Sat, Apr 9 2005 21:01
So what's YOUR excuse?
Dual monitors means I multitask.... doing a spreadsheet on one screen, got last years TechEd DVD content playing on the other [geek radio you know]. And I'm listening to Steve Riley's presentation on the changes in XP sp2...and he says that the computing industry is in it's infancy really.
Think about it...it's true isn't it? It's really only about 40 years old and the things we've relied on were truly built in an age that we trusted a lot more than we do now...and thus because the world in which computers live in is less trustworthy that the world that the underlying architecture was built for and intended for, means we need to change, to update how we do things.
He goes on to predict that we might even see some more RPC issues crop up [you remember 03-026/03-029 Blaster right?] because the underlying architecture on what RPC was based on assumed we could trust the network. But we can't anymore, can we? He goes on to say that the move to making sure that you can trust a machine with your life [aka trustworthy computing] is about a 10 year process...and they've just begun. RPC Interface Restriction is just one of the first steps. And he finishes it out by saying:
“This [Windows XP sp2] It's a victory for the security guys. It's a step to get your hosts [desktops] become particpants in the security stance of your organization. “
Hmmm... interesting... so if XP sp2 is a win for the security guys....
So what the heck are YOU waiting for?
You heard me.... why haven't 75% of you deployed it yet? Why has only 1/4 of those on Windows XP rolled it out?
You know your desktops are your weak spots, why haven't you empowered them with all the layers you can to protect them?
You know .... someone was asking in the newsgroup about upgrading from SBS 2000 to SBS 2003 and whether they should upgrade and you know.... it truly isn't just about the killer app of Remote Web Workplace to me. It's also about Security. About the better patching experience I've had. [truly I do mean that] Someone on a listserve mentioned that IIS 6.0 was rock solid. That while they have attacked boxes, they've gotten in via poorly written applications and not via the native IIS.
That's why you should upgrade to Windows 2003/SBS 2003 and Windows XP sp2. Because truly both platforms are a win for the Security guys. And soon for us, our own service pack, SBSers SP1. I've literally seen the Data Execute Projection mechanism where a potential buffer overrun is flagged [in my case it was a major update to the Trend virus engine that needed to be 'approved' as a DEP exception], I've seen the impact of the firewall as the system is built. The changes in XP sp2, in Windows 2003 sp1, the beginning of the band wagon for LUA for Longhorn.
Like this feature for example....
Post-Setup Security Updates (PSSU). Servers are vulnerable in the time between being installation and when the latest security updates are applied. To counter this, Windows Server 2003 with Windows Server 2003 Service Pack 1 blocks all inbound connections to the server after installation until Windows Update has run to deliver the latest security updates to the new computer. This feature also guides administrators through Automatic Update at the time of first log on.
Do you realize that never again will a box be nailed with Code Red/Nimda as it's being built? Wow, I mean how cool is that?
So if you aren't on XP sp2, if you aren't getting prepared for SBS 2003 sp [don't install Windows 2003 sp on our boxes], why aren't you?
Filed under: XP2