Microsoft Security

[n0cmonkey]

OS Opinion released a short article on Microsoft's new security plan. Microsoft will not be writing new code this month, but just doing a quick security audit. Bravo Microsoft!

It was mentioned on The OpenBSD Journal that the biggest problem with Microsoft's security is the users. So will education be pimped by Microsoft? Let's hope so.

There is also an article on Security Focus mentioning several companies, including Microsoft, @stake, and Foundstone (among other big players) working on a draft on full disclosure. This will include a one month wait before releasing specific exploit code and information. Is this full discloseure as we know it? Not exactly. But I think this is definitely a good idea to give the vendor time to release a patch, and 30 days should be long enough.

 

[Psychoholic]

<< It was mentioned on <a class=ftalternatingbarlinklarge href="http://www.deadly.org" target=new><FONT face=Tahoma color=#000080>The OpenBSD Journal</FONT></A> that the biggest problem with Microsoft's security is the users. So will education be pimped by Microsoft? Let's hope so. >>


I've said that of any OS. I doesn't matter what OS is being used, a lax, uneducated Administrator is a disaster waiting to happen.

 

[n0cmonkey]

<<

<< It was mentioned on <a class=ftalternatingbarlinklarge href="http://www.deadly.org" target=new><STRONG><FONT face=Tahoma color=#000080>The OpenBSD Journal</FONT></STRONG></A> that the biggest problem with Microsoft's security is the users. So will education be pimped by Microsoft? Let's hope so. >>


I've said that of any OS. I doesn't matter what OS is being used, a lax, uneducated Administrator is a disaster waiting to happen. >>



Agreed, but considering the source (OpenBSD site) you should be happy that BSD snobs are admitting its not all Microsoft's fault

 

[Psychoholic]

OK, that's the first and the last time I try the WYSIWYG editor. Trying to quote someone sucks.



<< Agreed, but considering the source (OpenBSD site) you should be happy that BSD snobs are admitting its not all Microsoft's fault >>


You're right. I'm happy they are finally admitting that. It's about damn time they wake up and listen to what I've been saying for a long time now.

 

[n0cmonkey]

<< OK, that's the first and the last time I try the WYSIWYG editor. Trying to quote someone sucks.



<< Agreed, but considering the source (OpenBSD site) you should be happy that BSD snobs are admitting its not all Microsoft's fault >>


You're right. I'm happy they are finally admitting that. It's about damn time they wake up and listen to what I've been saying for a long time now. >>



Now its not *ONLY* the fault of the users, but they are the biggest problem in my opinion. I cant wait to see what Microsoft pulls out of all this.

 

[Psychoholic]

<< Now its not *ONLY* the fault of the users, but they are the biggest problem in my opinion. >>


Never said that was the only problem, but I'd be willing to place the percentage around 80% or so. For example, IIS would not have been affected by most of the Nimda variants even without the patch, if only the Administrators knew how to securely lock down IIS.

Microsoft isn't perfect and there will still be bugs and security holes, that's true of any software. As both you and I know there's no such thing as bug-free.



<< I cant wait to see what Microsoft pulls out of all this. >>


I think whatever happens it will improve security considerably. I've have already seen improvements in the handling/availability/access of security patches since they first started talking about clamping down on security problems.

 

[n0cmonkey]

<<

<< Now its not *ONLY* the fault of the users, but they are the biggest problem in my opinion. >>


Never said that was the only problem, but I'd be willing to place the percentage around 80% or so. For example, IIS would not have been affected by most of the Nimda variants even without the patch, if only the Administrators knew how to securely lock down IIS. >>



But why not have it secure by default and make the admins screw it up? My philosophy on those things.



<< Microsoft isn't perfect and there will still be bugs and security holes, that's true of any software. As both you and I know there's no such thing as bug-free. >>



Agreed.



<<

<< I cant wait to see what Microsoft pulls out of all this. >>


I think whatever happens it will improve security considerably. I've have already seen improvements in the handling/availability/access of security patches since they first started talking about clamping down on security problems. >>



Since I have little exposure to Windows stuff except what I read on the net, Ill let you help keep me up to date on this stuff. Most of the web sources are biased the opposite direction than you, so you can help make a sort of balance. If you dont mind of course