatu@4ax.com...
>> Really? I think you'll find that Microsoft is the worst for lead
>> time to issue patches once notified of a vulnerability.
> No, that isn't the case. MS has much more resources concentrated in one
> location to be able to respond quickly. Linux has no "owner" and has no
> company or organization "responsible" for making corrections so a lot of
> time is lot before anyone figures out who is going to be the one to fix it.
FUD
Remember who gave you all these security holes. Yes, thats right, microsoft.
Anyone remenber gated "thrustworthy computing initiative" ? Did it
change anything ?
>> As for number of vulnerabilities found, Linux has more found this year
>> than Microsoft. Of course the severity of the MS ones have generally
>> been worse by allowing complete remote takeover, whereas the bulk of
>> the Linux ones required a local attack.
> The term "complete remote takeover" is exaggerated and over used and
> particularly worse,..."undefined". Those security bulletines are almost
> like "form letters" that keep using the same "scary" terminology without
> ever explaining what it really means. I have yet to see a vulnerability
> that will grant an attacker "PCAnywhere-like" abilities on the machine. I
> have met some of those who actually write those bulletines and although I am
> convinced they are dillegent and comminted to doing a fine job, their
> terminology needs to be define much better and less vague.
Well, i can explain these difficult words for you :-)
"remore exploit" means that you can break in across the network, i.e.
a hacker in another country might use this. Like Sasser worm.
"Local exploit" means that one has to have control over at least one
running process ( generally means logged-in at the host).
Figure out which one is the largest threat to your systems.
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
- Next message: Bit Twister: "Re: Securing a Windows 2003 server"
- Previous message: Kevin Wheeler: "W2k3 security template"
- Maybe in reply to: Roger Abell [MVP]: "Re: Securing a Windows 2003 server"
- Next in thread: Bit Twister: "Re: Securing a Windows 2003 server"
- Reply: Bit Twister: "Re: Securing a Windows 2003 server"
- Reply: Phillip Windell: "Re: Securing a Windows 2003 server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
