I WANT a security hole in Windows!!

Raymond Chen has a pretty good blog called 'the old new thing', this blog is partly based on his style. One of his common issues he, as an ms developer comes across, is 'people who ask for security holes' and its worth reading to get an idea of how misguided some peoples idea of security is.

In a similar vien I had a conversation that went like this:
'User x has changed the local admin password and removed domain adminstrators from local admins, how can I get admin access to the machine?'

When I semi patiently explained that such an ability would be a security hole and thst, generally speaking, you don't allow end users to be so disruptive he exploded 'Well, I'll bet MS has such a tool somewhere'.

Yes, Of course they do and I'll bet its called hack-my-pc-v1.exe

This is, of course, the very same sort of person who complains loudly about security holes when MS release patches.

Tools for detecting Rbot and security holes that Rbot uses

As mentioned previously, There is now a vulnerability out on the net that exploits the latest security hole in MS Windows.

Whilst Microsoft has released a patch (MS05-039) it will only work on Windows 2000 SP4 and above so if your like the majority and running SP3 it's time to get over it and upgrade to SP4 then deploy these patches.

Eeye have released a free network scanning tool that will show what machines are vulnerable to this security hole. Note: It doesn't work on NT4 so other methods will need to be used to be sure that NT4 domain controllers are safe. Note that at this time there is no way of knowing for certain if they have been affected, it may well be that the architecture of NT4 is such that this security hole cannot be exploited.

Computer Security Part 1

Computer security is not about eliminating risk. It's about managing it.

To elimate risk you'd need to swich off your PC, unplug the network cable and lock it in a safe and then hope that no one steals the safe.

Whatever happens there is always an element of risk when you have a computer connected to the internet.

Once you accept that risk the next step is to get to know the enemy and that enemy is quite simply everyone around you.
I'm sure you have received an email from someone that you know with an interesting subject line and then opened the attachment. You know you shouldn't, you know it's probably not going to be any good but yet you HAVE to see what the email contains.
Bang, you have a virus and may not even know it.

This sort of thing can be stopped but it means doing the one thing a lot of people loath. upsetting the users.

Firstly, there is no reason for ANY user aside from delegated accounts to have any sort of elevated admin access. You want to do something on the network? Go logon with the relevant account. Your own account should not have any special permissions.

I've seen many sites where the IT team are all domain admins and go around merrily logging on and forgetting to log off again afterwards.

Secondly, Remove administrator rights from the users. This WILL piss them off. Tough.
This second step ties nicely in with a sound policy that MUST be followed.
Too often I have seen places that have good polices over software installation that are then ignored simply because the company concerned doesn't know just how dangerous unauthorised software can be.

Of course, the question then is:
How can I as a member of the IT dept make sure the management know that they are at risk?

Remind them each and everytime. Unfortunatley, Management aren't very good at heading warnings and it will take a couple of incidents before they might, just, MIGHT pay attention.

It's a long shot but all too often it's the only shot we have.

Computer Security

Ok, It's happended once again. A virus has been unleased that exploits a windows security hole.

I suspect a lot of people will think this is normal for windows and you'd be right, just a few years back we had SQL slammer, my doom and the 'love bug'.
So, if it's so normal for windows and everyone expects it why has it been allowed to happen again?

You'd think corporations and internet-savvy home users will be battening down the hatches, being ultra cautious of opening attachments, making sure AV definitions are up to date. Nope they are not.

Why not?

Because it's too much hard work. Stupid isn't it?

Corporations spend millions on servers, projects and basic security yet each time a hole is exploited they are not ready.

Why not? Well, a lot of it is because the staff are actually not that interested in making security a priorty. Think about this - Anytime you make something more secure you also make it a pain in the arse to administer because of that security.
Security is a balance between usability and protection yet it is something that will also cause the most number of arguments of anything.

Over the next few blogs I'm going to go into the world of computer security and show how a patch works, how to take it apart, test it as well as (hopefully) show a few things that just may make life a bit easier.

Keep reading :-)

Welcome

My first blog posting................

Guess the best way to do this is to start by introducing myself.
I work in IT and Im a geek. Pure and simple!!!!

The 'plan' (or maybe that's better put as the loose set of ideas) for this blog is to pass on hints tips, tricks and comments on the IT industry, Along the way I have no doubt I'll post some useful stuff as well as some real crap and from time to time I'll go off on a tangent............

Enjoy the ride!