Hi Byron,

I didn't mean that tools should be developed because the vendor's tools
are insecure. When I say 'those that care for security', I basically
mean 'those that follow up on hotfixes'. Because hotfixes are sooo
necessary I have been pushing them to clients for years now, and I
must say that Kixtart logon scripts does just fine. The fact with
hotfixes is that they sometimes contain some surprises & by using
the MS Update Server as I understand it now, it assures you of a
daily helpdesk overload ... hotfixes still are (and will remain to be)
System Updates, that you should TEST first & then bring into production.
I'll say that I don't see a place in my network for this kind of server,
but other people would really benefit from the tool. I am just a little
bit tired of MS (or other software vendors for that matter) running behind.
The server is not THE SOLUTION, which the MS marketing people will try to make
it sound like, it is A TOOL that might have a place in your daily Security
Effort.

I agree with you that it certainly ain't the tool that's the problem, but
the mentality.

Maybe I didn't make myself 2 clear :-)

Cheers,
Wim

>===== Original Message From Byron Kennedy <byronmarkettools.com> =====
>I don't disagree agree with you in substance, especially in your last
>paragraph, but why is it a stupid idea? Is it because, you say, "Most
>Admins (at least the
>very few that are concerned about security on their network) already use
>programs or have developed techniques to push patches, etc to the
>clients"? Oww yeah? We'll I consider myself a rather technical person, in
>legal terms what you suggest is called "vague and presumptuous" - calling
>for conclusions and lacks supportive evidence. I'd actually bet that many of
>us security minded professionals, for many very valid reasons don't or
>haven't developed these tools and where we have, perhaps see room for
>innovation and improvement. So, back to your theory, do you also purpose
>that we all use Antivirus packages and scanning engines that we integrate
>ourselves via perl and c++ and never use the auto update features because
>it's more secure to download the digitally signed/encrypted definitions
>manually and distribute them ourselves - with our own tools? :)
>
>Vendors natively providing security update automation isn't necessarily a
>bad thing and neither is using our own tools internally. Sure such vendor
>supplied tools could potentially have security issues, but so do all
>connections to the intranet. Whatever tool you use, secure it. what about
>md5, tls and ipsec? There are many ways to achieve the objective securely.
>Microsoft, in their continuous efforts to supply us with integrated,
>user-friendly tools, is now, offering another. I contend the tool is not
>the security problem - it's the mentality. Why not write in about ways that
>this software could be offered in the most secure manner possible? what an
>asset that'd be to your peers!
>
>cheers-byron
>
>-----Original Message-----
>From: Wim Remes [mailto:wim.remesskynet.be]
>Sent: Thursday, October 04, 2001 11:26 AM
>To: Arendt, Jordan ED0; 'Paul L Schmehl'; Byron Kennedy;
>focus-mssecurityfocus.com
>Subject: Re: Microsoft Announces Strategic Technology Protection Program
>
>
>That 2nd last paragraph is a really stupid idea. Most Admins (at least the
>very few that are concerned about
>security on their network) already use programs or have developed
>techniques to push patches, etc to the
>clients. I'm certainly not gonna pay for another M$ product when I can
>handle updating of the clients with
>a simple tool like KixTart !!!! That 'new' server product will in itself be
>subject to vulnerabilities, poor programming,...
>Let's imagine that a hacker succeeds in writing a virus that masks itself as
>a MS-update, gets access
>on the Local Update Server & sits back until the MS-server decides to
>distribute it to every single client on your network...
>That'd be fun ....
>
>Security ain't a thing you can buy ! It is a service you provide to your
>customers, something you work on every day &
>last but not least something that should never be put back with the simple
>question "Why would anyone target me?"
>
>cheers,
>
>Wim
>
>-------------------------------------------------------------
>I really don't wanna hear that Texan say "Make no mistake about it..." one
>more time...
>----- Original Message -----
>From: Arendt, Jordan ED0 <Jordan.Arendtsasked.gov.sk.ca>
>To: 'Paul L Schmehl' <paulsutdallas.edu>; Byron Kennedy
><byronmarkettools.com>; <focus-mssecurityfocus.com>
>Sent: Thursday, October 04, 2001 6:50 PM
>Subject: RE: Microsoft Announces Strategic Technology Protection Program
>
>
>> Read the second last paragraph:
>>
>> http://www.secadministrator.com/Articles/Index.cfm?ArticleID=22751
>>
>>
>> Jordan
>>
>> -------------------------
>> <snip>
>>
>> But you're absolutely right. Updates at LAN speeds would sure be more
>> convenient, especially in a "crisis" situation. The Internet isn't always
>> "up". Our LAN is.
>>
>> <snip>
>> > needed fixes. Oww yeah, and it could provide a web front-end like
>> > windowsupdate. :) I'm sure someone besides me has thought of this. The
>> > Windowsupdate site is a great interface to point users to, but we need a
>> > local Server w/ LAN speed access.
>>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]