OT: XP SP2 security hole

Fairlight fairlite at fairlite.com
Sat Oct 2 11:07:22 PDT 2004 

On Sat, Oct 02, 2004 at 09:03:02AM -0400, after drawing runes in goat's blood,
Bill Vermillion cast forth these immortal, mystical words:
> 
> MS seems to assume that in the home environment there will be only
> one machine.  That is far from true anymore.  Even OS/X has
> a version that expects up to 5 local machines.

Heh...I haven't had only one machine since 1993 when I moved in with
Kelly.  

> And even when you firewall you still need the AV software.  I like
> the approach of some firewall devices that automatically update
> the virus software on the client machines, and update the info
> all the time.  Then when a client machine tries to go on the 'net
> with outdated rules, it will DL the new rules to the machine
> before it gives them net access.
> 
> This elminates the problem of users being to busy to update
> the AV sw when they sign on, are rushed, and the message comes up
> that they need to update.

I don't actually have a problem using GriSoft AVG.  It does the updates
daily, automagically.  The only thing I grouse about is that it leaves the
program window open after patching if there was indeed an update.  I check
our systems a couple times a month just to be sure nothing hit through a
browser, but otherwise I just scan downloaded files automatically when
GetRight finishes--it launches AVG on the newly downloaded files.

> And hardening machines behind the firewall won't hurt either.  You
> just shouldn't put all your trust in one place.

Indeed.  The Win2k is being patched as far as they'll keep going, which
according to what I read isn't much farther--supposedly only XP will now be
patched, and they've said no new IE for anything other than post-SP1 XP.
The linux is patched to the extent this vendor supports their EOL product
(it's a network appliance, really) and still gets the occasional update
(although I've replaced some subsystems wholesale, like openssh, etc), and
the win95 is about as patched as one can be.  The Win98's and other win95
are currently decommissioned.

> > Trusting M$ to provide security solutions in the first place is like
> > trusting a known embezzler to run your accounting department.
> 
> But in the past few years those who want to get rich have found
> more effective ways than embezzlement.  Look at Enron for example.

Hey, I'm just sayin'...  :)  It was the first thing that came to mind.

> And I'd sooner trust accounting to a known embezzler than an
> unknown one.  The former will know you are watching them. :-)

Set a crook to catch a crook?  I've heard that argument before.  You read
about the brouhaha in the last week or two about the Sasser/Netsky author
being hired by a German AV firm, I trust?  Nobody in the security community
is taking that very well, and with good reason IMHO.  It's ironic, as he
still hasn't been sentenced, last I read/heard.

mark->
-- 
Bring the web-enabling power of OneGate to -your- filePro applications today!

Try the live filePro-based, OneGate-enabled demo at the following URL:
               http://www2.onnik.com/~fairlite/flfssindex.html

More information about the Filepro-list mailing list