Is Patching Really A Waste? - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: Is Patching Really A Waste?

  1. #11
    Banned
    Join Date
    May 2003
    Posts
    1,004
    you're lucky to update once a year.
    Hell, I am still on Win2k SP2, which is the same as at my work. We ony patch for functionality, not security. Any security patch should only fix security issues that are easily foreseen and should have been subsequently isolated. Oddly enough this is true. Microsoft hasn't had any uncontainable/catastrophic security issues in many, many years (can't even rememeber the last one)

    cheers,

    catch

  2. #12
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Gee catch, so you don't patch for security and don't run AVs...

    Let me ask you on how you dealth / are dealing with the jpg/gif/png overflows that have been discovered more or less recently that are exploitable by just opening a picture file?


    Ammo
    Credit travels up, blame travels down -- The Boss

  3. #13
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    All his pron is Ascii
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  4. #14
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Originally posted here by gore
    All his pron is Ascii
    Haha! lol good one!
    Credit travels up, blame travels down -- The Boss

  5. #15
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Although I do have some mighty fine ASCII porn, I do still view regular images as well. My prefered image viewer is Irfan (somthing about the run over cat that does it for me) however... in ascking about my vulnerability to malware you have asked the wrong question.

    I deal with all malware in the same ways. I don't prevent, I merely contain to a non-dangerous level. Exploits will happen, just accept the fact and ensure that when they happen no rights are gained.

    cheers,

    catch

  6. #16
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,121
    Protecting your own machine may be easy to do in a non patched environment, but what about all my end users that have no clue what they are doing.

    xmad

  7. #17
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Great perspective Gore, thank you.

    xmadness has a good point tho, users will be users. "This would be a great job, except for all these damned users."

    I think your ideas have their place, but this mindset simply will not work across the board for all companies, agencies, and organizations. What about not-for-profits that can't afford one box for FTP, one for Apache, one for Qmail, etc? They have to combine these services onto one system.

    I'm not refuting your position, I just think it's a bit idealistic. It has it's place, but (at least in a corporate for-profit situation) security is not always the most valued end-goal. Mitigated risk, accepted risk, and ROI are critical factors that have to be considered. As a security guy, I will always demand security first. I won't get my way (most of the time), but I will be heard.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  8. #18
    Member
    Join Date
    Jan 2005
    Posts
    73
    The suggestion that using software that "doesn't suck" is an wise one. However, even the most robust applications occasionally have exploits. For example: Apache on Linux, while tending to be more secure than IIS on Windows, does occasionally have exploits developed. I doubt that Sun Tzu would advise in favour of never checking the walls and gates of your fortress
    \"The future stretches out before us, uncharted. Find the open road and look back with a sense of wonder. How pregnant this moment in time. How mysterious the path ahead. Now, step forward.\"
    Phillip Toshio Sudo, Zen Computer
    Have faith, but lock your door.

  9. #19
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by xmaddness
    Protecting your own machine may be easy to do in a non patched environment, but what about all my end users that have no clue what they are doing.

    xmad

    Users can be taught, but not with books. Voltage works best.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  10. #20
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,121
    Heh, half the users here, even after being taught, still have no clue. I guess i will go get that old welding machine and some jumper cables.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •