Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Blasted For Lax Security

Posted by timothy on from the they're-also-the-biggest-target-though dept.

fducky writes "Once again Microsoft is blasted for lax security. This CNN article cites experts denouncing the recent Microsoft security efforts as rating an 'F'. The recent MS-SQL worm got this most recent round of MS bashing going. Google News has more stories on the subject."

4 of 395 comments (clear)

  1. 4 Easy Steps by rasafras · · Score: 0, Redundant

    1. Gain monopoly 2. Make insecure products 3. ??? 4. Profit!

    --
    webpage
  2. Portscanning for security... by sedna · · Score: 1, Redundant

    One issue concerning differences in security regimes between UNIX and Windows system that rarely seems to be discussed, is port scanning

    When a Unix exploit emerges, the IT department at my University scripts a portscanner, identifies vulnerable machines and contacts their admins. If the machines are not patched within a certain time, they are disconnected from the network. I for example got an Email about my linux server being vulnerable for the openssh exploit even before I read about it on Slashdot. This way the University system is less prone to hacker attacks. My Windows 2000 box have never been patched and probably as secure as a sieve have never drawn attention from the IT department. I presume this is because a similar scanning procedure is significantly more difficult to launch. This way I suppose the Unix machines should de facto be much more secure than the Windows machines at the University.

  3. Microsoft is being lambasted for... by rusty0101 · · Score: 0, Redundant

    ...the wrong reasons.

    The security of SQL Server should never have become an issue. Not because of the fact that MS had a patch for it, or not. Nor even the fact that someone who installed a patch may have inadvertantly uninstalled that patch by installing another patch.

    Microsoft should be lambasted for not encouraging users of SQL Server to keep those boxes behind a firewall.

    There is only one marginally excusable reason to have an SQL server visiable on the net. That would be if the web server at a web host needed to communciate with the Company's SQL server at the company. Even that should be done over a secure link.

    In all other cases, an SQL server should be behind some sort of firewall, and not directly visable to the Internet.

    The fact that there were enough copies of SQL server visable on the Internet to allow SQL-Slammer to cause enough bandwidth to be used to be a problem for other network users is not an indication of a security problem with SQL Server. It is an indictment of the awarenes of security issues being provided to users and administrators.

    I realize that with all the possible security issues that exist, some people will get glazed eyes and so on. Sorry, it happens that security will be a cost that has to be addressed.

    Of course that is just my feeling, and I could be wrong.

    -Rusty

    --
    You never know...
  4. Get a Mac by sapporoitchy · · Score: 0, Redundant

    Schneider (CTO of the mentioned security corp.) makes the solution crystal clear at the end of the article.