Is Zotob A MS Plot . . . .

Archived from groups: microsoft.public.windowsxp.general (More info?)

.. . . . To get their Corporate Customers to upgrade to XPSP2 & later to
upgrade to Shorthorn?

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
74 answers Last reply
More about zotob plot
  1. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
    news:uXqgpcyoFHA.3256@TK2MSFTNGP12.phx.gbl...
    >. . . . To get their Corporate Customers to upgrade to XPSP2 & later to
    >upgrade to Shorthorn?
    >
    > --

    I doubt it. It didn't even work to upgrade one particular corporate
    customer to Windows 2000 SP4 from SP3. They (the customer) just paid the
    $150,000 for the patch on SP3.

    Carl
  2. Archived from groups: microsoft.public.windowsxp.general (More info?)

    kurttrail wrote:
    > . . . . To get their Corporate Customers to upgrade to XPSP2 & later to
    > upgrade to Shorthorn?
    >

    Rediculous idea. If it was then Zotob would'nt only target Win2 OS.

    Steve
  3. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
    news:uXqgpcyoFHA.3256@TK2MSFTNGP12.phx.gbl:

    > . . . . To get their Corporate Customers to upgrade to XPSP2 & later to
    > upgrade to Shorthorn?

    It's a conspiracy. All software vendors delight in writing bad code so that
    you are forced to spend all your free time patching your operating system
    and applications.

    For example look at the holes that CERT considered important for the WEEK of
    August 3-9:

    http://www.us-cert.gov/cas/bulletins/SB05-222.html

    That's only the tip of the iceberg:

    http://www.securityfocus.com/vulnerabilities

    Best to stay away from computers entirely!
  4. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Vagabond Software wrote:
    > "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
    > message news:uXqgpcyoFHA.3256@TK2MSFTNGP12.phx.gbl...
    >> . . . . To get their Corporate Customers to upgrade to XPSP2 & later
    >> to upgrade to Shorthorn?
    >>
    >> --
    >
    > I doubt it. It didn't even work to upgrade one particular corporate
    > customer to Windows 2000 SP4 from SP3. They (the customer) just paid
    > the $150,000 for the patch on SP3.

    LOL! MS will find a way to profit from Zotob, one way or another!

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  5. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
    news:%236jsm1zoFHA.3316@tk2msftngp13.phx.gbl...
    > Vagabond Software wrote:
    >> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
    >> message news:uXqgpcyoFHA.3256@TK2MSFTNGP12.phx.gbl...
    >>> . . . . To get their Corporate Customers to upgrade to XPSP2 & later
    >>> to upgrade to Shorthorn?
    >>>
    >>> --
    >>
    >> I doubt it. It didn't even work to upgrade one particular corporate
    >> customer to Windows 2000 SP4 from SP3. They (the customer) just paid
    >> the $150,000 for the patch on SP3.
    >
    > LOL! MS will find a way to profit from Zotob, one way or another!
    >
    > --

    Well, computers users are kind of like drivers. They'll just keep paying
    whatever companies charge as long as they don't have to change their habits.

    It's hard to find too much fault with the companies that profit by catering
    to the consumer's preferences.

    Carl
  6. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Vagabond Software wrote:

    > Well, computers users are kind of like drivers. They'll just keep
    > paying whatever companies charge as long as they don't have to change
    > their habits.
    > It's hard to find too much fault with the companies that profit by
    > catering to the consumer's preferences.

    Profiteering from its coding blunders seems to be a bit extortionate to
    me. MS should be offering the patch to cover its security whole for
    free.

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  7. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
    news:OIo9KV0oFHA.3912@TK2MSFTNGP10.phx.gbl...
    > Vagabond Software wrote:
    >
    >> Well, computers users are kind of like drivers. They'll just keep
    >> paying whatever companies charge as long as they don't have to change
    >> their habits.
    >> It's hard to find too much fault with the companies that profit by
    >> catering to the consumer's preferences.
    >
    > Profiteering from its coding blunders seems to be a bit extortionate to
    > me. MS should be offering the patch to cover its security whole for free.
    >
    > --

    They did provide a patch for free... a week before there were any known
    instances of the exploits in the user community. I have clients running
    Windows 2000 workstations, and none of them have been affected by this
    problem... and one client with nine Windows 2000 workstations hasn't even
    been patched yet!

    Wow! Amazing! It's a miracle! Maybe the divine hand of God came down and
    touched little old me, or perhaps He is defending my clients' workstations
    with a pillar of fire! Or perhaps network security is configured
    correctly... the same way it would be configured whether my client was using
    Windows or Linux.

    Carl
  8. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Steve N. wrote:
    > kurttrail wrote:
    >> . . . . To get their Corporate Customers to upgrade to XPSP2 & later
    >> to upgrade to Shorthorn?
    >>
    >
    > Rediculous idea. If it was then Zotob would'nt only target Win2 OS.
    >
    > Steve

    According to CNN, which got hit, some older than XP versions were
    affected.

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  9. Archived from groups: microsoft.public.windowsxp.general (More info?)

    kurttrail wrote:

    > Steve N. wrote:
    >
    >>kurttrail wrote:
    >>
    >>>. . . . To get their Corporate Customers to upgrade to XPSP2 & later
    >>>to upgrade to Shorthorn?
    >>>
    >>
    >>Rediculous idea. If it was then Zotob would'nt only target Win2 OS.

    Sorry. That should have read "only target Win2K OS."

    >>
    >>Steve
    >
    >
    > According to CNN, which got hit, some older than XP versions were
    > affected.
    >


    http://www.f-secure.com/v-descs/zotob_a.shtml

    "The exploit uses fixed offsets inside Windows 2000 version of
    umpnpmgr.dll. This means that only Windows 2000 systems (SP0-4) are
    affected."

    http://vil.nai.com/vil/content/v_135433.htm

    "This self-executing worm spreads by exploiting Windows2000 MS05-039
    vulnerable systems in order to instruct those systems to download and
    execute the worm."

    Steve
  10. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Vagabond Software wrote:

    > They did provide a patch for free... a week before there were any
    > known instances of the exploits in the user community. <snip>

    "They (the customer) just paid the $150,000 for the patch on SP3."

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  11. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
    news:uhmb2s0oFHA.2080@TK2MSFTNGP14.phx.gbl...
    > Vagabond Software wrote:
    >
    >> They did provide a patch for free... a week before there were any
    >> known instances of the exploits in the user community. <snip>
    >
    > "They (the customer) just paid the $150,000 for the patch on SP3."
    >
    > --

    Well, I shouldn't have said "the customer"... The end-users' IT service
    provider paid $150,000 to patch their operating system. Why? Because they
    insist on running an unsupported operating system, which is Windows 2000
    SP3. Why? Because they moved their Technicians to an hourly rate to save
    money during slow periods.

    Even though the IT firm would pay nothing to Microsoft to upgrade to Windows
    2000 SP4, a supported operating system, they would have to pay those hourly
    technicians to "touch" a helluva lot of machines. So, this IT firm has made
    the calculated decision that it is cheaper to pay Microsoft for patches to
    an unsupported operating system than it is to pay the Technicians an hourly
    rate.

    I know this doesn't fit well in your world view, but the progressive IT
    firms that actually train their technicians and pay them to manage their
    clients' networks never seem to get hit with these problems. Meanwhile, the
    reactionary IT firms almost ALWAYS get hit by each and every one of these
    problems because they only dispatch technicians to FIX problems AFTER they
    are reported.

    Carl
  12. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Steve N. wrote:
    > kurttrail wrote:
    >
    >> Steve N. wrote:
    >>
    >>> kurttrail wrote:
    >>>
    >>>> . . . . To get their Corporate Customers to upgrade to XPSP2 &
    >>>> later to upgrade to Shorthorn?
    >>>>
    >>>
    >>> Rediculous idea. If it was then Zotob would'nt only target Win2 OS.
    >
    > Sorry. That should have read "only target Win2K OS."
    >
    >>>
    >>> Steve
    >>
    >>
    >> According to CNN, which got hit, some older than XP versions were
    >> affected.
    >>
    >
    >
    > http://www.f-secure.com/v-descs/zotob_a.shtml
    >
    > "The exploit uses fixed offsets inside Windows 2000 version of
    > umpnpmgr.dll. This means that only Windows 2000 systems (SP0-4) are
    > affected."
    >
    > http://vil.nai.com/vil/content/v_135433.htm
    >
    > "This self-executing worm spreads by exploiting Windows2000 MS05-039
    > vulnerable systems in order to instruct those systems to download and
    > execute the worm."

    http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.b.html

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  13. Archived from groups: microsoft.public.windowsxp.general (More info?)

    kurttrail wrote:

    > Steve N. wrote:
    >
    >>kurttrail wrote:
    >>
    >>
    >>>Steve N. wrote:
    >>>
    >>>
    >>>>kurttrail wrote:
    >>>>
    >>>>
    >>>>>. . . . To get their Corporate Customers to upgrade to XPSP2 &
    >>>>>later to upgrade to Shorthorn?
    >>>>>
    >>>>
    >>>>Rediculous idea. If it was then Zotob would'nt only target Win2 OS.
    >>
    >>Sorry. That should have read "only target Win2K OS."
    >>
    >>
    >>>>Steve
    >>>
    >>>
    >>>According to CNN, which got hit, some older than XP versions were
    >>>affected.
    >>>
    >>
    >>
    >>http://www.f-secure.com/v-descs/zotob_a.shtml
    >>
    >>"The exploit uses fixed offsets inside Windows 2000 version of
    >>umpnpmgr.dll. This means that only Windows 2000 systems (SP0-4) are
    >>affected."
    >>
    >>http://vil.nai.com/vil/content/v_135433.htm
    >>
    >>"This self-executing worm spreads by exploiting Windows2000 MS05-039
    >>vulnerable systems in order to instruct those systems to download and
    >>execute the worm."
    >
    >
    > http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.b.html
    >

    Yes, I have read that.

    The Symantec writeup fails to mention that it only directly exploits the
    MS05-039 vulnerability in Windows2000. Other Windows platforms can
    execute and launch the worm but themselves do not get infected or
    exploited by it.

    Steve
  14. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
    news:eRvLRv0oFHA.3552@TK2MSFTNGP10.phx.gbl...
    > Steve N. wrote:
    >> kurttrail wrote:
    >>
    >>> Steve N. wrote:
    >>>
    >>>> kurttrail wrote:
    >>>>
    >>>>> . . . . To get their Corporate Customers to upgrade to XPSP2 &
    >>>>> later to upgrade to Shorthorn?
    >>>>>
    >>>>
    >>>> Rediculous idea. If it was then Zotob would'nt only target Win2 OS.
    >>
    >> Sorry. That should have read "only target Win2K OS."
    >>
    >>>>
    >>>> Steve
    >>>
    >>>
    >>> According to CNN, which got hit, some older than XP versions were
    >>> affected.
    >>>
    >>
    >>
    >> http://www.f-secure.com/v-descs/zotob_a.shtml
    >>
    >> "The exploit uses fixed offsets inside Windows 2000 version of
    >> umpnpmgr.dll. This means that only Windows 2000 systems (SP0-4) are
    >> affected."
    >>
    >> http://vil.nai.com/vil/content/v_135433.htm
    >>
    >> "This self-executing worm spreads by exploiting Windows2000 MS05-039
    >> vulnerable systems in order to instruct those systems to download and
    >> execute the worm."
    >
    > http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.b.html
    >
    > --
    > Peace!
    > Kurt
    > Self-anointed Moderator
    > microscum.pubic.windowsexp.gonorrhea
    > http://microscum.com/mscommunity
    > "Trustworthy Computing" is only another example of an Oxymoron!
    > "Produkt-Aktivierung macht frei"
    >
    kurtrail,

    For once I agree with you! I believe this is no different than the
    government trying to slow down home sales so they raise the interest rate.
    When that didn't work gas goes up 30 cents a gallon and we all have less
    money because of it. Think that will slow home sales?

    Think more people will turn on Automatic Updates now? I do! Just think
    Vista is on the way to save us all from the evil doers of this world :-)

    It is interesting as I said the same thing about the last nasty worm that
    came around and started all of this stuff where MS put on their website
    about the three steps to protecting yourself. Do I believe they gain from
    this, yes!!

    However, good test to see if you are managing your PC correctly....

    George
  15. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Steve N. wrote:
    > kurttrail wrote:
    >
    >> Steve N. wrote:
    >>
    >>> kurttrail wrote:
    >>>
    >>>
    >>>> Steve N. wrote:
    >>>>
    >>>>
    >>>>> kurttrail wrote:
    >>>>>
    >>>>>
    >>>>>> . . . . To get their Corporate Customers to upgrade to XPSP2 &
    >>>>>> later to upgrade to Shorthorn?
    >>>>>>
    >>>>>
    >>>>> Rediculous idea. If it was then Zotob would'nt only target Win2
    >>>>> OS.
    >>>
    >>> Sorry. That should have read "only target Win2K OS."
    >>>
    >>>
    >>>>> Steve
    >>>>
    >>>>
    >>>> According to CNN, which got hit, some older than XP versions were
    >>>> affected.
    >>>>
    >>>
    >>>
    >>> http://www.f-secure.com/v-descs/zotob_a.shtml
    >>>
    >>> "The exploit uses fixed offsets inside Windows 2000 version of
    >>> umpnpmgr.dll. This means that only Windows 2000 systems (SP0-4) are
    >>> affected."
    >>>
    >>> http://vil.nai.com/vil/content/v_135433.htm
    >>>
    >>> "This self-executing worm spreads by exploiting Windows2000 MS05-039
    >>> vulnerable systems in order to instruct those systems to download
    >>> and execute the worm."
    >>
    >>
    >> http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.b.html
    >>
    >
    > Yes, I have read that.
    >
    > The Symantec writeup fails to mention that it only directly exploits
    > the MS05-039 vulnerability in Windows2000. Other Windows platforms can
    > execute and launch the worm but themselves do not get infected or
    > exploited by it.
    >
    > Steve

    Doesn't matter as my point is that MS will use this worm to get corps
    that have been reluctant to upgrade.

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  16. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Vagabond Software wrote:
    > "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
    > message news:uhmb2s0oFHA.2080@TK2MSFTNGP14.phx.gbl...
    >> Vagabond Software wrote:
    >>
    >>> They did provide a patch for free... a week before there were any
    >>> known instances of the exploits in the user community. <snip>
    >>
    >> "They (the customer) just paid the $150,000 for the patch on SP3."
    >>
    >> --
    >
    > Well, I shouldn't have said "the customer"... The end-users' IT
    > service provider paid $150,000 to patch their operating system. Why?
    > Because they insist on running an unsupported operating system, which
    > is Windows 2000 SP3. Why? Because they moved their Technicians to
    > an hourly rate to save money during slow periods.
    >
    > Even though the IT firm would pay nothing to Microsoft to upgrade to
    > Windows 2000 SP4, a supported operating system, they would have to
    > pay those hourly technicians to "touch" a helluva lot of machines. So,
    > this IT firm has made the calculated decision that it is cheaper
    > to pay Microsoft for patches to an unsupported operating system than
    > it is to pay the Technicians an hourly rate.
    >
    > I know this doesn't fit well in your world view, but the progressive
    > IT firms that actually train their technicians and pay them to manage
    > their clients' networks never seem to get hit with these problems.
    > Meanwhile, the reactionary IT firms almost ALWAYS get hit by each and
    > every one of these problems because they only dispatch technicians to
    > FIX problems AFTER they are reported.
    >
    > Carl

    MS should provide any necessary patch for free. It is their coding
    negligence that
    is being exploited.

    If the OS is still functional, then MS has a responsibility to patch the
    security holes in it. It is a matter of Global Network Security. If MS
    doesn't want take responsibility for its holes, then they should get out
    of businesss.

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  17. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
    news:ehYtAX1oFHA.1872@TK2MSFTNGP10.phx.gbl...
    > Vagabond Software wrote:
    >> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
    >> message news:uhmb2s0oFHA.2080@TK2MSFTNGP14.phx.gbl...
    >>> Vagabond Software wrote:
    >>>
    >>>> They did provide a patch for free... a week before there were any
    >>>> known instances of the exploits in the user community. <snip>
    >>>
    >>> "They (the customer) just paid the $150,000 for the patch on SP3."
    >>>
    >>> --
    >>
    >> Well, I shouldn't have said "the customer"... The end-users' IT
    >> service provider paid $150,000 to patch their operating system. Why?
    >> Because they insist on running an unsupported operating system, which
    >> is Windows 2000 SP3. Why? Because they moved their Technicians to
    >> an hourly rate to save money during slow periods.
    >>
    >> Even though the IT firm would pay nothing to Microsoft to upgrade to
    >> Windows 2000 SP4, a supported operating system, they would have to
    >> pay those hourly technicians to "touch" a helluva lot of machines. So,
    >> this IT firm has made the calculated decision that it is cheaper
    >> to pay Microsoft for patches to an unsupported operating system than
    >> it is to pay the Technicians an hourly rate.
    >>
    >> I know this doesn't fit well in your world view, but the progressive
    >> IT firms that actually train their technicians and pay them to manage
    >> their clients' networks never seem to get hit with these problems.
    >> Meanwhile, the reactionary IT firms almost ALWAYS get hit by each and
    >> every one of these problems because they only dispatch technicians to
    >> FIX problems AFTER they are reported.
    >>
    >> Carl
    >
    > MS should provide any necessary patch for free. It is their coding
    > negligence that
    > is being exploited.
    >
    > If the OS is still functional, then MS has a responsibility to patch the
    > security holes in it. It is a matter of Global Network Security. If MS
    > doesn't want take responsibility for its holes, then they should get out
    > of businesss.
    >
    > --

    I don't know how many times I have to repeat myself. Microsoft provided a
    FREE fix via Windows 2000 SP4.

    Your assertion that as long as the "OS is still functional, then MS has a
    responsibility to patch security holes" is, of course, rediculous. Apple
    has to support OS 8? OS 9? Sun has to support SunOS 4.1.3? IBM has to
    support OS/2 Warp? Like I said, rediculous.

    Global Network Security? How dramatic... Ignorance is a matter of GNS. I
    think every IT company that has clients who are infected with these exploits
    should have to publicize their company names and their excuse for allowing
    their clients to be hit by such an ineffectual worm.

    Carl
  18. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Fuzzy Logic wrote:
    > "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
    > news:uXqgpcyoFHA.3256@TK2MSFTNGP12.phx.gbl:
    >
    >> . . . . To get their Corporate Customers to upgrade to XPSP2 & later
    >> to upgrade to Shorthorn?
    >
    > It's a conspiracy. All software vendors delight in writing bad code
    > so that you are forced to spend all your free time patching your
    > operating system and applications.
    >
    > For example look at the holes that CERT considered important for the
    > WEEK of August 3-9:
    >
    > http://www.us-cert.gov/cas/bulletins/SB05-222.html
    >
    > That's only the tip of the iceberg:
    >
    > http://www.securityfocus.com/vulnerabilities
    >
    > Best to stay away from computers entirely!

    LOL! I use to think it was computers that were the devil, but it ain't
    the hardware, it's the software.

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  19. Archived from groups: microsoft.public.windowsxp.general (More info?)

    NoStop wrote:
    > On Wednesday 17 August 2005 08:13 am, Alias had this to say in
    > microsoft.public.windowsxp.general:
    >
    > You have to be a pretty knowledgeable computer user on Linux to make it
    > "not" secure.

    Has "Linux" removed all buffer overflow bugs then? Hmmm... that means
    that there are none that even nobody has found yet! COOL!
  20. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
    news:%236jsm1zoFHA.3316@tk2msftngp13.phx.gbl...
    > Vagabond Software wrote:
    >> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
    >> message news:uXqgpcyoFHA.3256@TK2MSFTNGP12.phx.gbl...
    >>> . . . . To get their Corporate Customers to upgrade to XPSP2 & later
    >>> to upgrade to Shorthorn?
    >>>
    >>> --
    >>
    >> I doubt it. It didn't even work to upgrade one particular corporate
    >> customer to Windows 2000 SP4 from SP3. They (the customer) just paid
    >> the $150,000 for the patch on SP3.
    >
    > LOL! MS will find a way to profit from Zotob, one way or another!
    >
    > --
    > Peace!
    > Kurt

    As will many computer repair firms.

    Alias
  21. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Alias wrote:
    > "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
    > message news:%236jsm1zoFHA.3316@tk2msftngp13.phx.gbl...
    >> Vagabond Software wrote:
    >>> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
    >>> message news:uXqgpcyoFHA.3256@TK2MSFTNGP12.phx.gbl...
    >>>> . . . . To get their Corporate Customers to upgrade to XPSP2 &
    >>>> later to upgrade to Shorthorn?
    >>>>
    >>>> --
    >>>
    >>> I doubt it. It didn't even work to upgrade one particular corporate
    >>> customer to Windows 2000 SP4 from SP3. They (the customer) just
    >>> paid the $150,000 for the patch on SP3.
    >>
    >> LOL! MS will find a way to profit from Zotob, one way or another!
    >>
    >> --
    >> Peace!
    >> Kurt
    >
    > As will many computer repair firms.
    >
    > Alias

    Yeah, but those repair firms bad code didn't create the security hole in
    the first place.

    MS is, in effect, profiting from its own mistakes.

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  22. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "Steve N." <Steve_N@nunya.biz.nes> wrote

    > kurttrail wrote:
    >
    >> Steve N. wrote:
    >>
    >>>kurttrail wrote:
    >>>
    >>>>. . . . To get their Corporate Customers to upgrade to XPSP2 & later
    >>>>to upgrade to Shorthorn?
    >>>>
    >>>
    >>>Rediculous idea. If it was then Zotob would'nt only target Win2 OS.
    >
    > Sorry. That should have read "only target Win2K OS."
    >
    >>>
    >>>Steve
    >>
    >>
    >> According to CNN, which got hit, some older than XP versions were
    >> affected.
    >>
    >
    >
    > http://www.f-secure.com/v-descs/zotob_a.shtml
    >
    > "The exploit uses fixed offsets inside Windows 2000 version of
    > umpnpmgr.dll. This means that only Windows 2000 systems (SP0-4) are
    > affected."
    >
    > http://vil.nai.com/vil/content/v_135433.htm
    >
    > "This self-executing worm spreads by exploiting Windows2000 MS05-039
    > vulnerable systems in order to instruct those systems to download and
    > execute the worm."
    >
    > Steve

    Then why was there a patch for XP? Or was there?

    Alias, scratching his head.
  23. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Alias wrote:

    > "Steve N." <Steve_N@nunya.biz.nes> wrote
    >
    >
    >>kurttrail wrote:
    >>
    >>
    >>>Steve N. wrote:
    >>>
    >>>
    >>>>kurttrail wrote:
    >>>>
    >>>>
    >>>>>. . . . To get their Corporate Customers to upgrade to XPSP2 & later
    >>>>>to upgrade to Shorthorn?
    >>>>>
    >>>>
    >>>>Rediculous idea. If it was then Zotob would'nt only target Win2 OS.
    >>
    >>Sorry. That should have read "only target Win2K OS."
    >>
    >>
    >>>>Steve
    >>>
    >>>
    >>>According to CNN, which got hit, some older than XP versions were
    >>>affected.
    >>>
    >>
    >>
    >>http://www.f-secure.com/v-descs/zotob_a.shtml
    >>
    >>"The exploit uses fixed offsets inside Windows 2000 version of
    >>umpnpmgr.dll. This means that only Windows 2000 systems (SP0-4) are
    >>affected."
    >>
    >>http://vil.nai.com/vil/content/v_135433.htm
    >>
    >>"This self-executing worm spreads by exploiting Windows2000 MS05-039
    >>vulnerable systems in order to instruct those systems to download and
    >>execute the worm."
    >>
    >>Steve
    >
    >
    > Then why was there a patch for XP? Or was there?
    >
    > Alias, scratching his head.
    >
    >

    There is a patch for the same class of vulnerability present in other
    Win OSes, but this particular worm is specifically targetting Win2K. It
    can be launched from other Win OSes but not infect them.

    Steve
  24. Archived from groups: microsoft.public.windowsxp.general (More info?)

    kurttrail wrote:

    > So stop your apologizing for Microsoft. They created the hole through
    > there negligence, and they should be held accountable to fix it for
    > free, or be run out of town like any snake oil salesmen that gets caught
    > selling an inferior product.

    Hear hear!

    Microsoft Corporate Officers should be brought before Congress as
    commiting fraud just as the Tobacco and S&L executives and those of
    Enron, Worldcomm, et. al.

    Can you imagine what would happen if people's SUVs suddenly would not
    start on the 31st day and there was a message stating that they had to
    call this 800 number to "activate" their gas guzzling wreck?

    Or if SUVs kept stalling on the highway every six months and the only
    way to restart it was to haul it into the shop to be "fixed"?

    Greed drives the Commercial software industry.

    I have a client with a Network infected by W32.Licum and right now they
    are "living with the virus" (it's actually a worm but for this purpose
    "virus" sounds better). This is just like the Pharma Industry. They
    don't what to CURE or to PREVENT they want people to PAY for monthy
    PRESCRIPTIONS (read SUBSCRIPTIONS) to keep alive (or WINDOWS running).

    It is criminal. It is neglegance.

    Windows can be fixed rather easily. Like making the WINDOWS and
    WINDOWS\SYSTEM32 folders readonly except by verified Microsoft
    processes. No application needs to put EXEs or DLLs in the system
    folders, they can put them in their PROGRAM FILES folder.

    Microsoft is just plain lazy, They make BILLIONS due to shoody design.
    So what incentive do they have to change?

    What is making things worse are the Mircosoft apologists.
  25. Archived from groups: microsoft.public.windowsxp.general (More info?)

    My floppy drive lights up when I click that first link

    http://www.us-cert.gov/cas/bulletins/SB05-222.html

    Jon


    "Fuzzy Logic" <bob@arc.ab.caREMOVETHIS> wrote in message
    news:Xns96B579C4A906Bbobarcabca@207.46.248.16...
  26. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Jon wrote:
    > My floppy drive lights up when I click that first link
    >
    > http://www.us-cert.gov/cas/bulletins/SB05-222.html

    Another IE flaw. It doesn't happen with Firefox.

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  27. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Looks like it's this part of the source that is responsible
    <link
    href="file:///A|/Donna/CyberNotes_SecurityBuletin_2004/Donna/bulletin.css"
    rel="stylesheet" type="text/css">

    <style type="text/css">


    Odd, because if you paste

    file:///A|/Donna/CyberNotes_SecurityBuletin_2004/Donna/bulletin.css

    into the Firefox address bar, it also attempts to access the floppy, but
    not, as you say, if you access the web page directly.

    Jon


    "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
    news:eOpA0p1oFHA.2904@tk2msftngp13.phx.gbl...
    > Jon wrote:
    >> My floppy drive lights up when I click that first link
    >>
    >> http://www.us-cert.gov/cas/bulletins/SB05-222.html
    >
    > Another IE flaw. It doesn't happen with Firefox.
    >
    > --
    > Peace!
    > Kurt
    >
  28. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Jon wrote:
    > Looks like it's this part of the source that is responsible
    > <link
    > href="file:///A|/Donna/CyberNotes_SecurityBuletin_2004/Donna/bulletin.css"
    > rel="stylesheet" type="text/css">
    >
    > <style type="text/css">
    >
    >
    >
    > Odd, because if you paste
    >
    > file:///A|/Donna/CyberNotes_SecurityBuletin_2004/Donna/bulletin.css
    >
    > into the Firefox address bar, it also attempts to access the floppy,
    > but not, as you say, if you access the web page directly.
    >

    Firefox is smart enough to understand that pulling a html doc off the
    web, it shouldn't be calling up a local drive, but when you locally ask
    it to call up a local drive, then it allows it.

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  29. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Vagabond Software wrote:
    > "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
    > message news:ehYtAX1oFHA.1872@TK2MSFTNGP10.phx.gbl...
    >> Vagabond Software wrote:
    >>> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
    >>> message news:uhmb2s0oFHA.2080@TK2MSFTNGP14.phx.gbl...
    >>>> Vagabond Software wrote:
    >>>>
    >>>>> They did provide a patch for free... a week before there were any
    >>>>> known instances of the exploits in the user community. <snip>
    >>>>
    >>>> "They (the customer) just paid the $150,000 for the patch on SP3."
    >>>>
    >>>> --
    >>>
    >>> Well, I shouldn't have said "the customer"... The end-users' IT
    >>> service provider paid $150,000 to patch their operating system. Why?
    >>> Because they insist on running an unsupported operating
    >>> system, which is Windows 2000 SP3. Why? Because they moved their
    >>> Technicians to an hourly rate to save money during slow periods.
    >>>
    >>> Even though the IT firm would pay nothing to Microsoft to upgrade to
    >>> Windows 2000 SP4, a supported operating system, they would have to
    >>> pay those hourly technicians to "touch" a helluva lot of machines.
    >>> So, this IT firm has made the calculated decision that it is cheaper
    >>> to pay Microsoft for patches to an unsupported operating system than
    >>> it is to pay the Technicians an hourly rate.
    >>>
    >>> I know this doesn't fit well in your world view, but the progressive
    >>> IT firms that actually train their technicians and pay them to
    >>> manage their clients' networks never seem to get hit with these
    >>> problems. Meanwhile, the reactionary IT firms almost ALWAYS get hit
    >>> by each and every one of these problems because they only dispatch
    >>> technicians to FIX problems AFTER they are reported.
    >>>
    >>> Carl
    >>
    >> MS should provide any necessary patch for free. It is their coding
    >> negligence that
    >> is being exploited.
    >>
    >> If the OS is still functional, then MS has a responsibility to patch
    >> the security holes in it. It is a matter of Global Network
    >> Security. If MS doesn't want take responsibility for its holes,
    >> then they should get out of businesss.
    >>
    >> --
    >
    > I don't know how many times I have to repeat myself. Microsoft
    > provided a FREE fix via Windows 2000 SP4.

    No. A corporation has to spend money and time to implement a SP over
    its network.

    So MS is basically making them pay to upgrade to a service pack or pay
    for a patch.

    I don't know how many times I have to repeat myself. Microsoft should
    provide a free patch to any working vulnerable OS, that is only
    vulnerable due to MS coding negligence! If they work take
    responsibility for the hole they created then they should get the hell
    out of the OS business!

    > Your assertion that as long as the "OS is still functional, then MS
    > has a responsibility to patch security holes" is, of course,
    > rediculous. Apple has to support OS 8? OS 9? Sun has to support
    > SunOS 4.1.3? IBM has to support OS/2 Warp? Like I said, rediculous.

    If hole is actively being exploited, then yes, software manufacturers
    should be held responsible for their negligent mistakes.

    > Global Network Security? How dramatic... Ignorance is a matter of
    > GNS. I think every IT company that has clients who are infected with
    > these exploits should have to publicize their company names and their
    > excuse for allowing their clients to be hit by such an ineffectual
    > worm.

    LOL! That patch had only been out for a week, and with the number of
    patches that MS released in its last bunch, it is quite understandable
    that testing all those patches would take a while. It's not like MS has
    never released a patched that didn't create other problems.

    The larger the organization, the longer it will take to test the
    MicroPatches, especially when you have multiple patches released all at
    once. And MS is the one that decided to release patches all at once on
    a monthly schedule.

    So stop your apologizing for Microsoft. They created the hole through
    there negligence, and they should be held accountable to fix it for
    free, or be run out of town like any snake oil salesmen that gets caught
    selling an inferior product.

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  30. Archived from groups: microsoft.public.windowsxp.general (More info?)

    On 17 Aug 2005 19:08:12 -0700, "Dimple Wathen"
    <dimplewathen@hotmail.com> wrote:

    >Microsoft Corporate Officers should be brought before Congress

    Some of them including the stud duck himself already have, remember?
    And they have the nerve to question honest purchasers of their product
    that never have been subpoenaed for any acts of skullduggery as to if
    they are thieves and pirates while the real thieves and pirates are
    laughing their arses off... including the whole damned country of
    China which is running a Kazillion copies of a mass distributed volume
    licensed version of XP.
  31. Archived from groups: microsoft.public.windowsxp.general (More info?)

    On Wednesday 17 August 2005 08:13 am, Alias had this to say in
    microsoft.public.windowsxp.general:

    >
    > "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
    > news:%236jsm1zoFHA.3316@tk2msftngp13.phx.gbl...
    >> Vagabond Software wrote:
    >>> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
    >>> message news:uXqgpcyoFHA.3256@TK2MSFTNGP12.phx.gbl...
    >>>> . . . . To get their Corporate Customers to upgrade to XPSP2 & later
    >>>> to upgrade to Shorthorn?
    >>>>
    >>>> --
    >>>
    >>> I doubt it. It didn't even work to upgrade one particular corporate
    >>> customer to Windows 2000 SP4 from SP3. They (the customer) just paid
    >>> the $150,000 for the patch on SP3.
    >>
    >> LOL! MS will find a way to profit from Zotob, one way or another!
    >>
    >> --
    >> Peace!
    >> Kurt
    >
    > As will many computer repair firms.
    >
    > Alias

    I can earn a living fighting worms and viruses for Windows. My Linux
    servers I can afford to ignore for years.

    You have to be a pretty knowledgeable computer user on Linux to make it
    "not" secure.


    --
    Have you been MicroShafted today?
    To mess up a Linux box, you need to work *at* it.
    To mess up a Windows box, you need to work *on* it.
  32. Archived from groups: microsoft.public.windowsxp.general (More info?)

    On Wednesday 17 August 2005 04:06 pm, Dimple Wathen had this to say in
    microsoft.public.windowsxp.general:

    > NoStop wrote:
    >> On Wednesday 17 August 2005 08:13 am, Alias had this to say in
    >> microsoft.public.windowsxp.general:
    >>
    >> You have to be a pretty knowledgeable computer user on Linux to make it
    >> "not" secure.
    >
    > Has "Linux" removed all buffer overflow bugs then? Hmmm... that means
    > that there are none that even nobody has found yet! COOL!

    Since the majority of the Web runs on Linux, when is the last time you heard
    of malicious code bringing down a website running on Linux? OK, I thought
    so ... you haven't.


    --
    Have you been MicroShafted today?
    To mess up a Linux box, you need to work *at* it.
    To mess up a Windows box, you need to work *on* it.
  33. Archived from groups: microsoft.public.windowsxp.general (More info?)

    NoStop wrote:
    > On Wednesday 17 August 2005 04:06 pm, Dimple Wathen had this to say in
    > microsoft.public.windowsxp.general:
    >
    >> NoStop wrote:
    >>> On Wednesday 17 August 2005 08:13 am, Alias had this to say in
    >>> microsoft.public.windowsxp.general:
    >>>
    >>> You have to be a pretty knowledgeable computer user on Linux to
    >>> make it "not" secure.
    >>
    >> Has "Linux" removed all buffer overflow bugs then? Hmmm... that means
    >> that there are none that even nobody has found yet! COOL!
    >
    > Since the majority of the Web runs on Linux, when is the last time
    > you heard of malicious code bringing down a website running on Linux?
    > OK, I thought so ... you haven't.

    Actually, I had a website that was hosted on Linux servers, and had my
    home page replaced.

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  34. Archived from groups: microsoft.public.windowsxp.general (More info?)

    In article <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
    dimplewathen@hotmail.com says...
    > What is making things worse are the Mircosoft apologists.

    No, what makes things worse is the people that don't know how to
    properly secure a network or node so that even exploits don't impact
    them no matter how much they run in the wild.

    I've never had a customer compromised, but we design with the idea that
    NO OS/Service IS SECURE (since none are) and with that in mind, we've
    never had a compromised server, workstation, node, nada.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  35. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Leythos wrote:
    > In article <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
    > dimplewathen@hotmail.com says...
    >> What is making things worse are the Mircosoft apologists.
    >
    > No, what makes things worse is the people that don't know how to
    > properly secure a network or node so that even exploits don't impact
    > them no matter how much they run in the wild.

    Large corps hardly had time to test all the patches that MS bunched
    together this month. MS purposely changed how patches are delivered, so
    they come out one a month, instead of when they are ready. If the eight
    patches were releasedspread out, it would be much easier for to test and
    push them out.

    > I've never had a customer compromised, but we design with the idea
    > that NO OS/Service IS SECURE (since none are) and with that in mind,
    > we've never had a compromised server, workstation, node, nada.

    I doubt you deal with number of computers that many of the largest
    corporations have to deal with.

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  36. Archived from groups: microsoft.public.windowsxp.general (More info?)

    On Wednesday 17 August 2005 06:19 pm, kurttrail had this to say in
    microsoft.public.windowsxp.general:

    > NoStop wrote:
    >> On Wednesday 17 August 2005 04:06 pm, Dimple Wathen had this to say in
    >> microsoft.public.windowsxp.general:
    >>
    >>> NoStop wrote:
    >>>> On Wednesday 17 August 2005 08:13 am, Alias had this to say in
    >>>> microsoft.public.windowsxp.general:
    >>>>
    >>>> You have to be a pretty knowledgeable computer user on Linux to
    >>>> make it "not" secure.
    >>>
    >>> Has "Linux" removed all buffer overflow bugs then? Hmmm... that means
    >>> that there are none that even nobody has found yet! COOL!
    >>
    >> Since the majority of the Web runs on Linux, when is the last time
    >> you heard of malicious code bringing down a website running on Linux?
    >> OK, I thought so ... you haven't.
    >
    > Actually, I had a website that was hosted on Linux servers, and had my
    > home page replaced.
    >

    Well Kurty old boy, after seeing your web sites, I must congratulate anyone
    who could hack in and change it. A hacked website is not what we're talking
    about when we're talking about malicious code compromising an *operating
    system*. Your website was probably hacked by a simple dictionary attack
    that allowed a hacker to ftp onto your site and plant a new index.html file
    there.


    --
    Have you been MicroShafted today?
    To mess up a Linux box, you need to work *at* it.
    To mess up a Windows box, you need to work *on* it.
  37. Archived from groups: microsoft.public.windowsxp.general (More info?)

    NoStop wrote:
    > On Wednesday 17 August 2005 06:19 pm, kurttrail had this to say in
    > microsoft.public.windowsxp.general:
    >
    >> NoStop wrote:
    >>> On Wednesday 17 August 2005 04:06 pm, Dimple Wathen had this to say
    >>> in microsoft.public.windowsxp.general:
    >>>
    >>>> NoStop wrote:
    >>>>> On Wednesday 17 August 2005 08:13 am, Alias had this to say in
    >>>>> microsoft.public.windowsxp.general:
    >>>>>
    >>>>> You have to be a pretty knowledgeable computer user on Linux to
    >>>>> make it "not" secure.
    >>>>
    >>>> Has "Linux" removed all buffer overflow bugs then? Hmmm... that
    >>>> means that there are none that even nobody has found yet! COOL!
    >>>
    >>> Since the majority of the Web runs on Linux, when is the last time
    >>> you heard of malicious code bringing down a website running on
    >>> Linux? OK, I thought so ... you haven't.
    >>
    >> Actually, I had a website that was hosted on Linux servers, and had
    >> my home page replaced.
    >>
    >
    > Well Kurty old boy, after seeing your web sites, I must congratulate
    > anyone who could hack in and change it. A hacked website is not what
    > we're talking about when we're talking about malicious code
    > compromising an *operating system*. Your website was probably hacked
    > by a simple dictionary attack that allowed a hacker to ftp onto your
    > site and plant a new index.html file there.

    LOL! My site wasn't the only only that was hacked.

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  38. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Leythos wrote:
    > In article <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
    > dimplewathen@hotmail.com says...
    > > What is making things worse are the Mircosoft apologists.
    >
    > No, what makes things worse is the people that don't know how to
    > properly secure a network or node so that even exploits don't impact
    > them no matter how much they run in the wild.

    Yeah, but you took that quote out of context.

    > I've never had a customer compromised, but we design with the idea that
    > NO OS/Service IS SECURE (since none are) and with that in mind, we've
    > never had a compromised server, workstation, node, nada.

    Yeah, but when it comes to bugs like buffer overflows you don't know
    they exist until someone finds them! Hopefully other admins find them
    first, create and post a patch, and you update your machines. Duh!
    GNU/Linux admins and programmers and kernel hackers all work together
    to make your job easy, correct? (Or at least *easier*.)

    Which goes back to your broad statements that "Linux" is secure "out of
    the box" and will run forever without work. NOT TRUE. You even state
    here that a network must be "properly secured" and that you "design
    with the idea" of security.

    It does take work to adminster and patch and maintain GNU/Linux. But as
    I've said, Linux admins and programmers all work together to help each
    other. This is a really good thing! It make for increased security,
    faster fixes, etc.

    But then again, this is a newsgroup about XP and not GNU/Linux.
  39. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Leythos wrote:
    > Ed, you don't need to be sorry, I've seen what you describe many times -
    > that one way we get so many new customers. We're known for building
    > secure networks and securing broken ones for new clients - if you are
    > not proactive when you talk with clients, don't document their
    > holes/flaws, if you don't sell them on the idea that it can be secured,
    > then you're always going to be part of the mess.

    After reading all that you (and others) have said (and the quote above
    tends to summarize it all), I realize that I have been part of the
    mess. (I wish an IT company with your attitude had setup our company's
    WIN2K server which is now is bad shape and totally undocumented.)

    I kinda sorta don't blame people for being upset that their shiny new
    XP computer gets cracked.

    If the reason is they downloaded a screensaver that installed a porn
    server along with it, well, they didn't know better and the screensaver
    programmers comitted fraud... so I am more likely to sympathize with
    them.

    If the reason is that they left port 445 open and got exploited via FTP
    and all they had to do was block the port to protect themselves, well,
    home users should not have to know what a TCP/IP port is and I still
    can not blame the user. Windows can come hardened out of the box.

    If the reason is that Microsoft had a design flow in DCOM or RPC or
    something and they got exploited, I certainly blame Microsoft. Even if
    Microsft had a patch made available.

    However, I don't make a living on IT support, but there are several
    computers I maintain and as someone who is supposed to know about bugs
    and exploits and ports, *I messed up* if I did not do as much as I
    generally can to protect those computers. We do know that these
    problems exist and haxe existed for all Windows versions.

    And I messed up.

    --
    The thing is is that Micrososft is constantly and consistantly loosing
    the battle. All their patches are to fix *really serious flaws* in
    their OS. Ans in a rush to fix things their fixes sometimes cause
    problems.
  40. Archived from groups: microsoft.public.windowsxp.general (More info?)

    In article <uahLwg6oFHA.1416@TK2MSFTNGP09.phx.gbl>,
    dontemailme@anywhereintheknowuniverse.org says...
    > Leythos wrote:
    > > In article <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
    > > dimplewathen@hotmail.com says...
    > >> What is making things worse are the Mircosoft apologists.
    > >
    > > No, what makes things worse is the people that don't know how to
    > > properly secure a network or node so that even exploits don't impact
    > > them no matter how much they run in the wild.
    >
    > Large corps hardly had time to test all the patches that MS bunched
    > together this month. MS purposely changed how patches are delivered, so
    > they come out one a month, instead of when they are ready. If the eight
    > patches were releasedspread out, it would be much easier for to test and
    > push them out.

    And you want to know something funny - we didn't apply any of the update
    until this week, and not one system was compromised. In general, the
    exploits/worms have to have a way in first - and if you block the way in
    you don't have near as much to worry about. You also need to block the
    spread - as I recall, the latest worm spread via 445 and loaded it's
    payload via FTP. So, why do people let 445 out of their local networks?
    Why do people allow outbound FTP access except as specifically needed?

    > > I've never had a customer compromised, but we design with the idea
    > > that NO OS/Service IS SECURE (since none are) and with that in mind,
    > > we've never had a compromised server, workstation, node, nada.
    >
    > I doubt you deal with number of computers that many of the largest
    > corporations have to deal with.

    You are right, we work with about 1000+ nodes right now, soon to be
    around 1500 as we pick up another client with 9 offices. While we don't
    have 20,000 workstations with one client, the methods are the same and
    they scale very nicely. Once the methods are in place you don't have
    near as much work to do. Don't forget, I come from the industrial sector
    where the entire plant (all processes) and the connecting plants had to
    run even when the front office networks (which we were not responsible
    for) were compromised - we learned how to secure without impacting
    business functions in the worst possible conditions, and it carries
    through into the business sector too - at least it has worked for all of
    our clients. We left the industrial sector about 5 years ago, started
    with just non-industrial clients and found that the work was a lot
    easier, paid better, and we don't get dirty as much :)

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  41. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Leythos wrote:
    > In article <uahLwg6oFHA.1416@TK2MSFTNGP09.phx.gbl>,
    > dontemailme@anywhereintheknowuniverse.org says...
    >> Leythos wrote:
    >>> In article <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
    >>> dimplewathen@hotmail.com says...
    >>>> What is making things worse are the Mircosoft apologists.
    >>>
    >>> No, what makes things worse is the people that don't know how to
    >>> properly secure a network or node so that even exploits don't impact
    >>> them no matter how much they run in the wild.
    >>
    >> Large corps hardly had time to test all the patches that MS bunched
    >> together this month. MS purposely changed how patches are
    >> delivered, so they come out one a month, instead of when they are
    >> ready. If the eight patches were releasedspread out, it would be
    >> much easier for to test and push them out.
    >
    > And you want to know something funny - we didn't apply any of the
    > update until this week, and not one system was compromised.

    When exactly?

    > In
    > general, the exploits/worms have to have a way in first - and if you
    > block the way in you don't have near as much to worry about. You also
    > need to block the spread - as I recall, the latest worm spread via
    > 445 and loaded it's payload via FTP. So, why do people let 445 out of
    > their local networks? Why do people allow outbound FTP access except
    > as specifically needed?

    And none of these corps had a need for FTP?

    >
    >>> I've never had a customer compromised, but we design with the idea
    >>> that NO OS/Service IS SECURE (since none are) and with that in mind,
    >>> we've never had a compromised server, workstation, node, nada.
    >>
    >> I doubt you deal with number of computers that many of the largest
    >> corporations have to deal with.
    >
    > You are right, we work with about 1000+ nodes right now, soon to be
    > around 1500 as we pick up another client with 9 offices. While we
    > don't have 20,000 workstations with one client, the methods are the
    > same and they scale very nicely. Once the methods are in place you
    > don't have near as much work to do. Don't forget, I come from the
    > industrial sector where the entire plant (all processes) and the
    > connecting plants had to run even when the front office networks
    > (which we were not responsible for) were compromised - we learned how
    > to secure without impacting business functions in the worst possible
    > conditions, and it carries through into the business sector too - at
    > least it has worked for all of our clients. We left the industrial
    > sector about 5 years ago, started with just non-industrial clients
    > and found that the work was a lot easier, paid better, and we don't
    > get dirty as much :)

    Is that the royal "we?"

    Yeah, I'm sure some of these corps could do a better job with security,
    but that doesn't make MS any less cupable for paying for its negligent
    mistakes.

    You want to blame everybody but MS. MS should NOT profit from fixing
    its negligent mistakes! MS should be responsible for its mistakes.

    But keep blaming the victims of MS's negligent code. I bet you blame
    rape victims for their rapes too, because that is the kinda guy you are.

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  42. Archived from groups: microsoft.public.windowsxp.general (More info?)

    In article <##5oDq$oFHA.1968@TK2MSFTNGP14.phx.gbl>,
    dontemailme@anywhereintheknowuniverse.org says...
    > Leythos wrote:
    > > In article <uahLwg6oFHA.1416@TK2MSFTNGP09.phx.gbl>,
    > > dontemailme@anywhereintheknowuniverse.org says...
    > >> Leythos wrote:
    > >>> In article <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
    > >>> dimplewathen@hotmail.com says...
    > >>>> What is making things worse are the Mircosoft apologists.
    > >>>
    > >>> No, what makes things worse is the people that don't know how to
    > >>> properly secure a network or node so that even exploits don't impact
    > >>> them no matter how much they run in the wild.
    > >>
    > >> Large corps hardly had time to test all the patches that MS bunched
    > >> together this month. MS purposely changed how patches are
    > >> delivered, so they come out one a month, instead of when they are
    > >> ready. If the eight patches were releasedspread out, it would be
    > >> much easier for to test and push them out.
    > >
    > > And you want to know something funny - we didn't apply any of the
    > > update until this week, and not one system was compromised.
    >
    > When exactly?

    Last night to be specific, and there are machines that may not get the
    updates until later this week or early next week.

    > > In
    > > general, the exploits/worms have to have a way in first - and if you
    > > block the way in you don't have near as much to worry about. You also
    > > need to block the spread - as I recall, the latest worm spread via
    > > 445 and loaded it's payload via FTP. So, why do people let 445 out of
    > > their local networks? Why do people allow outbound FTP access except
    > > as specifically needed?
    >
    > And none of these corps had a need for FTP?

    They all have a need for FTP, but that doesn't mean you have to allow
    FTP outbound from every node in the network - any one that allows
    outbound access without reason is asking for trouble. As a standard, we
    don't even allow full HTTP access outbound for all nodes - we ask the
    customer to tell us what stations need outbound access, what type of
    access they need, and what they will be doing with it - then we setup
    rules based on the need.

    In many cases Outbound FTP is limited to business partners of the
    company - meaning we limit FTP to the sites that the require in order to
    do business.

    > >>> I've never had a customer compromised, but we design with the idea
    > >>> that NO OS/Service IS SECURE (since none are) and with that in mind,
    > >>> we've never had a compromised server, workstation, node, nada.
    > >>
    > >> I doubt you deal with number of computers that many of the largest
    > >> corporations have to deal with.
    > >
    > > You are right, we work with about 1000+ nodes right now, soon to be
    > > around 1500 as we pick up another client with 9 offices. While we
    > > don't have 20,000 workstations with one client, the methods are the
    > > same and they scale very nicely. Once the methods are in place you
    > > don't have near as much work to do. Don't forget, I come from the
    > > industrial sector where the entire plant (all processes) and the
    > > connecting plants had to run even when the front office networks
    > > (which we were not responsible for) were compromised - we learned how
    > > to secure without impacting business functions in the worst possible
    > > conditions, and it carries through into the business sector too - at
    > > least it has worked for all of our clients. We left the industrial
    > > sector about 5 years ago, started with just non-industrial clients
    > > and found that the work was a lot easier, paid better, and we don't
    > > get dirty as much :)
    >
    > Is that the royal "we?"
    >
    > Yeah, I'm sure some of these corps could do a better job with security,
    > but that doesn't make MS any less cupable for paying for its negligent
    > mistakes.
    >
    > You want to blame everybody but MS. MS should NOT profit from fixing
    > its negligent mistakes! MS should be responsible for its mistakes.

    No, I actually agree that MS is at fault for creating a mess and a very
    insecure OS/applications, but it's not like we don't know it, it's not
    like we don't know that all OS's have holes/exploits. As a good IT
    Manager one should expect this and learn how to deal with it. You can
    bitch about MS all you want, but it won't get your network back up or
    keep it safe unless you protect it.

    I would rather secure my networks and not have to deal with those issues
    as a normal practice than to do nothing and just rant at MS every time a
    system gets compromised. MS isn't going to do much to change the way
    things are, and as long as we can stay ahead of the problems it means
    that we can continue to run MS products without problems.

    > But keep blaming the victims of MS's negligent code. I bet you blame
    > rape victims for their rapes too, because that is the kinda guy you are.

    You have no clue - and I never said to NOT blame MS, I said:

    In article <MPG.1d6db9c8330db46f989c35@news-server.columbus.rr.com>,
    void@nowhere.lan says...
    > In article <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
    > dimplewathen@hotmail.com says...
    > > What is making things worse are the Mircosoft apologists.
    >
    > No, what makes things worse is the people that don't know how to
    > properly secure a network or node so that even exploits don't impact
    > them no matter how much they run in the wild.

    I don't absolve MS of any responsibility in the above statement, what I
    do it point out all the IT managers that don't really have a clue about
    security not to mention the home users and their ilk.

    All the information needed to secure networks is available on Microsofts
    websites, on Google, around the globe, but few people take the time to
    look for them, fewer take the time to implement them, and tons of people
    take the time to bitch about something they could have prevented if they
    had put as much energy into preventing it as they do complaining about
    it.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  43. Archived from groups: microsoft.public.windowsxp.general (More info?)

    On Thu, 18 Aug 2005 13:06:37 GMT, Leythos <void@nowhere.lan> wrote:

    >If you spend all that time checking and maintaining it then, forgive me
    >for saying it this way, then you don't have it setup properly.

    Well, I'm no IT. Even though I help a friend that is an Outsource IT,
    I do so only because he is a friend and I learn something each time I
    go with him. My home network consists of two computers networked
    together via a Linksys wireless setup. I probably don't have my home
    network set up properly but I can say with pride that all virii,
    spyware, adware, etc. have been 86ed at the front door with none
    getting any further. But, and as you suggest, me not knowing what I
    am doing has made me have to spend countless hours riding herd on my
    network and system security apps to keep it that way.

    >Funny you bring this up - The company I started does just what you think
    >doesn't work - we provide outsourced IT support and design services to
    >places from the east to west coasts, and none of them have had any
    >problems, not even with the latest worm.

    I was talking about outsourced ITs having to come in and clean up a
    network and individual systems that they did not design or build and
    which has been "abandoned" (for a better word) due to the fact that
    those that did design and build it were given their walking papers
    thus leaving the whole network and individual systems in an abandoned
    state of existence. Then, the powers that be wait until enough of the
    network and individual systems have toppled down before calling for
    help.

    >That's a shame - does that mean that you were unable to present a
    >corrective action plan to them?

    No me, I was just asked to help with hardware maintenance because I
    had some knowledge on how to handle that part. I'm no IT. My friend,
    that got the call on this outsourced contact, did just as you
    suggested and/or asked. And... this government agency learned a big
    lesson about closing down departments without any knowledge of what
    that department's true worth to the agency really is or what the
    future ramifications could be without that department close at hand.

    Yes, my friend set them up on a "Plan" that will keep them up and
    running. However, I later learned that the time and resources
    required to fulfill that "Plan" on the size of this agency would
    require almost as much money as what they were paying their own
    internal IT that they let go.... So, as I was trying to get across in
    my original post, this agency brought all these woe's on themselves...
    it was not the fault of any internal IT or outsourced IT. They, in
    essence by letting their internal IT go, abandoned their network and
    individual systems and didn't call for help until most of it had
    pulled a Humpty Dumpty and came crashing down.

    I think outsourced IT's have their place but when you are talking
    about something the size of this agency, I personally think it was
    cheaper to have an in house IT on salary. I just think some of the
    bean counters with these "Big" companies and "Big" agencies, who are
    being forced to cut here and cut there, are not thinking the whole
    thing through when they think they don't need an In house IT any more.

    My friend is telling me that he is seeing this more and more, where
    outsourced IT's are called in (after the fact) to salvage "Abandoned"
    networks and Systems. Please take note that we are talking about
    Abandoned instead of immediately turned over to an outsourcer for plan
    development and implementation.

    Regards,
    Ed
  44. Archived from groups: microsoft.public.windowsxp.general (More info?)

    In article <1124386496.731288.115990@f14g2000cwb.googlegroups.com>,
    dimplewathen@hotmail.com says...
    > Which goes back to your broad statements that "Linux" is secure "out of
    > the box" and will run forever without work. NOT TRUE. You even state
    > here that a network must be "properly secured" and that you "design
    > with the idea" of security.

    I hate to tell you this, but I've never, not once, said that Linux is
    secure out of the box, and I firmly believe that it's not secure out of
    the box as I've seen new installed systems rooted in under 4 hours.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  45. Archived from groups: microsoft.public.windowsxp.general (More info?)

    In article <1124388669.372418.286380@g49g2000cwa.googlegroups.com>,
    dimplewathen@hotmail.com says...
    > I adminster many Windows machines. And 75% of them keep failing.
    > Actually, all Windows machines slowly degenerate over time. They really
    > do. They are like old cars where the transmission is going, the brakes
    > are wearing, and the under body rusts out. It needs constant
    > maintenance.
    >
    > Everytime a program is installed on Windows the system becomes just a
    > little bit more unstable. The more programs one installs the more
    > unstable Windows becomes. Windows, to this day, still allows programs
    > to install and replace systems files in it's system folder!! This is so
    > stupid!!!! That is Window's biggest problem.

    You have got to be trolling.

    I install tons of applications on a weekly basis for testing a design
    work, have many computers personally, not to mention all the work that
    gets done at clients locations - and not one of the has any issues with
    the Windows XP OS or any of the standard MS Office applications, nor
    with many of their other commercial / common applications.

    My wife has been using a Windows XP computer that was a upgrade from
    Windows 2000 Professional, without any issues (for accounting, books,
    editing images, newsletters, etc) for almost 3 years without any rebuild
    of the system and we're just now moving it to a faster hardware platform
    (via ghosting to the new drive and then doing a repair install).

    The only constant maintenance a Windows box needs it a monthly defrag of
    the drives on a busy system and to ensure that Windows automatic updates
    are working.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  46. Archived from groups: microsoft.public.windowsxp.general (More info?)

    In article <1124390942.175047.13630@o13g2000cwo.googlegroups.com>,
    dimplewathen@hotmail.com says...
    > Leythos wrote:
    > > Ed, you don't need to be sorry, I've seen what you describe many times -
    > > that one way we get so many new customers. We're known for building
    > > secure networks and securing broken ones for new clients - if you are
    > > not proactive when you talk with clients, don't document their
    > > holes/flaws, if you don't sell them on the idea that it can be secured,
    > > then you're always going to be part of the mess.
    >
    > After reading all that you (and others) have said (and the quote above
    > tends to summarize it all), I realize that I have been part of the
    > mess. (I wish an IT company with your attitude had setup our company's
    > WIN2K server which is now is bad shape and totally undocumented.)
    >
    > I kinda sorta don't blame people for being upset that their shiny new
    > XP computer gets cracked.

    I also don't blame users when their systems are compromised, unless it
    was due to not following rules of basic security. The sad part is that
    all the information on how to be safe is easily available on the web,
    but those types don't look for it.

    Imagine all the people that open the ebay email and actually go to the
    fake ebay site and enter their personal information - that one mode of
    getting peoples personal info has been on every news channel, in most of
    the tech sections of news papers, listed on ebay's real site, and is
    easy to determine if it's real or not, but people still fall for it.

    Ignorance is not an excuse, it's a wanton action of being lazy in my
    opinion.

    > If the reason is they downloaded a screensaver that installed a porn
    > server along with it, well, they didn't know better and the screensaver
    > programmers comitted fraud... so I am more likely to sympathize with
    > them.

    Yea, but with a properly secured network they would not be able to
    download any content that might contain malicious files - like we don't
    allow .SCR files to pass through the HTTP sessions in our firewalls.

    > If the reason is that they left port 445 open and got exploited via FTP
    > and all they had to do was block the port to protect themselves, well,
    > home users should not have to know what a TCP/IP port is and I still
    > can not blame the user.

    I can, as there is no reason to allow outbound ports 135~139, 445, 1433~
    1434 and FTP outbound should be limited to a specific internal machine
    or to know good FTP sites. We have all the Sororities setup so that
    outbound traffic to destination ports 135~139, 445, 1433~1434, and to
    non-approved FTP locations is blocked - in addition to blocking content
    in HTTP sessions.

    > Windows can come hardened out of the box.

    Windows can not come hardened out of the box, it would break to many
    existing methods and fail in corporate environments. They need a new
    version, abandoning all the prior versions.

    > If the reason is that Microsoft had a design flow in DCOM or RPC or
    > something and they got exploited, I certainly blame Microsoft. Even if
    > Microsft had a patch made available.
    >
    > However, I don't make a living on IT support, but there are several
    > computers I maintain and as someone who is supposed to know about bugs
    > and exploits and ports, *I messed up* if I did not do as much as I
    > generally can to protect those computers. We do know that these
    > problems exist and haxe existed for all Windows versions.
    >
    > And I messed up.

    This is the start - knowing that you don't know and accepting that you
    have to learn more - that's all that I ask of my team. Never say you
    know when you don't, never fake it, never feel afraid to say "I don't
    know". It's always better to learn that to hide.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  47. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Leythos wrote:
    > In article <##5oDq$oFHA.1968@TK2MSFTNGP14.phx.gbl>,
    > dontemailme@anywhereintheknowuniverse.org says...
    >> Leythos wrote:
    >>> In article <uahLwg6oFHA.1416@TK2MSFTNGP09.phx.gbl>,
    >>> dontemailme@anywhereintheknowuniverse.org says...
    >>>> Leythos wrote:
    >>>>> In article
    >>>>> <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
    >>>>> dimplewathen@hotmail.com says...
    >>>>>> What is making things worse are the Mircosoft apologists.
    >>>>>
    >>>>> No, what makes things worse is the people that don't know how to
    >>>>> properly secure a network or node so that even exploits don't
    >>>>> impact them no matter how much they run in the wild.
    >>>>
    >>>> Large corps hardly had time to test all the patches that MS bunched
    >>>> together this month. MS purposely changed how patches are
    >>>> delivered, so they come out one a month, instead of when they are
    >>>> ready. If the eight patches were releasedspread out, it would be
    >>>> much easier for to test and push them out.
    >>>
    >>> And you want to know something funny - we didn't apply any of the
    >>> update until this week, and not one system was compromised.
    >>
    >> When exactly?
    >
    > Last night to be specific, and there are machines that may not get the
    > updates until later this week or early next week.
    >
    >>> In
    >>> general, the exploits/worms have to have a way in first - and if you
    >>> block the way in you don't have near as much to worry about. You
    >>> also need to block the spread - as I recall, the latest worm spread
    >>> via 445 and loaded it's payload via FTP. So, why do people let 445
    >>> out of their local networks? Why do people allow outbound FTP
    >>> access except as specifically needed?
    >>
    >> And none of these corps had a need for FTP?
    >
    > They all have a need for FTP, but that doesn't mean you have to allow
    > FTP outbound from every node in the network - any one that allows
    > outbound access without reason is asking for trouble. As a standard,
    > we don't even allow full HTTP access outbound for all nodes - we ask
    > the customer to tell us what stations need outbound access, what type
    > of access they need, and what they will be doing with it - then we
    > setup rules based on the need.
    >
    > In many cases Outbound FTP is limited to business partners of the
    > company - meaning we limit FTP to the sites that the require in order
    > to do business.
    >
    >>>>> I've never had a customer compromised, but we design with the idea
    >>>>> that NO OS/Service IS SECURE (since none are) and with that in
    >>>>> mind, we've never had a compromised server, workstation, node,
    >>>>> nada.
    >>>>
    >>>> I doubt you deal with number of computers that many of the largest
    >>>> corporations have to deal with.
    >>>
    >>> You are right, we work with about 1000+ nodes right now, soon to be
    >>> around 1500 as we pick up another client with 9 offices. While we
    >>> don't have 20,000 workstations with one client, the methods are the
    >>> same and they scale very nicely. Once the methods are in place you
    >>> don't have near as much work to do. Don't forget, I come from the
    >>> industrial sector where the entire plant (all processes) and the
    >>> connecting plants had to run even when the front office networks
    >>> (which we were not responsible for) were compromised - we learned
    >>> how to secure without impacting business functions in the worst
    >>> possible conditions, and it carries through into the business
    >>> sector too - at least it has worked for all of our clients. We left
    >>> the industrial sector about 5 years ago, started with just
    >>> non-industrial clients and found that the work was a lot easier,
    >>> paid better, and we don't get dirty as much :)
    >>
    >> Is that the royal "we?"
    >>
    >> Yeah, I'm sure some of these corps could do a better job with
    >> security, but that doesn't make MS any less cupable for paying for
    >> its negligent mistakes.
    >>
    >> You want to blame everybody but MS. MS should NOT profit from fixing
    >> its negligent mistakes! MS should be responsible for its mistakes.
    >
    > No, I actually agree that MS is at fault for creating a mess and a
    > very insecure OS/applications, but it's not like we don't know it,
    > it's not like we don't know that all OS's have holes/exploits. As a
    > good IT Manager one should expect this and learn how to deal with it.
    > You can bitch about MS all you want, but it won't get your network
    > back up or keep it safe unless you protect it.
    >
    > I would rather secure my networks and not have to deal with those
    > issues as a normal practice than to do nothing and just rant at MS
    > every time a system gets compromised. MS isn't going to do much to
    > change the way things are, and as long as we can stay ahead of the
    > problems it means that we can continue to run MS products without
    > problems.
    >
    >> But keep blaming the victims of MS's negligent code. I bet you blame
    >> rape victims for their rapes too, because that is the kinda guy you
    >> are.
    >
    > You have no clue - and I never said to NOT blame MS, I said:
    >
    > In article <MPG.1d6db9c8330db46f989c35@news-server.columbus.rr.com>,
    > void@nowhere.lan says...
    >> In article <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
    >> dimplewathen@hotmail.com says...
    >>> What is making things worse are the Mircosoft apologists.
    >>
    >> No, what makes things worse is the people that don't know how to
    >> properly secure a network or node so that even exploits don't impact
    >> them no matter how much they run in the wild.
    >
    > I don't absolve MS of any responsibility in the above statement, what
    > I do it point out all the IT managers that don't really have a clue
    > about security not to mention the home users and their ilk.
    >
    > All the information needed to secure networks is available on
    > Microsofts websites, on Google, around the globe, but few people take
    > the time to look for them, fewer take the time to implement them, and
    > tons of people take the time to bitch about something they could have
    > prevented if they had put as much energy into preventing it as they
    > do complaining about it.

    You said you don't absolve MS of any responsibility, but never say what
    that responsibility is.

    You just seem to be pissy about blaming everybody else.

    --
    Peace!
    Kurt
    Self-anointed Moderator
    microscum.pubic.windowsexp.gonorrhea
    http://microscum.com/mscommunity
    "Trustworthy Computing" is only another example of an Oxymoron!
    "Produkt-Aktivierung macht frei"
  48. Archived from groups: microsoft.public.windowsxp.general (More info?)

    In article <1o2ag1hmf9shpn5t8rvjrnsdiusir24mb4@4ax.com>, fake@fake.com
    says...
    > On Thu, 18 Aug 2005 13:06:37 GMT, Leythos <void@nowhere.lan> wrote:
    >
    > >If you spend all that time checking and maintaining it then, forgive me
    > >for saying it this way, then you don't have it setup properly.
    >
    > Well, I'm no IT. Even though I help a friend that is an Outsource IT,
    > I do so only because he is a friend and I learn something each time I
    > go with him. My home network consists of two computers networked
    > together via a Linksys wireless setup. I probably don't have my home
    > network set up properly but I can say with pride that all virii,
    > spyware, adware, etc. have been 86ed at the front door with none
    > getting any further. But, and as you suggest, me not knowing what I
    > am doing has made me have to spend countless hours riding herd on my
    > network and system security apps to keep it that way.
    >
    > >Funny you bring this up - The company I started does just what you think
    > >doesn't work - we provide outsourced IT support and design services to
    > >places from the east to west coasts, and none of them have had any
    > >problems, not even with the latest worm.
    >
    > I was talking about outsourced ITs having to come in and clean up a
    > network and individual systems that they did not design or build and
    > which has been "abandoned" (for a better word) due to the fact that
    > those that did design and build it were given their walking papers
    > thus leaving the whole network and individual systems in an abandoned
    > state of existence. Then, the powers that be wait until enough of the
    > network and individual systems have toppled down before calling for
    > help.

    I know you were talking about outsourced I.T., and that's what I run my
    business as - we're the team that people outsource to when they get sick
    of their other outsource people or when they want a cheaper alternative
    to full time IT staff. When you consider benefits, insurance, sick-days,
    training, skills, it's cheaper and better ROI to outsource if you can
    find a company that is reputable.

    > >That's a shame - does that mean that you were unable to present a
    > >corrective action plan to them?
    >
    > No me, I was just asked to help with hardware maintenance because I
    > had some knowledge on how to handle that part. I'm no IT. My friend,
    > that got the call on this outsourced contact, did just as you
    > suggested and/or asked. And... this government agency learned a big
    > lesson about closing down departments without any knowledge of what
    > that department's true worth to the agency really is or what the
    > future ramifications could be without that department close at hand.
    >
    > Yes, my friend set them up on a "Plan" that will keep them up and
    > running. However, I later learned that the time and resources
    > required to fulfill that "Plan" on the size of this agency would
    > require almost as much money as what they were paying their own
    > internal IT that they let go.... So, as I was trying to get across in
    > my original post, this agency brought all these woe's on themselves...
    > it was not the fault of any internal IT or outsourced IT. They, in
    > essence by letting their internal IT go, abandoned their network and
    > individual systems and didn't call for help until most of it had
    > pulled a Humpty Dumpty and came crashing down.

    And, being that we're an provider of IT servers with clients in the 5+
    years range so far, we've never found where the above was true with our
    clients. We have got a lot of new business/clients due to what you
    describe, but without a good methodology outsourcing IT will always
    fail.

    If the client is large enough you put someone onsite x hours per week as
    part of the contract, and it's still cheaper than having full time IT
    people, and provides better support too.

    > I think outsourced IT's have their place but when you are talking
    > about something the size of this agency, I personally think it was
    > cheaper to have an in house IT on salary. I just think some of the
    > bean counters with these "Big" companies and "Big" agencies, who are
    > being forced to cut here and cut there, are not thinking the whole
    > thing through when they think they don't need an In house IT any more.

    It's only cheaper if the outsource company and the local company don't
    understand and manage it properly - which is usually the fault of sales
    people not also being IT people and telling the client what they want to
    hear for any price. The companies where the senior people are IT people
    that also understand sales and business and accounting are the ones that
    succeed.

    > My friend is telling me that he is seeing this more and more, where
    > outsourced IT's are called in (after the fact) to salvage "Abandoned"
    > networks and Systems. Please take note that we are talking about
    > Abandoned instead of immediately turned over to an outsourcer for plan
    > development and implementation.

    Yep, see it too, and that's how we get new clients - and at that point
    the client is ready to listen. They are also ready to let you secure the
    network so it doesn't happen again.


    --

    spam999free@rrohio.com
    remove 999 in order to email me
  49. Archived from groups: microsoft.public.windowsxp.general (More info?)

    On Fri, 19 Aug 2005 01:57:58 GMT, Leythos <void@nowhere.lan> wrote:


    >If the client is large enough you put someone onsite x hours per week as
    >part of the contract, and it's still cheaper than having full time IT
    >people, and provides better support too.

    Well, that would be my misunderstanding as I thought it would be
    cheaper in larger deployments to just have the IT as part of the local
    infrastructure.

    >The companies where the senior people are IT people
    >that also understand sales and business and accounting are the ones that
    >succeed.

    Big Belly laugh here..... remember Leythos, I am talking about a
    government agency here, where it is a foreign concept to have anything
    near efficiency of manpower hours excelled via the ability to
    multitask across fields of expertise. But anything other than
    anything associated with government and what you say and suggest is
    definitely the way to go. As a matter of fact, I have a friend that
    runs a small (Small) company in the aviation support field and his son
    is his lead sales agent, Ferrier and the IT for the company.

    Regards,
    Ed
Ask a new question

Read More

Microsoft Windows XP