Re: Gold Builds

["Nexus" <nexus () patrol i-way co uk>]

----- Original Message ----- 
From: "Dave Aitel" <dave () immunitysec com>
To: <dailydave () lists immunitysec com>
Sent: Saturday, November 29, 2003 8:31 PM
Subject: [Dailydave] Gold Builds


[snip]

> something funs. But you usually find SOMETHING on anything that's not
> part of the base OS. Backup programs, management utilities, third party
> ActiveX plugins to web servers, XML conversion programs, etc. All that
> stuff is buggy as hell.

Not to mention the [usually] unnecessarily high user contexts that these
applications run in, with their deafult passwords et al.
Did a similar thing myself recently on a commercial application that used
some freeware open source solutions for some of the components - one of
these open source compenents was so old, I couldn't even download the source
code ;-)   However, a quick shufti through the latest Changelog gave me
enough...
IMHO highly customised Gold Builds are best used for blasting workstation
images out, rather than servers in which case I would prefer a standard,
hardened OS build that the required application is then built upon.   That
way you at least get the chance to rip out all those default services,
settings and the like.

Cheers.



_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave