NT4 SP2 was a nightmare. Luckily I heard about it in the newsgroups the day I planned on installing it on my ISP boxes (yes I run IIS, locked down, in addition to Apache). That taught me a lesson, and I now wait 48-72 hours after release before installing any Microsoft service pack or hotfix, while I observe Uncle Bill's guinea-pigs.
One of the things I love about *NIX is the stability. FreeBSD 5.1 (I run on my desktop) is more stable than any Microsoft .1 product ever hoped to be, but the FreeBSD crew is still classifying 4.8 the production version (I run on my servers). Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity zar Richard Clarke -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rodrigo Barbosa Sent: Tuesday, September 30, 2003 2:01 AM To: [EMAIL PROTECTED] Subject: Re: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly On Mon, Sep 29, 2003 at 11:51:03PM -0500, Paul Schmehl wrote: > >As some may recall, my original statement was an answer to someone that > >was points that Unix is more secure then Windows (I agree up to this > >point), and gave and example telling that there are still several codered > >vulnerable machine around. This is the point I was commenting about. And > >you do have to agree that is a machine, today, is still vulnerable to > >Codered, it is mostly due to a fault of the administrator. > > > I'm going to pick one small nit with you. There is another possible guilty > party. In some cases, at least in edu and medical centers (that's what I'm > familiar with) the *vendor* is at fault. Some vendors will not certify > their scientific instruments with the latest Service Packs and patches, > leaving the admins no other choice but to find some other way to protect > the machine. (Hell, we sometimes have trouble getting vendors of > *security* devices to support their products with the latest SPs and > patches. (Which is another reason that I dislike putting security-related > software on Windows boxes, but sometimes you simply have no choice.) I stand corrected. I kind of remember something about a friend of mine (Win admin) installing NT SP2 and it breaking MS-SQL server. And yes, you are correct about vendors too. So, simply put, we are doomed :) - When the software gets a bugfix released, you can't install it because of the vendor - When you can install it regardless of the vendor, the net admin forgets to install it - When the net admin remembers to install it, the users mess up - When the user don't mess up, the cleaning lady pulls the plug Talk about trustworthy computing :) []s -- Rodrigo Barbosa <[EMAIL PROTECTED]> "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html