[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Useless tidbit (MS AntiSpyware)
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Useless tidbit (MS AntiSpyware)
- From: "Des Ward" <des_ward@xxxxxxxx>
- Date: Thu, 12 May 2005 07:49:53 GMT
I'd also recommend learning to use RIS and SUS servers, GPO's and slipstreaming
to keep patches up to date. True there are still unpatched vulnerabilities out
there, but actually patching components such as MSIE is at least as important.
I disagree that malicious code spreads purely due to bad admins. Standard
builds deployed by a combination of RIS and GPOs could allow greater control
over the environment, the balance between useability and security is often a
fine one.
Actually putting some thought into builds would be helpful, with basic builds
having everthing unused switched off. Choosing between similar applications
based on their lack of insecure features would help too.
The main problem IMHO is that people don't know what's on their network. It's
kinda hard then to apply any advice you get. There's no excuse for this if you
have a 1918 network, as you can use the basic version of NeWT to scan your
network for vulnerabilities and to find out what you actually have.
Technology isn't a panacea, but slating people for using AV/Spyware products
shows a lack of understanding of business. Or maybe certain people feel you
don't need either if you've configured your network properly? (Airgap instead
of the 'net anyone?) Sure the technology isn't perfect, but if it helps prevent
further botnet activities on those systems controlled by less experienced
people I'm certainly not going to make them feel bad for it.
-----Original Message-----
From: Valdis.Kletnieks@xxxxxx
Date: Thu, 12 May 2005 02:05:23
To:kurt.buff@xxxxxxxxx
Cc:steve@xxxxxxxxxxxxxxx, Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Useless tidbit (MS AntiSpyware)
On Wed, 11 May 2005 11:30:46 PDT, Kurt Buff said:
> > If one [or more] of you on the list could be so kind to indicate a
> > [many] resource[s] that lame hamstung admins would be wise to follow
> > as guidlines to secure Windows systems.. it would be so much more
> > productive. espcially for those lazy a$$ admins who may overlook the
> > single [or multiple] missed step that lets them become owned, hacked,
> > infected, unpatched, bugged, spewing, spamming, bots, rooted .... [I
> > am sure to have skipped a few important ones] ;-P
> >
> > steve
>
> Google is your friend - start with 'NSA security guidelines windows'.
I'll add in the Center for Internet Security benchmarks:
http://www.cisecurity.org
It covers a lot of the same stuff as the NSA guidelines (which were used as
one of the inputs). Benefits: (1) I don't know if the NSA stuff has been updated
for XP, and (2) the CIS stuff includes a scoring tool which will let you know
which things you've not tightened down.
XP SP2, current patches, and either/both of the NSA/CIS kits - I will *not*
guarantee that it's bulletproof secure, but at least the box won't be sitting
there with a 'HAX0R ME N0W' sign on it.
(No, I didn't work on the CIS Windows stuff, but I'll take at least partial
blame for the Solaris/Linux/AIX ones)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Kind regards,
Des Ward
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/