Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Russ Cooper's AusCERT Presentation on MS Security Bulletins
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpaPACBELL.NET)
Date: Wed Jun 02 2004 - 14:19:59 CDT
Sorry Russ, but this gal in SBSland thinks that non-patching is NOT the
way to go.
Granted I'll agree that we need to work smarter and zone off our
networks, use quarantene features to ensure that machines pass "muster"
before attaching, but I'm sorry this sounds too much like a plug for
your "Risk management" services.
Personally in SBSland I have more issues with Service Packs than I do
with Security bulletins. I'll take a Security hotfix anyday, thank you,
and since I can't with 100% certainty ensure that I know where all my
risks and threats may be coming from, me and my Shavlik patching tool do
feel that I get 100% in my lan of patching. And if you miss a few, or
kill a few while patching.... isn't that better than the potential risk
exposure you are doing by not patching? In big server land they can
quickly reimage that workstations and get it back into production. Me,
I rescan with Shavlik and ensure I'm at 100% status. And sorry, I just
don't buy into your idea that because large corporations can't patch
100%, they are better off not patching at all? Dude? Sorry but when I
was at a recent beancounter geek conference and my laptop was sitting
there on XP sp2 RC, firewall in place AND the Sasser patch in place, I
could feel quite smug as fellow geeks and vendor booths were nailed by
the worm. Ever heard of multi layered protection?
I don't know about you but I hated NT4. No plug and play, dip switches
and I would cross my fingers when rebooting that sucker. Sorry Russ,
this Gal is glad to never see NT4 or Windows 98 ever again.
Once you have a patch management tool in place, have made a choice to be
smarter about managment of a network... sorry but patching is no longer
the beast it used to be for me. In SBSland I've probably patched for
every single one of those patches and used to dread the once a week
onslaught. Now I'm 100% "Borg" and have a fleet full of XPs with a
Shavlik patch tool that can patch at a moments notice. I get a monthly
"control freak thrill" by patching [okay I'm wacko, I'll admit it]
You know what scares the heck out of me? Not monoculture, but
diversity. There are programs on my workstations that I have no way to
test if they are there, no way to remotely patch and no way to
control...... real audio... flash... java....the list is endless of the
other stuff I have in my LAN that I have no idea what patch level they
are at. Some of the newer stuff even loads up "auto updaters" that I
have no idea what day or time they are getting updated.
Microsoft could come out with 200 patches next week and it wouldn't
phase me in the least. I have a testing mechanism, a tool to remotely
patch and backups to get myself to where I was at, and a community to
bounce ideas and shared experiences with.
No sorry, Security is not about the patches, it's who in charge of the
network. It's about the policies I have in place, the end user
awareness. You just added to FUD [fear uncertainty and doubt] and fed
into the Corporate idea of "blaming your troubles on this OS"... instead
of security the network with access rights, policies, procedure,
education, awareness and a 2x4 upside the head.
Right now it is not Microsoft making me insecure it's crappy line of
business applications that have not been re-written since Windows 98 and
still require me to use local administrator or waste my time using
Sysinternals filemon/regmon and figure out what stupid registry keys I
need to loosen up because they haven't taken the time to code more
LOB applications are the ones that are driving my risk factors, not
Have you taken a close look at the changes being made in XP sp2?
Firewall protecting the stack as it loads? This Microsoft shareholder
likes what she sees.
I'd strongly urge folks to download the Release Candidates... RC1 is out
now and the rumormill buzz from Neowin is that RC2 soon to be out.
Then go to your line of business applications and tell them to start
>As you may have heard, I did a presentation last week at the 2004
>AusCERT Conference in Gold Coast, Australia.
Patch Automation v6.0 by Mobile Automation, Inc. allows you to quickly
identify and fix all PC's that are exposed to the Sasser worm! Our
solution provides quick and seamless discovery and deployment of all your
PC computer's Microsoft security patching needs. Regardless of where
you're PC's reside (inside the LAN, at home or on the road), Patch
Automation gets the job done. Contact us to learn about our free 30-day
trial version at 800-344-1150 or visit our website at