Discussion in 'OT Technology' started by CompiledMonkey, Dec 24, 2002.
saw that on /.
good about time! but then i run 2000 and got the sdk installed cause i program in java
True. It's about time.. Thanks goodness for this or Sun was going to have a hard time competing.
now if we can just get a circuit court to rule that MS needs to secure its OS properly out of the box.
no need for features that enable grammy to surf the web. we need features that keep the IT depts of major corps from having all of their machines spit out code red mumbo jumbo at every subnet on the net.
fucking ms. time to change. first on the chopping block is IE. then windows, then gates himself.
I don't think this ruling does anything directly for competition. Sun pretty much has the server side with J2EE, but I don't think they will ever make a mark on the client side. The only positive thing I see from this ruling is that Sun and others will feel like they can do something about the monopoly Microsoft has (in the courts that is). Even when Windows carries the newest JVM, that doesn't change the fact that mainstream client use of Java doesn't exist. It's more of a moral victory and one that encourages follow up court battles. But at the end of the day nothing really changes except the perception of Microsoft vs Sun.
I agree. That's why you see most compaines using a form of Linux/Unix instead of Windows servers. For the desktop, those issues probably will never change.
desktop os's are just as sucecptable to the code red genre of worms. All that is needed is IIS with index server running. That said, you have index server and IIS in your install package on all NT desktop based os's (though I believe index server and IIS 4 were on the NT 4 option pack and required SP 5 or 6. )
All you need is some idiot (err developer) to enable both without patching and you have a new infestation of nimda on the web...
Right, but above you were talking about "IT depts of major corps", not home desktops. Two very different situations. Typical home users are not expected to know how to turn off IIS, much less configure it correctly. System Admins should be able to handle boxes that are open to the Internet and know what is best for their needs. Which is why you find Apache on the Net much more often than IIS.
And I think you said it best here, "All you need is some idiot (err developer) to enable both without patching and you have a new infestation of nimda on the web...". That shows the problems are not always the fault of Microsoft.
I agree that we should get better security features from Microsoft instead of better Applet support that was won in a court, but the security issues we see from compromised IIS servers isn't always their fault.
you are going on the assumption that all it depts run strict policies that enforce user level rights denial for the workstations in their emnploy. I would have to disagree with that...
In a corporate environment, the boxes that have direct access to the Internet only have a few accounts. All of which are used by system admins for their needs. As developers, we never get to login to production boxes.
The reason that worms which affected systems containing IIS and index service were so successful was because noone thought to block inbound port 80 traffic.
IE who the hell was going to run a web server that needed blocking.
Only experienced firewall admins got away cleanly after that fiasco... Oh and the MS Q & A dept, since they dont have any
I guess I just fail to see how the problem is IIS when the attacks are coming from a general attack of port 80. Did these worms go after IIS specifically? If not, why didn't Apache servers carry the same problem?
My main point is that a properly configured and engineered network infrastructure can block most problems. It shouldn't matter if it's IIS or Apache. I wouldn't be surprised if a lot of these issues that come along with boxes being compromised are of misconfiguration on the admins part.
But back to the topic now...
Thanks for the PM, quite informative.