It's got to stop somehow.....someday

[theMonster]

Was just in my monthly IT meeting and was discussing the abundance of issues CAUSED by Microsoft's patches. Speaking of patches, there has been 15 since Jan 1, 2005. It's been a nuisance trying to keep our 2000 and 2003 environment stable. It's time for the script kiddies to start getting the major smack layed down upon them by the authorities, time for M$ to get their heads out of their asses and get it done right or time for another major OS to get developed. I'm not talking about Linux because that's for hobbyists and pepole who want to tinker around, we need something that'll run solid, that we do NOT need to tinker with and not need a patch every 3 days I think Apple has the right idea building a REAL OS on top of Unix. Anybody think it'd do any good to enter a plea and petition to SUN or Apple for a software savior?

 

[Malpine Walis]

Personally, I don't think that Windows is ever going to be done with the patches. If Microsoft decided to stop developing new stuff today and concentrate exclusively on getting what they have secure, they would have how many millions of lines of code to work on? Then as you observed, a patch can cause an issue somewhere else that nobody could have anticipated.

I don't really know what to do with the script kiddies. If you think about it for a second, they are a mixed blessing as they keep the rest of us on our toes. Ten years ago, it would have been fairly easy for someone to wage a "cyber-war" by unleashing targeted virus and worms. Today, the best that can be managed is a bunch of 13 year old sniggering at each other over the internet as they make minor code changes to elude each new AV update.

However, I would give Linux a better look if I were you. Not for your whole company or at least not all at once. But if you put a small number of critical boxes such as your servers up with some version of linux, you will get the benefit of stability (at least as far as win/2K is stable) combined with the security of the unix environment. That and the fact that script kiddies don't bother spending much time trying to attack that stuff.

 

[Renigade]

Get an Apple server. 10.3 Server is a pretty good server OS. Not quite ready for the "Big Time," but it can replace many of your DNS, file, web, mail, print, etc servers. Still have yet to see any kind of real threat abused on OS X.

 

[cornbread]

I'm not a big MS fanboy, but at least they try to patch their OS. The only reason we here so much about them is because they dominate the market, it's so mainstream to use Windows. Also a lot of problems are created by people NOT patching their OS or anti-virus...I forget which virus it was, but a few years ago we had that major virus spreading (code red, just dawned on me) the internet and most of it was caused because people failed to patch their systems, that's what pisses me off.

 

[theMonster]

Keep in mind that switching an OS willy nilly is not an option for most corporations, there are other software dependencies such as Citrix, MS Office, ODBC connections, SQL Server etc.....I'm talking about something that isn't an entirely new platform but something that'll run the same software that we're codependent upon with the Windows OS. That's why OSX and Unix won't work for most companies. I mean AMD and Intel are competitors and their CPUs run the same software, so why not another OS that'll run the same apps as Windows OSes do?

 

[cornbread]

I mean AMD and Intel are competitors and their CPUs run the same software, so why not another OS that'll run the same apps as Windows OSes do?

I have always wondered that to.

 

[XWRed1]

I'm not talking about Linux because that's for hobbyists and pepole who want to tinker around, we need something that'll run solid

Nobody uses Linux for anything important?

People run Linux to do important things every day on machines several orders of magnitude larger than anything you can even run Windows on.

so why not another OS that'll run the same apps as Windows OSes do?

Nothing will be a better Windows than Windows. Thats what you are asking for. That's why you are running Windows apps. If your corp had more strategy, they might not have put themselves in a position to be locked in by a single vendor.

 

[threeme2189]

this sux...apple have got to spread fast and get at least 25% or so of the market...
maybe if they were windows-apps compatible and used standard pc hardware i would go for em
but im just too mainstream

 

[Breadfan]

This is taken from the weekly Sans @RISK e-letter:

Widely Deployed Software
(1) CRITICAL: Windows License Logging Service Buffer Overflow
(2) HIGH: Cumulative Update for Microsoft Internet Explorer
(3) HIGH: Microsoft DHTML Edit ActiveX Remote Code Execution
(4) HIGH: Microsoft Office XP Buffer Overflow
(5) HIGH: Microsoft PNG File Processing Vulnerabilities
(6) HIGH: Microsoft Server Message Block(SMB) Vulnerability
(7) HIGH: Microsoft OLE Remote Code Execution
(8) HIGH: Symantec Multiple Products UPX Processing Overflow
(9) HIGH: F-Secure Multiple Products ARJ Processing Overflow
(10) MODERATE: Windows Hyperlink Object Library Buffer Overflow
(11) MODERATE: Microsoft ASP.NET Authentication Bypass

Other Software
(12) CRITICAL: CA BrightStor ARCserve BackUp Discovery Buffer Overflow
(13) MODERATE: Qualcomm Eudora Remote Code Execution

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Windows
05.6.1 - Microsoft Windows Shell Remote Code Execution
05.6.2 - Microsoft Windows SharePoint Services Multiple Vulnerabilities
05.6.3 - Microsoft Windows Hyperlink Object Library Buffer Overflow
05.6.4 - Microsoft Windows OLE and COM Remote Buffer Overflow
05.6.5 - Microsoft Windows PNG Image Parsing Vulnerabilites
05.6.6 - Microsoft Windows Named Pipe Remote Information Disclosure
05.6.7 - Microsoft Windows License Logging Service Buffer Overflow
05.6.8 - Microsoft Windows Server Message Block Remote Code Execution
-- Microsoft Office
05.6.9 - Microsoft Office XP HTML Link Processing Remote Buffer Overflow
-- Other Microsoft Products
05.6.10 - Microsoft ASP.NET Path Validation Vulnerability
05.6.11 - Microsoft DHTML Editing Component ActiveX Control Cross Domain Vulnerability
05.6.12 - Microsoft Internet Explorer URI Decoding Vulnerability
05.6.13 - Microsoft Internet Explorer DHTML Method Buffer Overflow
05.6.14 - Microsoft Internet Explorer AddChannel Cross-Zone Scripting
-- Third Party Windows Apps
05.6.15 - ArGoSoft Mail Server Multiple Directory Traversal Vulnerabilities
05.6.16 - Software602 602 Lan Suite Arbitrary File Upload Vulnerability
05.6.17 - RealArcade Multiple Remote Vulnerabilities
05.6.18 - ArGoSoft FTP Server Shortcut File Extension Filter Bypass
05.6.19 - 3Com 3CServer Multiple Remote Buffer Overflow Vulnerabilities
05.6.20 - Foxmail MAIL-FROM Remote Buffer Overflow
05.6.21 - RaidenHTTPD Remote File Disclosure Vulnerability
05.6.22 - LANChat Pro Revival UDP Processing Remote Denial of Service
05.6.23 - Painkiller Gamespy CD-Key Hash Remote Buffer Overflow
05.6.24 - Ventia DeskNow Mail and Collaboration Server Multiple Vulnerabilities
05.6.25 - ZipGenius Multiple Directory Traversal Vulnerabilities
05.6.26 - WinRAR Directory Traversal
05.6.27 - Techland XPand Rally Remote Denial of Service
05.6.28 - SmarterTools SmarterMail Cross-Site Scripting

The first batch is highly critical stuff, most of it's MS, the second two are all MS related...the second batch is all bugs in the MS software, third one is third party apps which you can't *really* blame MS for but somehow I'm betting they're part of the problem.

BTW, here's the listing for Linux and ALL of UNIX (You'll see mainly 3rd party stuff...)

-- Linux
05.6.29 - SuSE Linux Open-Xchange Unspecified Path Traversal
-- Unix
05.6.30 - Frox Access Control List Bypass Vulnerability
05.6.31 - Postfix IPv6 Unauthorized Mail Relay Vulnerability
05.6.32 - ht://Dig Unspecified Cross-Site Scripting
05.6.33 - Newsgrab Multiple Local and Remote Vulnerabilities
05.6.34 - Squid Proxy squid_ldap_auth Authentication Bypass
05.6.35 - Squid Proxy Malformed HTTP Header Parsing Cache Poisoning Vulnerability
05.6.36 - Newspost Remote Buffer Overflow Vulnerability
05.6.37 - Newsfetch Remote Buffer Overflow

 

[Malpine Walis]

I'm talking about something that isn't an entirely new platform but something that'll run the same software that we're codependent upon with the Windows OS.

<snip>

so why not another OS that'll run the same apps as Windows OSes do?

Well, would I be wrong in my guess that you want everything that windows is but without the stuff that you would rather not have? Well, that is just not going to happen any time in the foreseeable future. If you want to find something that does what you want, you are going to have to accept that you simply cannot have a perfect and costless conversion.

Please note that I am not a linux fanboy trying to sell you on something. Rather, I would like to help you to explore some options that exist in todays world. Perhaps something will come up that you may find worth trying. If I can't help you then oh well, no matter.

Keep in mind that switching an OS willy nilly is not an option for most corporations, there are other software dependencies such as Citrix, MS Office, ODBC connections, SQL Server etc.....

If you look at my earlier post, you might note that I did not recommend that you make a “willy nilly” change over. Rather, I would see you change a couple of boxes that are not critical to your operation. When you have done that much, you will have a resource that you can work with to see how it is likely to impact your job.

Actually, I am new to linux myself but from what I see, it may fit your needs down the road. Perhaps a couple of years from now, after you have become more comfortable with the OS yourself.

Actually, I did this for my company a few years ago. Not windows to linux but DOS to win/98. I remember that experience and I find myself wondering if part of your situation is dealing with the administration types. I recall that when I bought our first win/95 box, one of the admins tried to order me to reformat the hard drive on the grounds that “we are supporting too many operating systems”. Trust me, I can tell you many stories about that guy.

Actually let me tell you one right now. He once made me light a barbecue one briquette at a time with a torch on the grounds that “we had already shopped and it would be inappropriate to shop a second time to buy lighter fluid” I kid you not.

However, if you would consider putting a box or two onto linux, I think that you might be surprised at what you find. ODBC and SQL are already there. Office compatibility? Can you say “Star Office”?

Citrix I cannot comment on but what I do know is that you have access to our forum for alternative operating systems. Try running a search over there and see what you come up with. You may be surprised.

 

[twEEkerAreUs]

Nobody uses Linux for anything important?

People run Linux to do important things every day on machines several orders of magnitude larger than anything you can even run Windows on.

Nothing will be a better Windows than Windows. Thats what you are asking for. That's why you are running Windows apps. If your corp had more strategy, they might not have put themselves in a position to be locked in by a single vendor.

Well said, by locking themselfs in "Most corps do" they basically screwed themselfs. Not much else to say on that matter, being an employee anywhere you are just that........Employed & have only so much authority.

Maybe he should change all the servers to Linux & see what they say

 

[tenchi86]

Thoughs patches are also a good sign for ms. It shows they are keeping up with their os trying to keep it stable. Linux at its current point as you said would never work, due to its lack of non compatibilty with basic hardware. Apple may work though I think if they were main stream their os would probalky have a crap load of flaws to. Any way people dont sue apple because it is not compatible in most cases with windows and everyone uses windows so no one will switch. Bussiness I think would be a good place for the change to happen.