Microsoft to help governments with security

TalkBack 11 of 44:

Next »

« Previous

• Thread View
• Flat View

Oops, someone has lousy reading comprehension!

You pork IIS, you own the whole box.

Again, I have to wonder what IIS security has to do with Windows security? I won't pretend to know everything about IIS deployment but if it turns out that there is absolutely no way to run IIS in a restricted account then that is a weakness in IIS, not Windows.

breaching the application is only the first hurdle

Considering there are many services available for Windows that can and do run perfectly well under restricted accounts, the assertion that IIS can't only suggests that IIS sucks, not Windows.

You've had a naked Windows box connected directly to the internet with no NAT'ing, no proxy, firewall or boundry router and you're telling us it's never been penetrated?

Where did I say that I didn't have perimeter defenses? Even if you didn't want to buy a NAT router/firewall, there are plenty of free software firewalls available if the one that comes with XP doesn't suite your needs. Using some sort of perimeter defense is absolutely essential, free, and quick, no matter what OS you use. My response was to this original statement:
Put a patched Windows box on the 'net and you're cooked within 30 mins. Even with the latest patches.

Since "patched" suggests SP2 which suggests "firewall", my response is completely accurate. Unless you take great comfort in the fact that your unpatched Linux machine WILL be compromised in 30 days, why wouldn't you patch and defend your Linux system too? If I had been running Linux without a firewall for the last 3 years, I would have been compromised 36 times. This is a good thing?

The actual documented average time is 23 minutes. I think he was just rounding up to the even half-hour and it's being generous.

That was for an unpatched machines, not patched ones. Considering the latest patch (available for some time now) defaults the firewall to "On", a patched XP box could stay "naked" on the internet for a very long time without being comprimised.

Besides, who cares how dangerous it is to network without protection when protection is SO easy and free? It would be like speculating how dangerous it would be to stick a knife into a plugged in toaster. The answer might be "very dangerous" but who cares when it is so easy to unplug a toaster?

Posted by: NonZealot   Posted on: 02/02/05 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
• Performance Automation in DB2 LUW Quest Software Are you getting top notch performance from your DB2 LUW applications? ... Download Now
• Finally, an Easier Way for Small and Mid-Sized Companies to Run Their Business Applications: IBM Smart Business IBM From the PC to the Internet to every piece of hardware and software in ... Download Now