I heard that the web was slow today.

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Mike Vanecek
Date:  
Subject: I heard that the web was slow today.
Um, well, heh - geez guys, can't a person take a break and do a
bash-Microsoft dance to stretch his legs once and a while? :)

Sure, IT's are responsible for their systems (like MCSE IT's are all
that anyway), but we're talking the difference between a system that's
supposed to be locked down and secure out of the box and easy to
administer with effective process and port controls and one that's so
buggy that it's impossible to lock it down. Ala Firestone - the
tire-treads are *not* supposed to fly off of new tires out of the box,
regardless of the driver. So, while we can happily blame IT for not
patching or maintaining systems correctly, MS and all it's bragging for
it's support and security continues to consistently release outragiously
buggy products. Not normal buggy that "well, it's an oops but it's fixed
promptly," that one would expect to see once and again - but
overwhelmingly infested with bugs to the point that I am amazed that
*anyone* even pretends to use Microsoft, especially in a mission
critical environment or on a public network. IT people are so freaking
overworked trying to keep track of all the crap with Microsoft that it's
no wonder that it takes a fraction of Unix staff to administer the same
amount of Unix systems.

Linux, with it's occasional bugs, also has a very good internet
presense. Yet, server to server, we're not hearing about Linux bugs
bringing down Root Zone servers or knocking out Worldcom, etc... Always,
it seems, it's Microsoft systems - be they improperly
administered/updated or just plain fscked, that can be identified as the
blame. And in many cases, like the Root Password snaffu with MS SQL -
Microsoft claims it's a feature and not a bug. Or it doesn't attribute
importance to it and patches are slow in release.

Anyone claiming to be a vendor for systems that will go on public
networks simply has to ensure that these systems are secure out of the
box and the admin's job is to then open up services as needed and
perhaps apply the few normal patches rather than the flood of critical
patches. Remember - these patches have to be tested on the individual
networks before being released companywide and/or on critical servers -
so what would seem to be a simple patch takes a lot of time
individually, unless the IT is lazy and just trusts Microsoft. Of course
- that "Anyone" doesn't exclude Linux - I do my share of locking down
open processes, but then I've never used their server version. Even so,
I find it very easy to lock down my Linux box, customize my iptables,
etc and I'm using the cheapbytes version. FreeBSD would be an even more
rock-solid case - I'd spend my time opening it up rather than locking it
down. Why then, with the billions and the supposed position in "knowing
what's right for you", doesn't Microsoft "get it"?

I'm no super MS administrator and not even close to a super cracker -
but when I can go to a client's Windows XP system (who forgot their
password), and not only get in, but gain Administrator access and
authority *inside* of five minutes (most waiting for reboot), then
something ain't right - and it wasn't a matter of poor password - with
what I did to get in, password was irrelevant. And these systems are in
offices around the world! Consistently poor software, atrocious
security, bad busness practices, poor certifications qualifications,
hobbled IT's - we're not talking about regular occasional bugs that's
common to all systems here - we're talking about a world-wide
catastrophic disaster.

Cheers,
Mike
Disclaimer for Pinko Lawers - all above IMHO. <mike don's foil hat and
looks under couch cushions for hiding lawyers> :)

der.hans wrote:

>Am 28. Jan, 2003 schwätzte George Toft so:
>
>
>
>>When you drive that car in the sand, and it gets stuck, maybe it's not
>>Ford's fault? Why, oh why, does anyone put a database server with any
>>interface exposed to the Internet? WTF are these people thinking? The
>>spread of the worm is not Microsoft's fault (directly) - it is the fault
>>
>>
>
>It is directly m$'s fault. m$ quietly installs m$sql for several software
>packages. It's part of their m$de that's reportedly installed for certain
>releases of packages like visio, m$ project, and m$ office. So not only does
>it default to a bad setup, but people don't even know it's installed. They
>should know, but that's discouraged in the m$ce world...
>
>
>