And now, from the no-duh department...
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: And now, from the no-duh department...

  1. #1
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177

    And now, from the no-duh department...

    Source
    Windows NT4 Holdouts Open to Security Hole

    Hundreds of thousands of web sites that continue to run the Windows NT4 face a security dilemma, with no public patch available for a vulnerability in a key Windows networking protocol. The critical flaw in the Server Message Block (SMB) protocol could allow remote attackers to seize control of servers.

    Microsoft addressed the SMB issue in its February security update. But the monthly Windows patches no longer include fixes for Windows NT4, which is beyond its end-of-life and remains vulnerable to SMB exploits, according to an advisory from eEye Security.

    Microsoft retired NT Server 4.0 on Dec. 31, and now only offers custom paid support for the eight-year old OS. But about 1.1 percent of web-facing hostnames continue to run on Windows NT4, according to this month's Web Server Survey. Thousands of those hostnames are on SSL-enabled web sites which may be conducting e-commerce.

    The SMB protocol allows Windows computers to share files and printers on a network. A flaw in the way SMB handles incoming data provides an opening for hackers. "An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft says in its advisory. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

    "If your organization is unlucky enough to still have Windows NT 4.0 systems ... then you do not have a whole lot of options," wrote eEye's Marc Maiffret, who noted that enabling SMB signing could offer additional protection for some NT4 servers, but might also interfere with existing applications.

    Microsoft has been urging Windows server customers to update to Windows Server 2003, citing security as a motivation to migrate fropm NT4. "Windows NT Server 4.0 was developed before the era of sophisticated Internet based attacks. It has reached the point of architectural obsolescence," said Peter Houston, Microsoft's senior director of Windows Serviceability. "It would be irresponsible to convey a false sense of security by extending public support for this server product."
    I'm sorry...if you're still running NT4 BY CHOICE you deserve whatever you get. I know, some organizations have restrictions, regulations, or other impositions that force them to continue with NT4. I have sympathy for them, and offer my services readily my rates are decent :wink:
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I have one site that runs NT 4...on workstations cause...it works fine.

    They are not servers..exposed to the internet, or authenticating users or running critical apps.

    they are behind 2 firewalls, have av on them and are very task specific.

    Until they fail...we see no reason in replacing them. They are working just fine.

    As for running publically exposed web sites...or critical apps\databases...I would always choose a supported OS and applications ...where you can get patches, updates regularly...and advanced tech support when needed.

    MHO

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Roger that, and you are correct. Sorry, I should have clarified. "If you are running NT4 in a public or exposed role..."
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    no worries..

    Some sites dont have the resources to update hardware\software every year..and depending on the task...do not require a P4, 512MB, ram 256mb nvidia card 120gig harddrive, XP pro...to run a legacy database, process email, print documents...and play solitaire

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #5
    Senior Member
    Join Date
    Mar 2005
    Posts
    400

    Exclamation

    Not exactly on subject but....

    I don't mind working on NT 4.0 as long as it's SP4, but those dinosaur Pentium II/s they are installed on are waaay over retirement age. I find myself straining just waiting for mouse clicks to be responded to and screens to draw. If it don't end soon, I'm gonna get a hernia.

    I agree with the other posters. NT 4 is still usable in certain situations and if it's a web facing machine it should be replaced or you deserve what you get.

    Lots of companies -need- to replace their hardware/software but won't until their workers scream loud enough for long enough. I see too many of these monthly.
    ZT3000
    Beta tester of "0"s and "1"s"

  6. #6
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Well, that was my point "... other impositions ..." If you ain't got the IT budget, then NT4 it is.

    That happens more than we care to admit, I know; been there, done that, pawned the t-shirt for a can of brew.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  7. #7
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,252
    Originally posted here by ZT3000


    I don't mind working on NT 4.0 as long as it's SP4,
    Humm you mean SP 6 Right?

    I have a NT 4 Domain whos owner refuses to upgrade. Oh well, users will be users

  8. #8
    Senior Member
    Join Date
    Mar 2005
    Posts
    400

    Exclamation

    I think SP5 broke some TCP/IP things, and SP6 was problematic with something or other (can't remember back that far anymore)
    At least SP4 was stable I remember.
    ZT3000
    Beta tester of "0"s and "1"s"

  9. #9
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    SP 6 was problematic...they replaced it with 6a...


    SP5 was to fix the issues with SP 4..although SP 4 allowed you to use newer hardware, eg AGP graphics cards.

    I have a site that still runs 98

    Although I did convince them to replace thier NT 4 WS (used as a server) with a Dell and 2000 OS ....they were having connectivity issues...15 users

    Anway after 2 years of telling them that MS is going to discontinue support, 98 wasnt developed for a business environment, you are going to have to update eventually... new apps wont run on this platform, I cant install one license of office on all your machines...may as well start now blah blahblah....they asked for a quote to update 12 machines to XP...wait til I tell them thier one license of office 95 wont do

    At least they have the last 5 newer machines properly licensed (through me...although the first couple they ordered were XP Home...and couldnt connect to the domain...I had them sent back. Now they ask me before ordering stuff)...finally

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  10. #10
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    I too run protected NT servers. But in the overall security model (perimeterless perhaps?) it's getting difficult to keep ignoring the security threats documented via internal audits. Especially when you can pickup the passwords quite easily and new exploits will shine "red" on internal scans audits and effect internal security posture.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •