Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Admins can relax this Tuesday.

  1. #1
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915

    Admins can relax this Tuesday.

    Hey Hey,

    It looks like admins can relax this Tuesday... Microsoft is going easy on us for a change... which is good considering the high numbers released in previous months.

    2 Microsoft Windows Patches - Maximum Severity is Important (Yes... only Important).
    1 Microsoft Office Patch - Maximum Severity is Critical.

    Looks like admins everywhere will be sitting back, sipping martini's Tuesday night.

    Peace,
    HT

  2. #2
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    I really don't mind installing patches. I know it seems odd, but it gives me something to do that isn't really hard or annoying.

    Windows patches canbe a pain because of rebooting but when they don't break something else, it's really not much hassle.

    By the way, my SUSE 9.3 on ReiserFS machine which is running an FTP, SSH, and Email system on my network now has an uptime of 178 days, 3 hours 12 minutes. Only local network IPs can connect to it, it runs fetchmail every 10 or so minutes to grab my large sum of email from two of my ISP email accounts, one of which I just save to the mailbox so I have a copy of every mailing list I belong to, which is lot, but since I use Mutt for my email client, it loads all 50,000 emails at the rate of about 1,000 a second.

    And that's over SSH on a machine with a Pentium 3 733 MHz processor and 384 MB RAM. Not bad heh.

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    872
    whoa wait, there are respectable admins out there who still run Windows?
    ...This Space For Rent.

    -[WebCarnage]

  4. #4
    Junior Member
    Join Date
    Dec 2004
    Posts
    3
    Should we be relaxing as there are a little amont of patches or stressing as there are a only a couple of patches..... maybe they havent found/finished some others? :P

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Admins with idle hands are my favorite kind. That's when I dump a remediation report on their laps and send them off to clean up hosts and lock down services.

    Looks like Friday won't be so easy for my poor little guys and gals. Muhwahahahahahaa.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    Lol.. I just read this and had to post it here..

    Bruce Schneider source
    If you really want to see Microsoft scramble to patch a hole in its software, don't look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond's DRM.

    ..

    Since 2003, Microsoft's strategy to balance these costs and benefits has been to batch patches: instead of issuing them one at a time, it's been issuing them all together on the second Tuesday of each month. This decreases Microsoft's development costs and increases the reliability of its patches.

    The user pays for this strategy by remaining open to known vulnerabilities for up to a month. On the other hand, users benefit from a predictable schedule: Microsoft can test all the patches that are going out at the same time, which means that patches are more reliable and users are able to install them faster with more confidence.

    ..

    Microsoft is in the business of making money, and keeping users secure by patching its software is only incidental to that goal.

    There's no better example of this of this principle in action than Microsoft's behavior around the vulnerability in its digital rights management software PlaysForSure.

    Last week, a hacker developed an application called FairUse4WM that strips the copy protection from Windows Media DRM 10 and 11 files.

    Now, this isn't a "vulnerability" in the normal sense of the word: digital rights management is not a feature that users want. Being able to remove copy protection is a good thing for some users, and completely irrelevant for everyone else. No user is ever going to say: "Oh no. I can now play the music I bought for my computer in my car. I must install a patch so I can't do that anymore."

    But to Microsoft, this vulnerability is a big deal. It affects the company's relationship with major record labels. It affects the company's product offerings. It affects the company's bottom line. Fixing this "vulnerability" is in the company's best interest; never mind the customer.

    So Microsoft wasted no time; it issued a patch three days after learning about the hack. There's no month-long wait for copyright holders who rely on Microsoft's DRM.

    This clearly demonstrates that economics is a much more powerful motivator than security.
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  7. #7
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Originally posted here by the_JinX
    Lol.. I just read this and had to post it here..
    I wonder about Schneier... I often wonder whether he's a respected member of the IT community or another Steve Gibson.... and it's when he posts stuff like this that I think he's another Gibson.

    The monthly patch cycle, IMO, is one of the best things to come out of Microsoft and their security initiatives..

    It was also stated in numerous articles when they announced this change that it was by customer request (example).

    Previously admins had to keep up with Microsoft on a regular basis... DId they release a patch today??? I don't know... Go Check... An endless cycle that left admins overworked and in the end make systems more vulnerable, not less... Due to irregular patch cycles it was easier to enable automatic updates and walk away... but that meant no testing of patches before roll out...

    A regular, repeatable patch cycle is what everyone should have.. A year after Microsoft did it, Oracle made the same move (source)

    coroner:
    Should we be relaxing as there are a little amont of patches or stressing as there are a only a couple of patches..... maybe they havent found/finished some others? :P
    Are you another Microsoft basher?? You won't last long on this site if you are... The number of patches is HUGE in comparison to the stress level... Less changes means less things that can break your system... it's ideal.. the fewer the better.. always.. No sense working about ones that haven't been found yet... they'll come along when they do... If you worry about upcoming patches for things that haven't been found, regardless of what you run.. you'll end up at the funny farm.

    Peace,
    HT

  8. #8
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    I'm a big fan of WSUS (Windows Server Update Services). Not only does it centralize patch management, it really helps if you're looking to test patches before deploying them over the whole network (I sound like a goddamn microsoft commercial, don't I?).
    In any event, WSUS has an options section where you can specify what patches are deployed and to what systems (you can organize computers into groups and specifiy if patches are approved and/or installed based by group). Let's add that it's completely free (nice bonus).
    The only downside of WSUS is that it uses IIS, so by default, it's not supposed to be installed on Domain Controllers.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  9. #9
    Junior Member
    Join Date
    Dec 2004
    Posts
    3
    i was only messing around htregz so im not going to bother making a defense or anything and just carry on.

    Agree with ShagDevil alot, Wsus is great. We have numerous WSUS servers at work, mainly due to the very poor speed of the WAN links.

  10. #10
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    One of these days I am going to start posting the weekly list of linux patches. Hey gore... could have sworn there was a kernal patch out about 4 weeks ago?
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •