OT: XP SP2 security hole
Bill Vermillion
fp at wjv.com
Sat Oct 2 06:03:02 PDT 2004
Putting quill to paper and scribbling furiously on Fri, Oct 01 13:04
Fairlight missed achieving immortality when he said:
> On Fri, Oct 01, 2004 at 09:36:04AM -0400, after drawing runes
> in goat's blood, Kenneth Brody cast forth these immortal,
> mystical words:
> > Windows XP Service Pack 2 Firewall Configuration Error
> > Exposes File and Print Sharing to Remote Users
> That's what happens when you depend on a software firewall
> configured by someone at M$, rather than blocking all unwanted
> access to 137-139 at your main point(s) of access (ie., the
> primary router(s) or switch(es).
MS seems to assume that in the home environment there will be only
one machine. That is far from true anymore. Even OS/X has
a version that expects up to 5 local machines.
> Individual "personal" firewalls in XP (ditto with other
> products...ie., BlackIce) make next to no sense to me in a
> -corporate- environment. That crap should be home-user stuff
> only. Corporations that don't firewall things properly at their
> perimeter pretty much ask for whatever problems they encounter.
And even when you firewall you still need the AV software. I like
the approach of some firewall devices that automatically update
the virus software on the client machines, and update the info
all the time. Then when a client machine tries to go on the 'net
with outdated rules, it will DL the new rules to the machine
before it gives them net access.
This elminates the problem of users being to busy to update
the AV sw when they sign on, are rushed, and the message comes up
that they need to update.
And hardening machines behind the firewall won't hurt either. You
just shouldn't put all your trust in one place.
> Trusting M$ to provide security solutions in the first place is like
> trusting a known embezzler to run your accounting department.
But in the past few years those who want to get rich have found
more effective ways than embezzlement. Look at Enron for example.
And I'd sooner trust accounting to a known embezzler than an
unknown one. The former will know you are watching them. :-)
Bill
--
Bill Vermillion - bv @ wjv . com
More information about the Filepro-list
mailing list