Russian Roulette with your Network

re: Russian Roulette with your Network

Swiss Consultant — Mon, 09 Mar 2009 20:47:28 GMT

Stop complaining

Server 2008 is more secure. But i hate adding each feature i need afterwards like in stupid Tux. The Concept of MS and succcess was always 1) you install the software, 2) it runs and then you 3) modify to your need.

If people miss out Step 3) because they are too

- lousy,

- have no knowledge

- or some shitty manager want's to cut cost and personal

then well is it MS or the IT-managers?

If MS sells there products if they would need no step 3 (Which costs a lot of money and time) then that's just how it works. The customer wants to be fooled. If you tell them the truth he will buy somewhere else. That's just our stupid society.

Fact was always you run setup.exe and the system runs. You CAN modify it afterwards. That was the key point which made MS so big.

Patching:

Use Windows Update Server 3.0 (Forget SMS/ENTEO/ALTIRIS/Wininstall for Patch managment). The only company who understands how to chain Hotfixes is MS. Windows Update Server is Free and perfect to 2000+ clients (So thats 80% of you). You need IQ to analyse and chain hotfixes otherwise you unpatch systems by patching them. (All you Logonscript patchers ;-)

Mca** did lousy work on Conficker

February Malware Hotfix from MS and Symant** free .EXE File where the only two products who could remove a Conficker variant end of Febraury 2009. Mcaf** 8.5/8.7 VSE could NOT remove the Virus NORE trace it coming to a client in realtime.

All you (I take a shower once a week) Linux Admins and black glasses MAC Designers:

Mac & Linux, take a look at Secunia at total Leaks per Year or per product and just silence please. If every destop OS would be TUX it would be just the same way.

Oh my Amiga was safe, yes there was a virus from SCA (Swiss cracking As. from Weber/ZH) for it. Oh we will use C64+Speedos in all offices. But every manager want's to use Poewerpoint so?

;-)

re: Russian Roulette with your Network

Dravion Smith — Wed, 18 Feb 2009 19:00:47 GMT

The potential risk of Securitycritical Softwareupdate

on Mission Critical Systems is only a Question about how

carefully a Programmer has done its Job.

Honestly, Microsoft Developers are not intrested producing

robust Software, they are allways intrested to get the Job done,

verry quick, verry diry.

Use FreeBSD or Solaris if you want a solid and proven

Enterprise OS and you wil have seriously less Stress.

If you install Windows on your Hardware, then you playing Football with your Network Security!

re: Russian Roulette with your Network

Sektek — Wed, 11 Feb 2009 00:40:39 GMT

Andy, you must realize that Microsoft does indeed "help them to install the software". It is called Windows Update.

re: Russian Roulette with your Network

Andy — Mon, 19 Jan 2009 20:30:20 GMT

Look, your company distributed software that has a security problem. So it has to bear the consequences and deliver the support. I would expect Microsoft to go to customers and help them to install the software as it is their fault, your company delivered broken software.

Why do customers have to roll out patches? Why do companies and European citizens have to invest their man-hours to fix what you broke! How are the compensated?

"Microsoft recommends that customers apply the update immediately."

Oh, nice attitude, go an fix your stuff as we said in bullettin message PBFX #1038478. As if it was our fault!

Who was fired and slain by your company for letting it happen? Did your company express its regret for delivering defect software? No, you rather insult your customers:

"Account Lockouts all over the place, admin passwords that were grabbed (often the Domain Admins) etc – and we had some really upset engineers as they had to work instead of having off because some customers were not up to their duty (and this is what it is for me!)."

Oh yes, you delivered defect software! You were paid for support! So don't complain! Go and fix the mess.

Conficker.B

Gerhard´s Marktbeobachtungen — Wed, 14 Jan 2009 00:12:30 GMT

Ende Oktober hat Microsoft eine außerplanmäßige Sicherheits-Aktualisierung veröffentlicht. Siehe dazu

re: Russian Roulette with your Network

rhalbheer — Sun, 11 Jan 2009 23:58:30 GMT

I did not get upset at all :)

But yes, it is very frightening and I do not understand the motivation behind it and whether it is pure vandalism.

Good luck

Roger

re: Russian Roulette with your Network

Jediwarrior — Sun, 11 Jan 2009 23:52:03 GMT

Thank you, Roger,

I am just a simple user who never had any problems with viruses, worms etc using the Mac. No reason to get sarcastic or upset and I do not want to open the stupid Mac-PC discussion.

One reason for my concern - our company has just shut down the whole network and I just wanted to ask if patched PCs could also catch the worm. You answered the question - yes - only one unpatched PC in a network is enough to spread the infection in the network. Really frightening though! Kind regards

re: Russian Roulette with your Network

rhalbheer — Sun, 11 Jan 2009 22:03:50 GMT

Well, then you do not have the Conficker problem but let's not open the can of worms with regards to Apple vulnerbailities and the willingness of Apple to understand the necessity of AV-software on Apple - I would get too sarcastic openign that.

Conficker.B has several ways to spread. One of them is the MS08-067 vulnerabiltiy but there are others. If you click on the link above on Conficker you will find the entry in our encyplopedia where you find all the ways it spread

Hope this helps

Roger

re: Russian Roulette with your Network

Jediwarrior — Sun, 11 Jan 2009 21:54:38 GMT

Roger - can a PC patched with MS08-067 saftey patch still be attacked and infected by Conficker or any mutants in a company network?

Fortunately, I do not have such problems. The only notebook I use is an iBook G4.

re: Russian Roulette with your Network

carinthian — Fri, 09 Jan 2009 13:17:12 GMT

No, i will not make an update. I will be in the news.