«

On Sun, 17 Aug 2003 18:27:27 +1200, Robert Mathews <>
wrote:

>On Sun, 17 Aug 2003 17:58:55 +1200, Richard Malcolm-Smith <>
>wrote:
>
>>> This is silly. All the naive Windows XP users are now going to think
>>> that they are protected. What a shock for them when a) they receive a
>>> virus in email b) they can't f'rinstance run ftp or use kazaa or
>>> netmeeting, or MSN Messenger.....
>>
>>Messenger should still work, as it uses upnp calls to get a port opened, so that
>>it works behind ICS, from what someone at microsoft was telling me some time
>>ago, upnp is the only way to get ports past the firewall, he lead me to believe
>>that there was no way to open them manually.
>
>
>
>Please tell my Why these people did not bother to get the XP Updates, as that
>is on by default..?
>

Maybe they're wary of system slowdowns, which seems to happen with a few of
these updates. Let other suckers install them first.

True, but XP ICF should still be configurable + have outbound filtering as
well but only if the user enables the features.


"T.N.O" <> wrote in message
news:3f3ec6f7$...
> "anon" wrote
> > Who would want to use XP ICF anyway? It lacks many features a normal
free
> > software firewall has.
>
> My mom... she doesn't need the advanced features, and just needs a simple
> Firewall, nothing too hard.
>
>

"Lennier" wrote
> What I've heard of Micro$oftXP's built-in firewall is that it only filters
> inward packets and cannot restrict outward packets.
> This would mean that viruses can still send out their payload.

but how would they have got the latest if they had not accepted the remote
connection in the first place?

I suppose it could be emailed in...

In article <>, Robert Mathews <> wrote:
>On Sun, 17 Aug 2003 17:58:55 +1200, Richard Malcolm-Smith <>
>wrote:
*SNIP*
>Please tell my Why these people did not bother to get the XP Updates, as that
>is on by default..?
>
Any user with a semblance of clue (or with friends who have a semblance
of clue) turns off AU ASAP. Nobody with a brain trusts MS patches to
work as stated - Look at NT4 SP6, and that wasn't just a patch. There
have been more recent instances too.
Let the patch be released, give it a week, then install it if you've not
heard nasty things about it. AU is dangerous, particularly on
production systems.

--
Matthew Poole Auckland, New Zealand
"Veni, vidi, velcro...
I came, I saw, I stuck around"

My real e-mail is mattATp00leDOTnet

In article <iU00b.120049$>, "dOTdASH" <> wrote:
>"Matthew Poole" <> wrote in message
>news:bhon5n$8pe$...
*SNIP*
>and Windows Update works fine. By the way, it's my humble opinion that
>opinions like yours ("wait a week blah blah") are one of the reasons that
>security is still an issue with home PC's. Did you go out and tell your
*sigh*
I admin computers for a living. My opinion is based on long experience
reading about the cringe factor that numerous other people have had
installing patches straight out of the gate.

>friends to install the Blaster patch before the worm hit ? Or did you give
>them your learned opinion about how they should wait a while ? If so, are
The patch was released a month before the Blaster worm hit. A whole
MONTH! A week wouldn't have mattered.

>they thanking you for your insight now ? And Windows Update isn't designed
>for "production systems", what you need is SUS.
>
My friends have enough clue to look after themselves, assuming they even
run Windows.
As for SUS, how's it any different than WindowsUpdate when it comes down
to what is being installed? Answer: It's not. If a patch is broken,
it's broken in SUS and in WU.

>Ahhhh, that feels much better
>
Glad to help.

--
Matthew Poole Auckland, New Zealand
"Veni, vidi, velcro...
I came, I saw, I stuck around"

My real e-mail is mattATp00leDOTnet

"Matthew Poole" <> wrote in message
news:bhon5n$8pe$...
> In article <>, Robert Mathews
<> wrote:
> >On Sun, 17 Aug 2003 17:58:55 +1200, Richard Malcolm-Smith
<>
> >wrote:
> *SNIP*
> >Please tell my Why these people did not bother to get the XP Updates, as
that
> >is on by default..?
> >
> Any user with a semblance of clue (or with friends who have a semblance
> of clue) turns off AU ASAP. Nobody with a brain trusts MS patches to
> work as stated - Look at NT4 SP6, and that wasn't just a patch. There
> have been more recent instances too.
> Let the patch be released, give it a week, then install it if you've not
> heard nasty things about it. AU is dangerous, particularly on
> production systems.
>
> --
> Matthew Poole Auckland, New Zealand
> "Veni, vidi, velcro...
> I came, I saw, I stuck around"
>
> My real e-mail is mattATp00leDOTnet

So the fact that I have installed every update as soon as the popup appears
without a single issue EVER is pure fluke ? What about the 3 or 4
non-PC-savvy friends I know of who have had exactly the same experience.
Most of the griping I hear about the auto update thing is from people who
are PC tinkerers. Mechanics' cars etc etc. My PC doesn't get tinkered with
and Windows Update works fine. By the way, it's my humble opinion that
opinions like yours ("wait a week blah blah") are one of the reasons that
security is still an issue with home PC's. Did you go out and tell your
friends to install the Blaster patch before the worm hit ? Or did you give
them your learned opinion about how they should wait a while ? If so, are
they thanking you for your insight now ? And Windows Update isn't designed
for "production systems", what you need is SUS.

Ahhhh, that feels much better

Enkidu <> wrote in message news:<>. ..
> >Messenger should still work, as it uses upnp calls to get a port opened, so that
> >it works behind ICS, from what someone at microsoft was telling me some time
> >ago, upnp is the only way to get ports past the firewall, he lead me to believe
> >that there was no way to open them manually.
> >
> Urgh! I disabled uPnP when the first exploit arrived and haven't
> restarted it since. I haven't checked whether there have been any
> exploits recently.

UPnP discovery control is not installed by default, and besides you
can use UPnP apps without this installed anyway.

> You can get *any* port past the firewall. All you have to do is open
> it. What is a little more trouble is if the internal addresses are
> NATted to an external one.

UPnP is designed to make this automagically work. Imagine talking
your non tech savvy granny user through config ports on her firewall
internet gateway device so you can use application X with her. Also
solves the problem with nat-traversal for apps that imbed non routable
RFC 1918 address like the commonly used 192.168.x.x address ranges in
peoples homes. XP ICS and [some] UPnP routers have application layer
gateways for this stuff built in.


> This is the URL for uPnP.
>
> http://www.upnp.org/
>
> "The UPnP Forum is an industry initiative designed to enable simple
> and robust connectivity among stand-alone devices and PCs from many
> different vendors. As a group, we are leading the way to an
> interconnected lifestyle".
>
> I *think* what they are saying later in the page, is that if you are
> connected to the Internet and uPnP and the discovery service are
> activated, someone could, in theory, easily use your printer, your
> hard disk, your CD....
>
> Cheers,
>
> Cliff
> --
>
> Signed and sealed with Great Seal of the Executive
> Council of the Internet, by The Master of The Net.

(Matthew Poole) wrote in message news:<bhon5n$8pe$>...
> In article <>, Robert Mathews <> wrote:
> >On Sun, 17 Aug 2003 17:58:55 +1200, Richard Malcolm-Smith <>
> >wrote:
> *SNIP*
> >Please tell my Why these people did not bother to get the XP Updates, as that
> >is on by default..?
> >
> Any user with a semblance of clue (or with friends who have a semblance
> of clue) turns off AU ASAP. Nobody with a brain trusts MS patches to
> work as stated - Look at NT4 SP6, and that wasn't just a patch. There
> have been more recent instances too.
> Let the patch be released, give it a week, then install it if you've not
> heard nasty things about it. AU is dangerous, particularly on
> production systems.

Surely its all about risk. I trust MS patches, I've not often come
unstuck. And the once or twice I have had a problem I've been able to
uninstall. Besides most often the interaction is caused by 3rd party
software. Hard call to know who to blame for that.

NT4 SP6 was a long time ago, 5 years ago? Things change, Microsoft's
reliability has got heaps better since then. Service packs go through
the most amount of testing, followed by General Deployable Releases
like security hotfixes, followed by hotfixes.

AU is really targetting home users, not for automatically installing
on Servers in the datacenter. I think AU is a great fit for its
purpose.

In article < >, (Nathan Mercer) wrote:
> (Matthew Poole) wrote in message
> news:<bhon5n$8pe$>...
*SNIP*
>Surely its all about risk. I trust MS patches, I've not often come
>unstuck. And the once or twice I have had a problem I've been able to
>uninstall. Besides most often the interaction is caused by 3rd party
>software. Hard call to know who to blame for that.
>
The problems occur when you strike trouble and need to go back, but the
patch is for something that's absolutely critical. Rock-you-hardplace

>NT4 SP6 was a long time ago, 5 years ago? Things change, Microsoft's
>reliability has got heaps better since then. Service packs go through
>the most amount of testing, followed by General Deployable Releases
>like security hotfixes, followed by hotfixes.
>
Which is great when MS releases a patch a long period of time before a
'sploit is available. As happened with Blaster. But that's the
exception. For all their trumpeting of "Trustworthy Computing", I still
don't trust Redmond to actually release code for a bug that they were
informed about in anything like a proactive manner. There are recent
(last 12 months) reports of bugs being given to Redmond, with
demonstration code, and not heard about again until someone malicious
releases a 'sploit and suddenly Redmond are wailing about the evil
hackers.
I don't think that a fix for the RPC hole would be available today if it
weren't for the fact that MS were shown exploit code and told "This will
be released in a month, whether or not you have a patch." Their
reputation for sitting on bug reports is long established, and it
doesn't seem to be something that's changing in a hurry.

>AU is really targetting home users, not for automatically installing
>on Servers in the datacenter. I think AU is a great fit for its
>purpose.

It's good for taking the complexity away from installing security fixes.
However, because of the number of releases that come out it's daunting
trying to keep track. I came across a managed environment recently that
was one SP and 29 security fixes behind, and that was just for XP.
That's an insane number of security holes for the average user to be
concerned about - Most of them, let's face it, will NOT be going to WU
every other day just to see if their system needs patches.

--
Matthew Poole Auckland, New Zealand
"Veni, vidi, velcro...
I came, I saw, I stuck around"

My real e-mail is mattATp00leDOTnet

In article <QSi0b.120738$>, "dOTdASH" <> wrote:
>"Matthew Poole" <> wrote in message
>news:bhrb43$go4$...
*SNIP*
>> I don't think that a fix for the RPC hole would be available today if it
>> weren't for the fact that MS were shown exploit code and told "This will
>> be released in a month, whether or not you have a patch." Their
>> reputation for sitting on bug reports is long established, and it
>> doesn't seem to be something that's changing in a hurry.
>>
*SNIP*
>Actually I'm 99% sure that the Blaster exploit was released after the patch
I'm 100% sure it was. But the code was shown to MS _BEFORE_ the patch
was released. Read what I said.

>but don't let that get in the way of your conspiracy theories. Do you have
It's not a conspiracy theory, it's a simple fact. MS were shown exploit
code, told about the vulnerability, and told "You have a month." Why do
you think people knew that Blaster was going to hit before it actually
did?

>any hard evidence to back your accusations about MS 'sitting on bug reports'
Not at hand. There's plenty of anecdotal stuff on the 'net. I've read
stuff on BugTraq where people have said "We raised this with MS <x
weeks/months> ago, and nothing's been done in public, so here's the
exploit code to kick their butts into action."
MS have lobbied long and hard for people who practice total disclosure
bug reporting to be criminally liable. How does that fit with your
apaprent belief that MS jump on all bugs immediately and fix them with
utmost priority?

>? I'd be interested to see it posted here. As I noted previously it's
>attitudes and biases like yours that contribute towards making security the
>continuing issue it is today.
>
Excuse me? How does me lambasting MS for their awful security record
contribute to the state of security today? If more people took my
attitude they might have come up with the "Trustworth Computing" concept
several years ago.

What is YOUR security administration background? Aren't you the one who
admitted to being barely computer literate?.

--
Matthew Poole Auckland, New Zealand
"Veni, vidi, velcro...
I came, I saw, I stuck around"

My real e-mail is mattATp00leDOTnet