Domain: ntsecurity.net
Stories and comments across the archive that link to ntsecurity.net.
Comments · 8
-
Re:How long...
For those who didn't get this joke, here's some info
:-)
http://www.ntsecurity.net/Articles/Index.cfm?Artic leID=8655
Dammit, pick a beowulf joke so I get it! hehe -
Re:one basic reason why windows security sucks
"I am also a certified MCSA"
and then later on...
"People always bitch at MS for bundling software into their OS, but there's no excuse to not include reasonable packet filter ability in the OS."
Well you've certainly proved one thing. People with certifications can often oversell themselves as experts when they really know very little about the products.
Psst... I share the bounty of a simple google search. -
Can't be all that much more secure
If Microsoft halts all new feature development for a month to fix bugs!
http://www.ntsecurity.net/Articles/Index.cfm?Arti
c leID=23971Posted by the same author of the misleading bug brief, Paul Thurrott.
-
Re:And meanwhile here I am...
ok.. so what happens if you open it in IE? I'm on a work PC, so I don't want to try it.. but my curiosity is killing me!!
Read about it here. -
This has been flaming on win2ksecadvice for days..
The whole full-disclosure/"Responsible Disclosure" has been raging on the Win2KSecAdvice mail list (from www.ntsecurity.net) since Monday. A lot of good points have been raised by both sides of the issue.
And while I don't agree wholly with any one side, the point that I agree with in that whole mess that goes against this email (clearly for very restricted disclosure) is this:
I want to know why I'm installing this patch. What does it fix? Do I trust Microsoft to fix it? They broke it in the first place! How do I test my system once the patch is applied to ensure the patch actually fixed anything?
Should I have to pay to be part of some exclusive club that gets to find out how these vulnerabilties work? Sounds like printing money to me...
You can't have your cake and eat it too - either I know how it works or I don't. Giving the information to SysAdmins levels the playing field against the Blackhats. You can bet your @$$ they already know about it. -
Re:Treating net users like thugsheh, silly person. Microsoft does provide patches for its software, 99% of the time, at the release of the security bulletin. Patches, called hotfixes, are then all rolled together into Service Packs, which typically come out every 6-8 months. You can always find the latest status at Microsoft's Security Page. I would also suggest you subscribe to the email notification service, and read Where to Find Security Patches
You could also follow the NT Bugtraq and Win2K BugTraq lists.
The thing is, most people are like you - they don't care to apply the patches. There are far more Windows NT and Windows 2000 machines on the internet, then there are Linux. There are good reasons too, but if I went into them, I'd be labeled a troll..
-
Re:Interesting... is there such a thing for Win NThttp://www.ntsecurity.net
They have a great NT Security book online as well as a bunch of great articles, tools and links.
LiNT
-
A Community Member Responds
As a registered member of the community, I thought I'd take a few shots at the MS "challenge."
First, in the sloppy writing department:
The Linux community has asked Mindcraft:
- To configure and tune the servers themselves.
- To be present to ensure that the tests weren't rigged.
...Well, uh, no: the consesnus is that when Mindcraft configures and tunes the servers (or not, as the case may be...), things go badly for Linux. Feelings on the second point seem to be the same.
What MS mean to write, of course, is that Linux people want to configure, tune, and be present. I'm sure that the sloppy writing isn't intended to muddle the issue, since it's sort of clarified a paragraph or two down.
Looking at their comparison chart, I note that they claim Windows has turned in the "best" scores on some benchmarks, while also noting that no Linux results exist. Winner by default, I guess?
On Linux, it's "easy to gain root access...". But, they say, on NT:
System services run in a secure context providing higher levels of security for multi-user services
Does that mean that this exploit no longer works?
Here's a nearly incomprehensible complaint about Linux:
Low degree of integration increases costs and technical risk
Melissa shows what costs and technical risks come with "integrating" stuff to the extent that MS wants to, but I'm not entirely sure what they mean by the word in this context.
In the damning faint praise department, MS graciously admits that there are "hundreds" of applications available for Linux. Call me crazy, but Unix is, er, "several years" old -- I'm pretty sure there are more than hundreds of useful programs available (whether they're "applications" or not is not terribly relevant, if you ask me). Even if there are only hundreds, well, a comparison of quality, rather than quantity, would be more telling, I think.
Another Linux failing, they say:
No formalized field training
I'm sure I don't know what that means. Organizations like The Learning Tree have Linux courses, and there have been a couple of certification programs announced (if inchoate).
More Linux evil:
Need highly trained system administrators - usually require developer-level skills
Or, you could just give the job to some random person and let him/her peruse the manuals. Things wouldn't turn out any worse than they would if the person were told to run NT instead. The fact is that a Gooey WimpyWYG PointyClick screen doesn't change the fact that administering a computer well (let alone a network) requires skill, intelligence, dedication, and plenty of learning. No "Wizard" will get around this fact.
Administrators are required to re-link and reload kernel to add features to OS.
Uh, well, maybe. But you do have to "install service packs" on NT, which comes to the same thing in the end -- downtime while the admin does something that, if it doesn't work, will result in Bad Things happening until it gets straightened out.
Most configuration settings require editing of text-based files
Oddly enough, they forget the corresponding item on the NT side: "Most config. settings require editing of binary files." Or, rather, one (the Registry), and if you screw it over, God help you. At least the OS keeps a couple of backups by default.
Here's one of their Big Awesome NT Features:
Scriptable administration for automated local and remote management
Unix is Home of the Script. That's all I have to say about that.
NT feature:
OS services and applications designed to integrated and work together
Melissa. Not all rosy.
Linux liability:
End users forced to integrate...
Nope, I'd say MS is the master of forcing people to integrate. (Yes, that was an out-of-context quotation followed by a cheap shot).
NT feature:
Over $2 Billion in R&D spending by Microsoft...
And you know who's paying for that -- look at the prices of their OS and applications (particularly the proposed prices for the various Office 2000 flavours).
And then they sum up. It's crapola in the best tradition of election campaigns, such as the one I'm currently enduring here in Ontario. Some highlights:
Although the Linux community is focusing on the messenger and not the message...
Well, when you notice that the messenger is full of shit, you don't tend to pay much heed to what's being said, now do you? The test was flawed (arguably fatally), so there's little point considering the results.
Now it's time for the Linux community to demonstrate the real performance and scalability capabilities of Linux, or withdraw their criticisms of the initial Mindcraft report.
No, Beavis, it's not. Even if no Linux person steps forward with brilliant test results in response to this "challenge," the fact remains that the original tests (and thus the original report) deserve the criticism they've received. This statement is about as valid as an assertion that since we have trouble treating cancer, we musn't go around saying how bad it is.