Slashdot Mirror

← Back to Stories (view on slashdot.org)

Looking Back At Windows Security In 2003

Posted by simoniker on from the pane-shattering-trackback dept.

thebatlab writes "Help Net Security has an interesting look at security in Windows during 2003, with various blurbs from related parties at Microsoft as well as security 'bigwigs' such as Russ Cooper. It's interesting to read the comments from external parties, as they tend to be very reasoned comments and don't simply attack away over recent 'indiscretions' and 'security lapses' Microsoft has had over the year."

12 of 327 comments (clear)

  1. Does anyone know... by biendamon · · Score: 5, Interesting

    ...where to get a definitive list of security holes in Windows (not Office or other add-ons) for the month of December?

  2. Slashdottism by SharpFang · · Score: 5, Funny

    Of course the same holds true for businesses, but there the problem was more of a problem with the "Default Installation". We have long known that default installations are inherently insecure.

    Windows "out of the box" is as wide open as the goatse.cx guy.

    --
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
    1. Re:Slashdottism by JoeBaldwin · · Score: 5, Funny

      No shit, I installed XP and I already had Blaster. I hadn't installed anything, downloaded email, downloaded anything, but it was there.

      This, if you don't know, is called Microsoft Security :)

      --
      I'm amazing. You aren't. SUCK IT
    2. Re:Slashdottism by zulux · · Score: 5, Informative

      You did enable the built-in firewall before connecting your machine to the internet, didn't you?

      All Windows XP computers are vulerable to Blaster during bootup.

      Even if you have the Windows firewall turned on.

      Windows XP doesen't ahve a firewall in place while the computer is booting - only after a full boot is the firewall policy pushed down to the network interfaces.

      SP2 will include a "block everything" firewall policy during bootup, and you can have a firewall policy over all network connections - including new connections that you may install.

      but for now - Put your XP behind a real network operating system like OpenBSD.

      --

      Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.

  3. Biggest problem with windows security by key+nell · · Score: 5, Funny

    There's a new worm out there that exploits a security hole still in Windows 2k/XP from when it was released.

    It has the capability to shut down applications, goes right through anti-virus software (even the latest patches!!!), and gives total control of the victim computer to the creator of the worm.

    An attempt by the powers that be to shut down it's source of updates was thwarted by various government agencies and the worm itself.

    Unfortunately there is no patch to get rid of the W32.MS.AutoUpdateRequired worm.

  4. Short look back on MS Security... by TheDarkener · · Score: 5, Funny

    It sucked!

    <bows>

    --
    It is pitch black. You are likely to be eaten by a grue.
  5. Re:Its crap but just as crap as anyone else by Anonymous Coward · · Score: 5, Funny

    computer based firewalls?

    As opposed to what exactly?

    Firebased computer walls? (In soviet russia?)

  6. Re:Hey, Sherlock.... by AntiOrganic · · Score: 5, Informative

    Or how about just applying the patch that's been freely available for six months?

    *glares at manager*

  7. Re:Slashdot by Shut+the+fuck+up! · · Score: 5, Funny

    Slashdot: The antidote to well reasoned comments.

    Hello, new sig.

  8. Re:Its crap but just as crap as anyone else by 93+Escort+Wagon · · Score: 5, Interesting

    "Microsoft have had their share of vunerabilities over the last year but not significantly more than linux has..."

    Hello? What alternate universe are you living in? We spent a good chunk of our summer and fall chasing MS-BLAST infected computers. We had to detach computers from the network before upgrading them to XP, because if we didn't they'd get hit before we could patch them.

    Perhaps you are playing semantic games - perhaps in absolute numbers there haven't been "that many" Windows exploits. But in terms of wasted IT time; in terms of network downtime; in terms of severity of attack there is just NO comparison. Our Linux, Solaris, and OS X boxes have required almost none of our time.

    --
    #DeleteChrome
  9. Re:Myth: Linux is more secure than Windows NT. by Anonymous Coward · · Score: 5, Informative
    Reality: Windows actually has serious design issues. Neither is perfect. The quality of your admins has way more to do with ultimate security.

    On your specific points:

    • Agreed that NT has access controls on every object. However they are not visible and not used very much by end users and administrators. The UNIX ones are simple and very easy to understand. Here you have the choice between complicated (you do know the difference between discretionary and inherited rights filters?) and pervasive (every object) versus simple and pretty much only on files (which almost every OS object is anyway).

      Many (if not most) Windows programs get it wrong. Heck even Microsoft has been released games that can only be played if logged in as administrator.

      Linux does let you do delegation, but that is mostly left as a user space implementation issue. That is the purpose of setuid/setgid, group memberships, sudo etc.

    • The Windows acceditation is a crock. It is in a non-networked environment with no floppy disk or CD drive. Show me anyone who deploys that way. Here are some relevant articles: Win2K evaluation IBM/Suse evaluation. I have one specific question: if the Windows architecture is so fantastic, why did the NSA choose Linux to acheive their goals? Why did Microsoft claim that fundamental design flaws in Windows were the reason they couldn't release the Windows code? (And we won't even go into the ability of any process in a desktop session being able to send messages to any other process which is probably the flaw Microsoft alludes to).
    • And you deploy Microsoft patches immediately without worrying that they will break the other products you run and use? You can get Linux advisories from whatever distro you use. There are also services like CVE. At least with Linux you can choose to fix things yourself. With Microsoft, you are stuck with whatever amount of time and problem severity they determine. If they don't want to fix something for 6 months, there is nothing you can do about it.
    • SCE is nice, but is only needed because the whole OS has so many places where ACLs are applied. And it doesn't do things like registry access control (you have to use regedit) or the filesystem. So you do have to use a number of tools, and understand everything. In Linux you have to understand chmod. In either case, a clueless admin will do way more harm than the OS you picked to run.
  10. The Last Line of the Article Says... by cacepi · · Score: 5, Insightful

    I just hope that in the next few weeks we won't see a disaster like the Slammer worm.

    That, in a nutshell, destroys the entire article. The end user shouldn't be forced to "hope" that bad things won't happen to their computers. Any vendor that instills so much lack of confidence in their products doesn't deserve the benefit of the doubt.