Security pro: Windows easier to 0wn

TalkBack 15 of 73:: Next »; « Previous

Thread View
Flat View

The paper is serious: Just because a writer uses humor to express concepts does not mean the content is not serious or that the content is flawed. It simply ensures that the paper is likely to get read. This is an important paper and it should be read.

The paper was complete in terms of what it was dealing with and consistent with other reports of knowledgeable people in the computer security field. There was no need for it to be broader in scope. It was a report, not a thesis. You are trying to find flaws where they don't exist.

"I bet those servers weren't patched, or they were simply misconfigured (weak admin password), and the admins were lying to save face/their jobs."

MS loves to hear how it's really the fault of incompetents that so many of their systems get compromised. And how easy it is to suggest that. You get to pretend to a greater knowledge than you have and remain blind to the very real and serious problems affecting Windows systems, while MS gets to continue to sit on their hands and not fix the problems that are very well-known.

Closing off a few ports (as SP2 does) doesn't solve the basic problem. There are already many articles showing how ports get bypassed or accessed.

"Why do you think the two (IIS5 and IIS6) windows web servers I have the displeasure of running wern't hit by this?"

Are you in the financial services industry? Those were the servers primarily targeted. However, you could very well be infected and not know it, because it has nothing to do with competence. If you don't have outside agencies monitoring your systems, it's quite possible you have no idea what all is happening to the servers. You just think you know what's happening with them.

"If you have a link to some information on these 'patched servers' that were exploited, please share. As an IIS admin it would be of great interest to me."

I didn't bother to save the links because the details were widely reported at the time by the agencies who monitor these things in the journals and magazines that deal with computer security. But it was clear to the monitoring agencies that the servers had been correctly patched or upgraded.

Please note that although I run Linux systems, I am reading about these things and staying on top of them while you appear to be complacent and not aware of the information that is commonly distributed.

One of the sources of protection which Aitel notes in his white paper is the fact that there is better information in the Linux community about what's happening with it than is true of the Windows community. It is much easier to discover the problems in a Linux system and the solutions are much quicker in coming.

All systems have flaws -- Linux is much better at finding and correcting them, that's all (I'm not going to get into the "white hats" and "black hats" on which a lot of this is based -- if you're in the computer security business you will know what I'm talking about). You must be plugged into the information sources if you wish to be aware of what's going on -- even with Linux.

While there is a problem with incompetency, the fact is that if you bother to read things like the Cert advisories, you'd discover that many MS patches are incomplete or placebos and do not solve the problem they are touted to address.

The security problem is not primarily one of incompetency of users and admins. The primary problem is that the OS is not well-protected against attack -- it is too easy for a hacker to 0wn.; Posted by: dhk Posted on: 08/15/04 You are currently: a Guest | Members login | Terms of Use