RE: Re: Microsoft Security, baby steps ?

[John.Airey () rnib org uk]

> -----Original Message-----
> From: Troy [mailto:th () zeno com]
> Sent: Monday, 15 March 2004 16:35
> To: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] Re: Microsoft Security, baby steps ?
>
>
> On Mon, 15 Mar 2004 09:13:54 -0500, "Edge, Ronald D" 
> <edge () indiana edu> wrote:
>
> > > although this could be amusing...
> > > http://www.microsoft.com/security/protect/cd/order.asp
> >
> > I particularly like the second link, which states on 
> ordering a security
> > CD:
> >
> > "Please allow 2-4 weeks for delivery."
> >
> > By which time of course there will be either:
> >     a) a patch to correct the mistakes in the patch on the CD 
> >        which is in mail
> > or
> >     b) a whole new round of patches
> > or
> >     c) it will be too late to apply them because the users machine 
> >        is already trojaned to hell and back.
>
> Actually, that CD only includes the updates as of October 2003. It is
> not meant as a replacement for security updates, but just to make it
> easier to do a clean install of Windows. I suppose part of it is to
> lessen the load on Microsoft's Windows Updates servers, but 
> it does make
> re-installing Windows much easier and faster for the average user who
> does not know how to slipstream the updates into the Windows 
> install CD.
Slipstreaming Windows 2000 SP4 is relatively easy, however you'll find that
you can't run certain Microsoft Java applications (eg Outlook Web Access
Calendar), nor can you install msjvm.exe either if you do. Slipstreaming an
earlier version and then upgrading to SP4 and Microsoft Java works. The Sun
version of Java doesn't work in this instance either (I've tried). 

For 2000 and XP systems you can download the updates from Windows Update and
put them on your own CD together with any service packs. Given how quickly
machines can be infected that's more useful than a CD from Microsoft. Those
of you still supporting NT4 servers are stuck with Windows Update now as
several updates can only be retrieved with the use of a NIC. What is it with
Microsoft and security?

Come on Microsoft. How about putting together a single file that contains
all the "critical" security updates since the last service pack for a given
OS? Then us beleaguered admins can stick it on a CD together with the
relevant service packs and we'd no longer need to use the NIC until a
machine is fully patched. Who knows, perhaps then we'd get sensible results
out of MBSA?

I use kickstart and the genhdlist package with Red Hat to ensure that any
installed system has all the updates installed on the first boot after
installation. Why then does Windows have to lag so far behind?

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk 

Shameless movie plug - go see the Passion of the Christ!

- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html