|
Agreed Rick.
Windows is probably no less secure than other OS
(dons flame suit), however as Windows systems are often in the hands of people
who know nothing about / dont care about security, this will be a continuing
problem. Removing the plethora of "overflow" based exploits would allow MS to
concentrate on making the system more secure, not constantly having to go back
time and again and fix (what I coinsider) to be simply lazy coding. MS have made
some strides in "securing by default" of Windows with each subsequent version
(2k3 is getting pretty decent), butunless the underlying problems are addressed,
MS are fighting a losing battle.
My sincere hope is that the whole "Trustworthy
Computing" or whatever the next version of its is called, actually produces
something tangile in the longer term with regards to more secure systems, and
systems less vulnerable to buffer overflow / stack overflow exploits.
AFIAK with the levels of compiler technology around these days, the number of
vulns being found in Windows is nothing short of shameful. Sure, a lot of
this code has been in the system since NT 3.1, however the "rush to market, fix
in next version" attitude is something that needs serious reassessment by
Microsoft. I understand that you will always release products with some
level of bugs (otherwise you wouldnt ever release anything), however a number of
the bugs / vulns being found are simple buffer overflow exploits, not logic
errors in the code.
That being said, GNU/Linux or (insert OS here) all
suffer from the same disease, its just as you said that Windows is currently an
easy target, and getting more attractive as time goes by due to the number of
Windows systems being either directly or indirectly connected to the
net.
</rant off>
damn....'pillage'....need to change my password now
*grin*
G.
----- Original Message -----
Sent: Friday, September 12, 2003 10:45
AM
Subject: RE: [ActiveDir] New RPC
DOS
Glen,
I agree 100%. The point that remains is that this
is software - just like Solaris, Linux, AIX, OS/390, OS X, ad infinitum.
Humans wrote it, humans make mistakes, software therefore has bugs.
Windows is the most targeted software because:
A. It is written to please consumer needs and
feature requirements
B. Security, up to the last couple of years, has
not been a focus
C. There is more of it to attack than anything else
on the planet
I surmise that if overnight Windows disappeared and Linux
(or any other OS) became the dominant player (another OS will eventually
become dominant - it's inevitable, maybe MANY years down the road, but....)
that new OS will be the most hated and attacked OS on the planet as everyone
who is tied to Windows runs to support/exploit/profit from the
newcomer. Come the days of Windows NT 4.0 and Windows 95/98 - no
one cared. Until however, the big shift began in the server market and
the Internet began to become proliferated with more and more Windows systems
ripe for the picking.
Go after the low hanging fruit. Kind of asinine to
try and exploit a highly secure system if there is interesting stuff on this
machine with the Administrator password set to 'pillage'.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active
Directory
Associate Expert
Expert Zone -
www.microsoft.com/windowsxp/expertzone
True rodger, MS could stop using it.
However in of itself RPC isnt the bad guy, and MS would need to replace it
with something else, which based on their track record would still have vuln's
and require a fair bit of patching.
G.
----- Original Message -----
Sent: Friday, September 12, 2003 5:30
AM
Subject: RE: [ActiveDir] New RPC
DOS
You miss my point. The question was what Microsoft could do to fix
all these RPC issues. The answer is to stop using it, which was going to
take time..
--------------------------------------------------------------
Roger D.
Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis
Inc.
But
if you use applications like Outlook with Exchange 5.5 then you can't
communicate.
-----Original
Message-----
From: Roger
Seielstad [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003
9:41 AM
To:
'[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] New RPC
DOS
The
solution is to do away with RPC entirely - but that's a major rewrite of
things. On the other hand, I have plenty of Unix boxes running with RPC
disabled and they run fine.
Let's remember
RPC's major functionality can be replaced, but that's at the expense of
more complex application design.
Roger
--------------------------------------------------------------
Roger D.
Seielstad - MTS MCSE MS-MVP
Sr.
Systems Administrator
Inovis
Inc.
-----Original
Message-----
From: Rick
Kingslan [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003
12:22 AM
To:
[EMAIL PROTECTED]
Subject: RE: [ActiveDir] New RPC
DOS
Todd,
>> Anyone
have a clue as to how Microsoft plans to fix the RPC system to make it
more secure?
Concentrate maybe
one or two more people on looking at error checking on the input into the
arrays/buffers in the RPC code? ;op
I mean, really -
a vuln lays around waiting for someone to find it for years, and in this
short of a time 3 more vuls are found in roughly the same area, just
different vectors? I sure hope that there is a team pouring over the
code that makes up RPC.
Rick
Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active
Directory
Associate Expert
Expert Zone -
www.microsoft.com/windowsxp/expertzone
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd
(NIH/CIT)
Sent:
Wednesday, September 10, 2003 2:15 PM
To:
'[EMAIL PROTECTED]'
Subject: [ActiveDir] New RPC
DOS
Our Microsoft
TAM notified us of this new issue. I waited to give them time
to publish it to the various news sites.
At 9AM PST, PSS
will be announcing a new critical security bulletin
(MS03-039). This bulletin will address an RPC
denial-of-service vulnerability in Windows products.
Please take the time today to go to the www.microsoft.com/security site to
obtain the patch and directions for implementation. Just
trying to help you stay one step ahead!
I think it is
very important to get this update on all your DC's even if they are behind
a firewall ASAP. We managed to mitigate blaster but these RPC DOS
are starting to get really nasty.
Anyone have a
clue as to how Microsoft plans to fix the RPC system to make it more
secure?
Thanks,
Todd
Myrick
|
