Erm, I am no Microsoft employee so not coming from a defensive point of view, but will say that there is no such thing as a secure OS, and as long as there is a will to find exploits in software, for whatever purpose, then the software will be exploited. Yes it's damn frustrating to spend 72 hours cleaning up someone's nice little bit of malware, but it's not the vendor that creates the OS that creates the malware etc.
If Linux was top of the pile in terms of OS popularity then they would be the main target out there, but Linux is every bit as breakable, as is any other OS. So, if you are pitted against a collective will to find weaknesses in a product that you make for reasons of hacking, hacktivism, fraud, theft, one-upmanship, script kiddies, and the millions of other motivators for people to exploit your product, are you ever going to get it bullet proof? In a word, yes, when you stick it in a concrete bunker 20 feet underground with no internet connection, and no electricity, else, if you are the manufacturer of anything to do with code you are on a losing battle in terms of creating something that can't be broken. The only hope any vendor has is to catch something before it causes too much damage and hope the new replacement code is up to the job. If any of us could do better we would be in a different job with a hole lot more money after all... Clayton Doige IT Project Manager CME Development Corporation T: 020 7430 5355 M: 07949 255062 E:[EMAIL PROTECTED] W:www.cetv-net.com -----Original Message----- From: Phil Thompson [mailto:[EMAIL PROTECTED] Sent: 27 October 2008 11:31 To: NT System Admin Issues Subject: RE: Out of Cycle Critical Windows Patch ? I don't see Microsoft.com in your email. Do you work for them? After 20 years MS should have these holes fixed by now. No excuses!! -----Original Message----- From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Sunday, October 26, 2008 6:31 PM To: NT System Admin Issues Subject: RE: Out of Cycle Critical Windows Patch ? Microsoft does have this... They also have a bunch of internal staff (ACE) that train developers, work on automated tools that analyse code, random code reviews, and creating prescriptive guidance on how to write better code. I know one of the guys (Rocky Heckman) on the ACE team out of CBR. He used to be a security MVP, and he's one of the smartest coders (and a security guy to boot) I know. Cheers Ken > -----Original Message----- > From: Ziots, Edward [mailto:[EMAIL PROTECTED] > Sent: Monday, 27 October 2008 8:11 AM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch ? > > I see ya point, my real point is why don't they have pen-testers on > staff, looking at there systems trying to find the exploits and fix them > before the bad-guys do. I mean hiring some security researchers on staff > and have them pen-test the non-sense out of your software could go a > long way in keeping stuff secure.. > > Z > > Edward E. Ziots > Network Engineer > Lifespan Organization > MCSE,MCSA,MCP,Security+,Network+,CCA > Phone: 401-639-3505 > > -----Original Message----- > From: Martin Blackstone [mailto:[EMAIL PROTECTED] > Sent: Sunday, October 26, 2008 10:28 AM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch ? > > Fax = fix > > -----Original Message----- > From: Martin Blackstone [mailto:[EMAIL PROTECTED] > Sent: Sunday, October 26, 2008 7:18 AM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch ? > > I'm not sure I would agree with that. Developing a fix isn't a 15 minute > job. The chances are they were already hard at work on it. There is a > ton of > compatibility and regression testing that goes into a fax. > They probably got their hand forced because it was out in the wild, but > I > wouldn't go so far as imply they were just sitting around on their asses > until something happened. > > -----Original Message----- > From: Ziots, Edward [mailto:[EMAIL PROTECTED] > Sent: Sunday, October 26, 2008 6:45 AM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch ? > > Yeah someone lit a fire under MSFT arse and they got with the program on > this one, but only after they detected systems getting exploited in the > wild. Why they didn't determine this flaw back when they patched 06-040 > for the same type of issue we probably will never know... > > Z > > Edward E. Ziots > Network Engineer > Lifespan Organization > MCSE,MCSA,MCP,Security+,Network+,CCA > Phone: 401-639-3505 > > -----Original Message----- > From: Kurt Buff [mailto:[EMAIL PROTECTED] > Sent: Friday, October 24, 2008 8:08 PM > To: NT System Admin Issues > Subject: Re: Out of Cycle Critical Windows Patch ? > > Taking this in a slightly different direction... > > I told the IT Director and COO yesterday that I was patching all > servers, and sending an email to all of the laptop users to do the > same. > > They were a bit skeptical, but not only did the emails that I > forwarded them from various lists buttress my opinion, this morning I > got forwarded a voicemail by the IT Director, from a rep at MSFT. Gist > of the message - MSFT is taking this extremely seriously, and you > should patch now. > > Director's comments was "nice job, good of you to jump on this." > > Anyone else get a call like this from MSFT? It's the first time I've > heard of them doing this, and I take it as a really good sign - MSFT > is finally getting the real clue about this stuff. > > Kurt > > On Fri, Oct 24, 2008 at 3:52 AM, Oliver Marshall > <[EMAIL PROTECTED]> wrote: > > Chaps, > > > > The update that was sent out last night, has that caused any issues > > elsewhere? We've had a spate of calls from users about problems today, > > several servers which were set to auto-update for various reasons have > > had varying levels of failure. It's mentally busy here for a Friday, > and > > the one thing they have in common is that all the machine rebooted for > > an update last night. > > > > Is it just us ? > > > > Olly > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. ______________________________________________________________________ ______________________________________________________________________ This electronic mail message and any attached files contain information intended for the exclusive use of the person(s) to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this message or its contents may be subject to legal restriction or sanction. If you have received this message in error, please notify the sender immediately by electronic mail and delete the original message and any attachments without retaining any copies. _____________________________________________________________________ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
