RE: New Poll on MSExchange.org
- From: "Stephen Hartley" <support@xxxxxxxxxxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Thu, 21 Aug 2003 06:39:20 +1000
Mike, you also appear to be laying the blame at Microsoft's feet. You
should not do that (but you can) because it was not Microsoft who wrote
the worm! Microsoft did announce the flaw approximately one month
earlier and provided a patch. I, like many others, chose not to install
this patch immediately due to recent flaws in patches that Microsoft
have released (and admitted to). I adopted a wait & see attitude. None
of my "business" sites were affected because I use hardware based
firewall/routers (Linux boxes) and I take the attitude of "lock it down"
until it is required. It costs my clients to have this configuration,
but it saved on having to do system cleanups - so the ROI is proven yet
again!
After Nimda last year (average 30 hour cleanups), my business clients
don't get an option - their systems are locked down or they can find
someone else. Again Microsoft did not write Nimda, but it only affected
Microsoft machines.
What else are you going to find that will work similarly and give you
the same features as Exchange and Outlook combo and yet still allow the
users do "know" their systems? Yes there are now some viable Linux
alternatives, but if you can't (as SysAdmin) maintain your Microsoft
installation, what chance will there be that you can maintain a brand
new operating system / applications suite without it costing $0000's?
Stephen Hartley
NetAbility
Brisbane - Australia
-----Original Message-----
From: Mike Dufoe [mailto:dufoem@xxxxxxxxxxx]
Sent: Thursday, August 21, 2003 4:17 AM
To: [ExchangeList]
Subject: [exchangelist] RE: New Poll on MSExchange.org
http://www.MSExchange.org/
No, they weren't affected.Unix boxes.
RPC in the Win32 world works differently than RPC in the UNIX world. On
the windows side of the house, RPC communicates through port 135 (which
the virus targetted).
In UNIX, RPC is used through a helper service called Portmap, which
runs on TCP port 111. But Portmap only tells the requesting host which
TCP port the actual RPC service is bound to. This is because a majority
of RPC services are bound to a dynamic port on startup.
On top of that, the Win32 exploit wouldn't have worked because UNIX
can't natively run Win32 code (which the virus was using as a payload).
Plus, the method it was exploiting the windows machines wouldn't have
worked if it talked to a UNIX RPC service anyways, because the
particular overflow wouldn't have been present in the program.
Mike
-----Original Message-----
From: Frederic Giroux [mailto:fgiroux@xxxxxxxxxxxxxx]
Sent: Wednesday, August 20, 2003 10:01 AM
To: [ExchangeList]
Subject: [exchangelist] RE: New Poll on MSExchange.org
http://www.MSExchange.org/
Mike Dufoe said...
2000 but after this last outbreak from MS (RPC), my CEO's want me to
find another product as they say they can't have down time like this and
why should we pay thousands of $$$ for this ????
I am sorry to disagree with your CEO. I do have some empathy for lay
people that are affected by Blaster and others of the sort since they do
not have the training (or they simply don't care) to realize the
importance of upgrading and maintaining systems up-to-date. However, I
have much less empathy for SysAdmins that are suppose to know what they
are doing.
The RPC bug is only another problem in a long list of problems that
affect ANY OS. Linux, UNIX and others do have problems and sometimes
those problems remain unfixed for a long time of the SysAdmin do not
upgrade their systems (recall the BIND bug).
I am not a MS fan per say. I respect every OS the way it has to be
respected. After years of development, Windows is finally (with 2000) a
stable platform that deserves to be in the major leagues. What makes
the differences between Windows and other OSes is that Windows is more
"democratic" so lots of "wannabe" SysAdmin try it thinking they can
easily manage it. This is lack of respect and they eventually have to
pay for it.
My point is that if you maintain your system up-to-date, manage the
firewall properly and do administrative tasks (such as checking your
antivirus), you will be able to avoid problems such as the ones caused
by Blaster. Of course, all systems have flaws that an intruder can get
through (if it can be found).
In conclusion, my point is that it is easy to blame Windows and/or
Microsoft. Before doing that, start thinking about what YOU could have
done to prevent problems and, most of the time, you will realize that
you made a mistake along the road.
If you switch product, you will realize that they also have their flaws.
Frederic Giroux
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
dufoem@xxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
exchlist@xxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
