Full Disclosure mailing list archives

Re: MS-02-052 + blackholing MS


From: steve () videogroup com (Steve)
Date: Tue, 24 Sep 2002 13:12:24 -0400

On Monday 23 September 2002 04:26 pm, 
lists_full-disclosure () darkuncle net wrote:
It's not about whether or not there have been X advisories for a
product in the last Y days/weeks/months - when I choose a product
with an eye towards security, I look at the long-term track record of
the product, and of related products produced by the same group or
company. Apache has a pretty stellar track record over its lifetime.
So does OpenSSH. Microsoft may have had a good month or two lately
(or not!), but their track record ranks among the worst in the
industry. That said ...

For me, it's both a matter of principle (I don't like MS software or
business tactics, and refuse to support either) and practicality (the
idea of having to admin a Windows network is the stuff nightmares are
made of; thanks, but no thanks).

Yes, windows server products can be locked down. My gripe is with the
amount of relative effort required to do so, compared with a good
free *nix equivalent - FreeBSD, for instance. Not to mention the
disturbing trend towards patches that have EULAs requiring one to
give remote administrative access to MS for the purpose of ensuring
no copyright infringement, etc. (I'm sure they have cleaned up the PR
disaster that issue was; the underlying corporate attitude that
caused it has not changed in the last 10+ years.)

The funny part is that this is exactly my view. I took it for granted 
that it was shared by most people here. Of course there's a diff 
between securing boxes and systems and actually doing all the daily 
maintenance. I don't have any idea how many here does both.

Take Dell f.ex. They reboot their 200 Win servers every night to make 
sure they are stable the next day. When a company their size decides 
it's what's needed, one can only wonder how many other ones does it 
too. (NT 3.5x had an automatic reboot built in which would reboot it up 
to every 39 days.) 

The GUI produces a false promise that it's easy to maintain because it's 
easy to look at. I saw a posting someplace where the admin was 
complaining that he had to open a config file with an editor! What is 
the world coming to. Imagine that! : ) 

MS has created a currupted concept of what it takes to be an admin. They 
are the ones who put together the howto manage their systems which is 
used to train every MSE etc. All of which is a pie in the sky unless 
you are really, really good. Yet I had no problem getting my very first 
Linux box running stably. Which was a broken Slakware version in 
-94/95.

(A few years ago I used to provide solutions to windows shops. My 
customers covered the US and included the Marine corp as well as small 
ISP's etc. About 3000 total. Of all of them only two had uptimes of a 
year or more. They were in a glass house scenario. What kind of crap is 
that when you don't dare doing anything because it might become 
unstable?

Granted, you don't let any idiot play on it, but that applies to any 
server. I have no qualms about adding stuff to my key *nix boxes in 
fear they might become unstable. They stay up nicely until I bring them 
down for whatever reason.)

One just cannot speak of maintaining windows and *nix in the same 
breath. Which of course also goes back to the *nix concept of all being 
a file and where Bill thought he was smart by making everything an 
object. It might be, though I doubt it, but for sure not in his 
incarnation. 
-- 
 
Steve Szmidt
V.P. Information Technology
Video Group Distributors, Inc.


Current thread: