Sign in with
Sign up | Sign in
Your question

Is Zotob A MS Plot . . . .

Last response: in Windows XP
Share
Anonymous
August 17, 2005 12:28:19 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

.. . . . To get their Corporate Customers to upgrade to XPSP2 & later to
upgrade to Shorthorn?

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

More about : zotob plot

Anonymous
August 17, 2005 12:28:20 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
news:uXqgpcyoFHA.3256@TK2MSFTNGP12.phx.gbl...
>. . . . To get their Corporate Customers to upgrade to XPSP2 & later to
>upgrade to Shorthorn?
>
> --

I doubt it. It didn't even work to upgrade one particular corporate
customer to Windows 2000 SP4 from SP3. They (the customer) just paid the
$150,000 for the patch on SP3.

Carl
Anonymous
August 17, 2005 1:02:40 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

kurttrail wrote:
> . . . . To get their Corporate Customers to upgrade to XPSP2 & later to
> upgrade to Shorthorn?
>

Rediculous idea. If it was then Zotob would'nt only target Win2 OS.

Steve
Anonymous
August 17, 2005 2:58:13 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
news:uXqgpcyoFHA.3256@TK2MSFTNGP12.phx.gbl:

> . . . . To get their Corporate Customers to upgrade to XPSP2 & later to
> upgrade to Shorthorn?

It's a conspiracy. All software vendors delight in writing bad code so that
you are forced to spend all your free time patching your operating system
and applications.

For example look at the holes that CERT considered important for the WEEK of
August 3-9:

http://www.us-cert.gov/cas/bulletins/SB05-222.html

That's only the tip of the iceberg:

http://www.securityfocus.com/vulnerabilities

Best to stay away from computers entirely!
Anonymous
August 17, 2005 3:07:32 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Vagabond Software wrote:
> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
> message news:uXqgpcyoFHA.3256@TK2MSFTNGP12.phx.gbl...
>> . . . . To get their Corporate Customers to upgrade to XPSP2 & later
>> to upgrade to Shorthorn?
>>
>> --
>
> I doubt it. It didn't even work to upgrade one particular corporate
> customer to Windows 2000 SP4 from SP3. They (the customer) just paid
> the $150,000 for the patch on SP3.

LOL! MS will find a way to profit from Zotob, one way or another!

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Anonymous
August 17, 2005 3:07:33 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
news:%236jsm1zoFHA.3316@tk2msftngp13.phx.gbl...
> Vagabond Software wrote:
>> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
>> message news:uXqgpcyoFHA.3256@TK2MSFTNGP12.phx.gbl...
>>> . . . . To get their Corporate Customers to upgrade to XPSP2 & later
>>> to upgrade to Shorthorn?
>>>
>>> --
>>
>> I doubt it. It didn't even work to upgrade one particular corporate
>> customer to Windows 2000 SP4 from SP3. They (the customer) just paid
>> the $150,000 for the patch on SP3.
>
> LOL! MS will find a way to profit from Zotob, one way or another!
>
> --

Well, computers users are kind of like drivers. They'll just keep paying
whatever companies charge as long as they don't have to change their habits.

It's hard to find too much fault with the companies that profit by catering
to the consumer's preferences.

Carl
Anonymous
August 17, 2005 4:04:00 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Vagabond Software wrote:

> Well, computers users are kind of like drivers. They'll just keep
> paying whatever companies charge as long as they don't have to change
> their habits.
> It's hard to find too much fault with the companies that profit by
> catering to the consumer's preferences.

Profiteering from its coding blunders seems to be a bit extortionate to
me. MS should be offering the patch to cover its security whole for
free.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Anonymous
August 17, 2005 4:04:01 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
news:o Io9KV0oFHA.3912@TK2MSFTNGP10.phx.gbl...
> Vagabond Software wrote:
>
>> Well, computers users are kind of like drivers. They'll just keep
>> paying whatever companies charge as long as they don't have to change
>> their habits.
>> It's hard to find too much fault with the companies that profit by
>> catering to the consumer's preferences.
>
> Profiteering from its coding blunders seems to be a bit extortionate to
> me. MS should be offering the patch to cover its security whole for free.
>
> --

They did provide a patch for free... a week before there were any known
instances of the exploits in the user community. I have clients running
Windows 2000 workstations, and none of them have been affected by this
problem... and one client with nine Windows 2000 workstations hasn't even
been patched yet!

Wow! Amazing! It's a miracle! Maybe the divine hand of God came down and
touched little old me, or perhaps He is defending my clients' workstations
with a pillar of fire! Or perhaps network security is configured
correctly... the same way it would be configured whether my client was using
Windows or Linux.

Carl
Anonymous
August 17, 2005 4:07:51 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Steve N. wrote:
> kurttrail wrote:
>> . . . . To get their Corporate Customers to upgrade to XPSP2 & later
>> to upgrade to Shorthorn?
>>
>
> Rediculous idea. If it was then Zotob would'nt only target Win2 OS.
>
> Steve

According to CNN, which got hit, some older than XP versions were
affected.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Anonymous
August 17, 2005 4:07:52 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

kurttrail wrote:

> Steve N. wrote:
>
>>kurttrail wrote:
>>
>>>. . . . To get their Corporate Customers to upgrade to XPSP2 & later
>>>to upgrade to Shorthorn?
>>>
>>
>>Rediculous idea. If it was then Zotob would'nt only target Win2 OS.

Sorry. That should have read "only target Win2K OS."

>>
>>Steve
>
>
> According to CNN, which got hit, some older than XP versions were
> affected.
>


http://www.f-secure.com/v-descs/zotob_a.shtml

"The exploit uses fixed offsets inside Windows 2000 version of
umpnpmgr.dll. This means that only Windows 2000 systems (SP0-4) are
affected."

http://vil.nai.com/vil/content/v_135433.htm

"This self-executing worm spreads by exploiting Windows2000 MS05-039
vulnerable systems in order to instruct those systems to download and
execute the worm."

Steve
Anonymous
August 17, 2005 4:46:23 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Vagabond Software wrote:

> They did provide a patch for free... a week before there were any
> known instances of the exploits in the user community. <snip>

"They (the customer) just paid the $150,000 for the patch on SP3."

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Anonymous
August 17, 2005 4:46:24 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
news:uhmb2s0oFHA.2080@TK2MSFTNGP14.phx.gbl...
> Vagabond Software wrote:
>
>> They did provide a patch for free... a week before there were any
>> known instances of the exploits in the user community. <snip>
>
> "They (the customer) just paid the $150,000 for the patch on SP3."
>
> --

Well, I shouldn't have said "the customer"... The end-users' IT service
provider paid $150,000 to patch their operating system. Why? Because they
insist on running an unsupported operating system, which is Windows 2000
SP3. Why? Because they moved their Technicians to an hourly rate to save
money during slow periods.

Even though the IT firm would pay nothing to Microsoft to upgrade to Windows
2000 SP4, a supported operating system, they would have to pay those hourly
technicians to "touch" a helluva lot of machines. So, this IT firm has made
the calculated decision that it is cheaper to pay Microsoft for patches to
an unsupported operating system than it is to pay the Technicians an hourly
rate.

I know this doesn't fit well in your world view, but the progressive IT
firms that actually train their technicians and pay them to manage their
clients' networks never seem to get hit with these problems. Meanwhile, the
reactionary IT firms almost ALWAYS get hit by each and every one of these
problems because they only dispatch technicians to FIX problems AFTER they
are reported.

Carl
Anonymous
August 17, 2005 4:50:43 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Steve N. wrote:
> kurttrail wrote:
>
>> Steve N. wrote:
>>
>>> kurttrail wrote:
>>>
>>>> . . . . To get their Corporate Customers to upgrade to XPSP2 &
>>>> later to upgrade to Shorthorn?
>>>>
>>>
>>> Rediculous idea. If it was then Zotob would'nt only target Win2 OS.
>
> Sorry. That should have read "only target Win2K OS."
>
>>>
>>> Steve
>>
>>
>> According to CNN, which got hit, some older than XP versions were
>> affected.
>>
>
>
> http://www.f-secure.com/v-descs/zotob_a.shtml
>
> "The exploit uses fixed offsets inside Windows 2000 version of
> umpnpmgr.dll. This means that only Windows 2000 systems (SP0-4) are
> affected."
>
> http://vil.nai.com/vil/content/v_135433.htm
>
> "This self-executing worm spreads by exploiting Windows2000 MS05-039
> vulnerable systems in order to instruct those systems to download and
> execute the worm."

http://securityresponse.symantec.com/avcenter/venc/data...

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Anonymous
August 17, 2005 4:50:44 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

kurttrail wrote:

> Steve N. wrote:
>
>>kurttrail wrote:
>>
>>
>>>Steve N. wrote:
>>>
>>>
>>>>kurttrail wrote:
>>>>
>>>>
>>>>>. . . . To get their Corporate Customers to upgrade to XPSP2 &
>>>>>later to upgrade to Shorthorn?
>>>>>
>>>>
>>>>Rediculous idea. If it was then Zotob would'nt only target Win2 OS.
>>
>>Sorry. That should have read "only target Win2K OS."
>>
>>
>>>>Steve
>>>
>>>
>>>According to CNN, which got hit, some older than XP versions were
>>>affected.
>>>
>>
>>
>>http://www.f-secure.com/v-descs/zotob_a.shtml
>>
>>"The exploit uses fixed offsets inside Windows 2000 version of
>>umpnpmgr.dll. This means that only Windows 2000 systems (SP0-4) are
>>affected."
>>
>>http://vil.nai.com/vil/content/v_135433.htm
>>
>>"This self-executing worm spreads by exploiting Windows2000 MS05-039
>>vulnerable systems in order to instruct those systems to download and
>>execute the worm."
>
>
> http://securityresponse.symantec.com/avcenter/venc/data...
>

Yes, I have read that.

The Symantec writeup fails to mention that it only directly exploits the
MS05-039 vulnerability in Windows2000. Other Windows platforms can
execute and launch the worm but themselves do not get infected or
exploited by it.

Steve
August 17, 2005 5:16:02 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
news:eRvLRv0oFHA.3552@TK2MSFTNGP10.phx.gbl...
> Steve N. wrote:
>> kurttrail wrote:
>>
>>> Steve N. wrote:
>>>
>>>> kurttrail wrote:
>>>>
>>>>> . . . . To get their Corporate Customers to upgrade to XPSP2 &
>>>>> later to upgrade to Shorthorn?
>>>>>
>>>>
>>>> Rediculous idea. If it was then Zotob would'nt only target Win2 OS.
>>
>> Sorry. That should have read "only target Win2K OS."
>>
>>>>
>>>> Steve
>>>
>>>
>>> According to CNN, which got hit, some older than XP versions were
>>> affected.
>>>
>>
>>
>> http://www.f-secure.com/v-descs/zotob_a.shtml
>>
>> "The exploit uses fixed offsets inside Windows 2000 version of
>> umpnpmgr.dll. This means that only Windows 2000 systems (SP0-4) are
>> affected."
>>
>> http://vil.nai.com/vil/content/v_135433.htm
>>
>> "This self-executing worm spreads by exploiting Windows2000 MS05-039
>> vulnerable systems in order to instruct those systems to download and
>> execute the worm."
>
> http://securityresponse.symantec.com/avcenter/venc/data...
>
> --
> Peace!
> Kurt
> Self-anointed Moderator
> microscum.pubic.windowsexp.gonorrhea
> http://microscum.com/mscommunity
> "Trustworthy Computing" is only another example of an Oxymoron!
> "Produkt-Aktivierung macht frei"
>
kurtrail,

For once I agree with you! I believe this is no different than the
government trying to slow down home sales so they raise the interest rate.
When that didn't work gas goes up 30 cents a gallon and we all have less
money because of it. Think that will slow home sales?

Think more people will turn on Automatic Updates now? I do! Just think
Vista is on the way to save us all from the evil doers of this world :-)

It is interesting as I said the same thing about the last nasty worm that
came around and started all of this stuff where MS put on their website
about the three steps to protecting yourself. Do I believe they gain from
this, yes!!

However, good test to see if you are managing your PC correctly....

George
Anonymous
August 17, 2005 5:35:44 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Steve N. wrote:
> kurttrail wrote:
>
>> Steve N. wrote:
>>
>>> kurttrail wrote:
>>>
>>>
>>>> Steve N. wrote:
>>>>
>>>>
>>>>> kurttrail wrote:
>>>>>
>>>>>
>>>>>> . . . . To get their Corporate Customers to upgrade to XPSP2 &
>>>>>> later to upgrade to Shorthorn?
>>>>>>
>>>>>
>>>>> Rediculous idea. If it was then Zotob would'nt only target Win2
>>>>> OS.
>>>
>>> Sorry. That should have read "only target Win2K OS."
>>>
>>>
>>>>> Steve
>>>>
>>>>
>>>> According to CNN, which got hit, some older than XP versions were
>>>> affected.
>>>>
>>>
>>>
>>> http://www.f-secure.com/v-descs/zotob_a.shtml
>>>
>>> "The exploit uses fixed offsets inside Windows 2000 version of
>>> umpnpmgr.dll. This means that only Windows 2000 systems (SP0-4) are
>>> affected."
>>>
>>> http://vil.nai.com/vil/content/v_135433.htm
>>>
>>> "This self-executing worm spreads by exploiting Windows2000 MS05-039
>>> vulnerable systems in order to instruct those systems to download
>>> and execute the worm."
>>
>>
>> http://securityresponse.symantec.com/avcenter/venc/data...
>>
>
> Yes, I have read that.
>
> The Symantec writeup fails to mention that it only directly exploits
> the MS05-039 vulnerability in Windows2000. Other Windows platforms can
> execute and launch the worm but themselves do not get infected or
> exploited by it.
>
> Steve

Doesn't matter as my point is that MS will use this worm to get corps
that have been reluctant to upgrade.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Anonymous
August 17, 2005 6:01:50 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Vagabond Software wrote:
> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
> message news:uhmb2s0oFHA.2080@TK2MSFTNGP14.phx.gbl...
>> Vagabond Software wrote:
>>
>>> They did provide a patch for free... a week before there were any
>>> known instances of the exploits in the user community. <snip>
>>
>> "They (the customer) just paid the $150,000 for the patch on SP3."
>>
>> --
>
> Well, I shouldn't have said "the customer"... The end-users' IT
> service provider paid $150,000 to patch their operating system. Why?
> Because they insist on running an unsupported operating system, which
> is Windows 2000 SP3. Why? Because they moved their Technicians to
> an hourly rate to save money during slow periods.
>
> Even though the IT firm would pay nothing to Microsoft to upgrade to
> Windows 2000 SP4, a supported operating system, they would have to
> pay those hourly technicians to "touch" a helluva lot of machines. So,
> this IT firm has made the calculated decision that it is cheaper
> to pay Microsoft for patches to an unsupported operating system than
> it is to pay the Technicians an hourly rate.
>
> I know this doesn't fit well in your world view, but the progressive
> IT firms that actually train their technicians and pay them to manage
> their clients' networks never seem to get hit with these problems.
> Meanwhile, the reactionary IT firms almost ALWAYS get hit by each and
> every one of these problems because they only dispatch technicians to
> FIX problems AFTER they are reported.
>
> Carl

MS should provide any necessary patch for free. It is their coding
negligence that
is being exploited.

If the OS is still functional, then MS has a responsibility to patch the
security holes in it. It is a matter of Global Network Security. If MS
doesn't want take responsibility for its holes, then they should get out
of businesss.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Anonymous
August 17, 2005 6:01:51 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
news:ehYtAX1oFHA.1872@TK2MSFTNGP10.phx.gbl...
> Vagabond Software wrote:
>> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
>> message news:uhmb2s0oFHA.2080@TK2MSFTNGP14.phx.gbl...
>>> Vagabond Software wrote:
>>>
>>>> They did provide a patch for free... a week before there were any
>>>> known instances of the exploits in the user community. <snip>
>>>
>>> "They (the customer) just paid the $150,000 for the patch on SP3."
>>>
>>> --
>>
>> Well, I shouldn't have said "the customer"... The end-users' IT
>> service provider paid $150,000 to patch their operating system. Why?
>> Because they insist on running an unsupported operating system, which
>> is Windows 2000 SP3. Why? Because they moved their Technicians to
>> an hourly rate to save money during slow periods.
>>
>> Even though the IT firm would pay nothing to Microsoft to upgrade to
>> Windows 2000 SP4, a supported operating system, they would have to
>> pay those hourly technicians to "touch" a helluva lot of machines. So,
>> this IT firm has made the calculated decision that it is cheaper
>> to pay Microsoft for patches to an unsupported operating system than
>> it is to pay the Technicians an hourly rate.
>>
>> I know this doesn't fit well in your world view, but the progressive
>> IT firms that actually train their technicians and pay them to manage
>> their clients' networks never seem to get hit with these problems.
>> Meanwhile, the reactionary IT firms almost ALWAYS get hit by each and
>> every one of these problems because they only dispatch technicians to
>> FIX problems AFTER they are reported.
>>
>> Carl
>
> MS should provide any necessary patch for free. It is their coding
> negligence that
> is being exploited.
>
> If the OS is still functional, then MS has a responsibility to patch the
> security holes in it. It is a matter of Global Network Security. If MS
> doesn't want take responsibility for its holes, then they should get out
> of businesss.
>
> --

I don't know how many times I have to repeat myself. Microsoft provided a
FREE fix via Windows 2000 SP4.

Your assertion that as long as the "OS is still functional, then MS has a
responsibility to patch security holes" is, of course, rediculous. Apple
has to support OS 8? OS 9? Sun has to support SunOS 4.1.3? IBM has to
support OS/2 Warp? Like I said, rediculous.

Global Network Security? How dramatic... Ignorance is a matter of GNS. I
think every IT company that has clients who are infected with these exploits
should have to publicize their company names and their excuse for allowing
their clients to be hit by such an ineffectual worm.

Carl
Anonymous
August 17, 2005 6:03:19 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Fuzzy Logic wrote:
> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
> news:uXqgpcyoFHA.3256@TK2MSFTNGP12.phx.gbl:
>
>> . . . . To get their Corporate Customers to upgrade to XPSP2 & later
>> to upgrade to Shorthorn?
>
> It's a conspiracy. All software vendors delight in writing bad code
> so that you are forced to spend all your free time patching your
> operating system and applications.
>
> For example look at the holes that CERT considered important for the
> WEEK of August 3-9:
>
> http://www.us-cert.gov/cas/bulletins/SB05-222.html
>
> That's only the tip of the iceberg:
>
> http://www.securityfocus.com/vulnerabilities
>
> Best to stay away from computers entirely!

LOL! I use to think it was computers that were the devil, but it ain't
the hardware, it's the software.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Anonymous
August 17, 2005 8:06:00 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

NoStop wrote:
> On Wednesday 17 August 2005 08:13 am, Alias had this to say in
> microsoft.public.windowsxp.general:
>
> You have to be a pretty knowledgeable computer user on Linux to make it
> "not" secure.

Has "Linux" removed all buffer overflow bugs then? Hmmm... that means
that there are none that even nobody has found yet! COOL!
August 17, 2005 9:13:13 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
news:%236jsm1zoFHA.3316@tk2msftngp13.phx.gbl...
> Vagabond Software wrote:
>> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
>> message news:uXqgpcyoFHA.3256@TK2MSFTNGP12.phx.gbl...
>>> . . . . To get their Corporate Customers to upgrade to XPSP2 & later
>>> to upgrade to Shorthorn?
>>>
>>> --
>>
>> I doubt it. It didn't even work to upgrade one particular corporate
>> customer to Windows 2000 SP4 from SP3. They (the customer) just paid
>> the $150,000 for the patch on SP3.
>
> LOL! MS will find a way to profit from Zotob, one way or another!
>
> --
> Peace!
> Kurt

As will many computer repair firms.

Alias
Anonymous
August 17, 2005 9:13:14 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Alias wrote:
> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
> message news:%236jsm1zoFHA.3316@tk2msftngp13.phx.gbl...
>> Vagabond Software wrote:
>>> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
>>> message news:uXqgpcyoFHA.3256@TK2MSFTNGP12.phx.gbl...
>>>> . . . . To get their Corporate Customers to upgrade to XPSP2 &
>>>> later to upgrade to Shorthorn?
>>>>
>>>> --
>>>
>>> I doubt it. It didn't even work to upgrade one particular corporate
>>> customer to Windows 2000 SP4 from SP3. They (the customer) just
>>> paid the $150,000 for the patch on SP3.
>>
>> LOL! MS will find a way to profit from Zotob, one way or another!
>>
>> --
>> Peace!
>> Kurt
>
> As will many computer repair firms.
>
> Alias

Yeah, but those repair firms bad code didn't create the security hole in
the first place.

MS is, in effect, profiting from its own mistakes.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
August 17, 2005 10:45:35 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"Steve N." <Steve_N@nunya.biz.nes> wrote

> kurttrail wrote:
>
>> Steve N. wrote:
>>
>>>kurttrail wrote:
>>>
>>>>. . . . To get their Corporate Customers to upgrade to XPSP2 & later
>>>>to upgrade to Shorthorn?
>>>>
>>>
>>>Rediculous idea. If it was then Zotob would'nt only target Win2 OS.
>
> Sorry. That should have read "only target Win2K OS."
>
>>>
>>>Steve
>>
>>
>> According to CNN, which got hit, some older than XP versions were
>> affected.
>>
>
>
> http://www.f-secure.com/v-descs/zotob_a.shtml
>
> "The exploit uses fixed offsets inside Windows 2000 version of
> umpnpmgr.dll. This means that only Windows 2000 systems (SP0-4) are
> affected."
>
> http://vil.nai.com/vil/content/v_135433.htm
>
> "This self-executing worm spreads by exploiting Windows2000 MS05-039
> vulnerable systems in order to instruct those systems to download and
> execute the worm."
>
> Steve

Then why was there a patch for XP? Or was there?

Alias, scratching his head.
Anonymous
August 17, 2005 10:45:36 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Alias wrote:

> "Steve N." <Steve_N@nunya.biz.nes> wrote
>
>
>>kurttrail wrote:
>>
>>
>>>Steve N. wrote:
>>>
>>>
>>>>kurttrail wrote:
>>>>
>>>>
>>>>>. . . . To get their Corporate Customers to upgrade to XPSP2 & later
>>>>>to upgrade to Shorthorn?
>>>>>
>>>>
>>>>Rediculous idea. If it was then Zotob would'nt only target Win2 OS.
>>
>>Sorry. That should have read "only target Win2K OS."
>>
>>
>>>>Steve
>>>
>>>
>>>According to CNN, which got hit, some older than XP versions were
>>>affected.
>>>
>>
>>
>>http://www.f-secure.com/v-descs/zotob_a.shtml
>>
>>"The exploit uses fixed offsets inside Windows 2000 version of
>>umpnpmgr.dll. This means that only Windows 2000 systems (SP0-4) are
>>affected."
>>
>>http://vil.nai.com/vil/content/v_135433.htm
>>
>>"This self-executing worm spreads by exploiting Windows2000 MS05-039
>>vulnerable systems in order to instruct those systems to download and
>>execute the worm."
>>
>>Steve
>
>
> Then why was there a patch for XP? Or was there?
>
> Alias, scratching his head.
>
>

There is a patch for the same class of vulnerability present in other
Win OSes, but this particular worm is specifically targetting Win2K. It
can be launched from other Win OSes but not infect them.

Steve
Anonymous
August 17, 2005 11:08:12 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

kurttrail wrote:

> So stop your apologizing for Microsoft. They created the hole through
> there negligence, and they should be held accountable to fix it for
> free, or be run out of town like any snake oil salesmen that gets caught
> selling an inferior product.

Hear hear!

Microsoft Corporate Officers should be brought before Congress as
commiting fraud just as the Tobacco and S&L executives and those of
Enron, Worldcomm, et. al.

Can you imagine what would happen if people's SUVs suddenly would not
start on the 31st day and there was a message stating that they had to
call this 800 number to "activate" their gas guzzling wreck?

Or if SUVs kept stalling on the highway every six months and the only
way to restart it was to haul it into the shop to be "fixed"?

Greed drives the Commercial software industry.

I have a client with a Network infected by W32.Licum and right now they
are "living with the virus" (it's actually a worm but for this purpose
"virus" sounds better). This is just like the Pharma Industry. They
don't what to CURE or to PREVENT they want people to PAY for monthy
PRESCRIPTIONS (read SUBSCRIPTIONS) to keep alive (or WINDOWS running).

It is criminal. It is neglegance.

Windows can be fixed rather easily. Like making the WINDOWS and
WINDOWS\SYSTEM32 folders readonly except by verified Microsoft
processes. No application needs to put EXEs or DLLs in the system
folders, they can put them in their PROGRAM FILES folder.

Microsoft is just plain lazy, They make BILLIONS due to shoody design.
So what incentive do they have to change?

What is making things worse are the Mircosoft apologists.
August 17, 2005 11:12:55 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

My floppy drive lights up when I click that first link

http://www.us-cert.gov/cas/bulletins/SB05-222.html

Jon


"Fuzzy Logic" <bob@arc.ab.caREMOVETHIS> wrote in message
news:Xns96B579C4A906Bbobarcabca@207.46.248.16...
Anonymous
August 17, 2005 11:12:56 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Jon wrote:
> My floppy drive lights up when I click that first link
>
> http://www.us-cert.gov/cas/bulletins/SB05-222.html

Another IE flaw. It doesn't happen with Firefox.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
August 18, 2005 12:38:56 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Looks like it's this part of the source that is responsible
<link
href="file:///A|/Donna/CyberNotes_SecurityBuletin_2004/Donna/bulletin.css"
rel="stylesheet" type="text/css">

<style type="text/css">



Odd, because if you paste

file:///A|/Donna/CyberNotes_SecurityBuletin_2004/Donna/bulletin.css

into the Firefox address bar, it also attempts to access the floppy, but
not, as you say, if you access the web page directly.

Jon







"kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
news:eOpA0p1oFHA.2904@tk2msftngp13.phx.gbl...
> Jon wrote:
>> My floppy drive lights up when I click that first link
>>
>> http://www.us-cert.gov/cas/bulletins/SB05-222.html
>
> Another IE flaw. It doesn't happen with Firefox.
>
> --
> Peace!
> Kurt
>
Anonymous
August 18, 2005 12:38:57 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Jon wrote:
> Looks like it's this part of the source that is responsible
> <link
> href="file:///A|/Donna/CyberNotes_SecurityBuletin_2004/Donna/bulletin.css"
> rel="stylesheet" type="text/css">
>
> <style type="text/css">
>
>
>
> Odd, because if you paste
>
> file:///A|/Donna/CyberNotes_SecurityBuletin_2004/Donna/bulletin.css
>
> into the Firefox address bar, it also attempts to access the floppy,
> but not, as you say, if you access the web page directly.
>

Firefox is smart enough to understand that pulling a html doc off the
web, it shouldn't be calling up a local drive, but when you locally ask
it to call up a local drive, then it allows it.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Anonymous
August 18, 2005 1:35:22 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Vagabond Software wrote:
> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
> message news:ehYtAX1oFHA.1872@TK2MSFTNGP10.phx.gbl...
>> Vagabond Software wrote:
>>> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
>>> message news:uhmb2s0oFHA.2080@TK2MSFTNGP14.phx.gbl...
>>>> Vagabond Software wrote:
>>>>
>>>>> They did provide a patch for free... a week before there were any
>>>>> known instances of the exploits in the user community. <snip>
>>>>
>>>> "They (the customer) just paid the $150,000 for the patch on SP3."
>>>>
>>>> --
>>>
>>> Well, I shouldn't have said "the customer"... The end-users' IT
>>> service provider paid $150,000 to patch their operating system. Why?
>>> Because they insist on running an unsupported operating
>>> system, which is Windows 2000 SP3. Why? Because they moved their
>>> Technicians to an hourly rate to save money during slow periods.
>>>
>>> Even though the IT firm would pay nothing to Microsoft to upgrade to
>>> Windows 2000 SP4, a supported operating system, they would have to
>>> pay those hourly technicians to "touch" a helluva lot of machines.
>>> So, this IT firm has made the calculated decision that it is cheaper
>>> to pay Microsoft for patches to an unsupported operating system than
>>> it is to pay the Technicians an hourly rate.
>>>
>>> I know this doesn't fit well in your world view, but the progressive
>>> IT firms that actually train their technicians and pay them to
>>> manage their clients' networks never seem to get hit with these
>>> problems. Meanwhile, the reactionary IT firms almost ALWAYS get hit
>>> by each and every one of these problems because they only dispatch
>>> technicians to FIX problems AFTER they are reported.
>>>
>>> Carl
>>
>> MS should provide any necessary patch for free. It is their coding
>> negligence that
>> is being exploited.
>>
>> If the OS is still functional, then MS has a responsibility to patch
>> the security holes in it. It is a matter of Global Network
>> Security. If MS doesn't want take responsibility for its holes,
>> then they should get out of businesss.
>>
>> --
>
> I don't know how many times I have to repeat myself. Microsoft
> provided a FREE fix via Windows 2000 SP4.

No. A corporation has to spend money and time to implement a SP over
its network.

So MS is basically making them pay to upgrade to a service pack or pay
for a patch.

I don't know how many times I have to repeat myself. Microsoft should
provide a free patch to any working vulnerable OS, that is only
vulnerable due to MS coding negligence! If they work take
responsibility for the hole they created then they should get the hell
out of the OS business!

> Your assertion that as long as the "OS is still functional, then MS
> has a responsibility to patch security holes" is, of course,
> rediculous. Apple has to support OS 8? OS 9? Sun has to support
> SunOS 4.1.3? IBM has to support OS/2 Warp? Like I said, rediculous.

If hole is actively being exploited, then yes, software manufacturers
should be held responsible for their negligent mistakes.

> Global Network Security? How dramatic... Ignorance is a matter of
> GNS. I think every IT company that has clients who are infected with
> these exploits should have to publicize their company names and their
> excuse for allowing their clients to be hit by such an ineffectual
> worm.

LOL! That patch had only been out for a week, and with the number of
patches that MS released in its last bunch, it is quite understandable
that testing all those patches would take a while. It's not like MS has
never released a patched that didn't create other problems.

The larger the organization, the longer it will take to test the
MicroPatches, especially when you have multiple patches released all at
once. And MS is the one that decided to release patches all at once on
a monthly schedule.

So stop your apologizing for Microsoft. They created the hole through
there negligence, and they should be held accountable to fix it for
free, or be run out of town like any snake oil salesmen that gets caught
selling an inferior product.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
August 18, 2005 2:32:29 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On 17 Aug 2005 19:08:12 -0700, "Dimple Wathen"
<dimplewathen@hotmail.com> wrote:

>Microsoft Corporate Officers should be brought before Congress

Some of them including the stud duck himself already have, remember?
And they have the nerve to question honest purchasers of their product
that never have been subpoenaed for any acts of skullduggery as to if
they are thieves and pirates while the real thieves and pirates are
laughing their arses off... including the whole damned country of
China which is running a Kazillion copies of a mass distributed volume
licensed version of XP.
Anonymous
August 18, 2005 2:46:35 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Wednesday 17 August 2005 08:13 am, Alias had this to say in
microsoft.public.windowsxp.general:

>
> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
> news:%236jsm1zoFHA.3316@tk2msftngp13.phx.gbl...
>> Vagabond Software wrote:
>>> "kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in
>>> message news:uXqgpcyoFHA.3256@TK2MSFTNGP12.phx.gbl...
>>>> . . . . To get their Corporate Customers to upgrade to XPSP2 & later
>>>> to upgrade to Shorthorn?
>>>>
>>>> --
>>>
>>> I doubt it. It didn't even work to upgrade one particular corporate
>>> customer to Windows 2000 SP4 from SP3. They (the customer) just paid
>>> the $150,000 for the patch on SP3.
>>
>> LOL! MS will find a way to profit from Zotob, one way or another!
>>
>> --
>> Peace!
>> Kurt
>
> As will many computer repair firms.
>
> Alias

I can earn a living fighting worms and viruses for Windows. My Linux
servers I can afford to ignore for years.

You have to be a pretty knowledgeable computer user on Linux to make it
"not" secure.


--
Have you been MicroShafted today?
To mess up a Linux box, you need to work *at* it.
To mess up a Windows box, you need to work *on* it.
Anonymous
August 18, 2005 4:27:20 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Wednesday 17 August 2005 04:06 pm, Dimple Wathen had this to say in
microsoft.public.windowsxp.general:

> NoStop wrote:
>> On Wednesday 17 August 2005 08:13 am, Alias had this to say in
>> microsoft.public.windowsxp.general:
>>
>> You have to be a pretty knowledgeable computer user on Linux to make it
>> "not" secure.
>
> Has "Linux" removed all buffer overflow bugs then? Hmmm... that means
> that there are none that even nobody has found yet! COOL!

Since the majority of the Web runs on Linux, when is the last time you heard
of malicious code bringing down a website running on Linux? OK, I thought
so ... you haven't.


--
Have you been MicroShafted today?
To mess up a Linux box, you need to work *at* it.
To mess up a Windows box, you need to work *on* it.
Anonymous
August 18, 2005 4:27:21 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

NoStop wrote:
> On Wednesday 17 August 2005 04:06 pm, Dimple Wathen had this to say in
> microsoft.public.windowsxp.general:
>
>> NoStop wrote:
>>> On Wednesday 17 August 2005 08:13 am, Alias had this to say in
>>> microsoft.public.windowsxp.general:
>>>
>>> You have to be a pretty knowledgeable computer user on Linux to
>>> make it "not" secure.
>>
>> Has "Linux" removed all buffer overflow bugs then? Hmmm... that means
>> that there are none that even nobody has found yet! COOL!
>
> Since the majority of the Web runs on Linux, when is the last time
> you heard of malicious code bringing down a website running on Linux?
> OK, I thought so ... you haven't.

Actually, I had a website that was hosted on Linux servers, and had my
home page replaced.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Anonymous
August 18, 2005 6:17:31 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

In article <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
dimplewathen@hotmail.com says...
> What is making things worse are the Mircosoft apologists.

No, what makes things worse is the people that don't know how to
properly secure a network or node so that even exploits don't impact
them no matter how much they run in the wild.

I've never had a customer compromised, but we design with the idea that
NO OS/Service IS SECURE (since none are) and with that in mind, we've
never had a compromised server, workstation, node, nada.

--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
August 18, 2005 6:17:32 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Leythos wrote:
> In article <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
> dimplewathen@hotmail.com says...
>> What is making things worse are the Mircosoft apologists.
>
> No, what makes things worse is the people that don't know how to
> properly secure a network or node so that even exploits don't impact
> them no matter how much they run in the wild.

Large corps hardly had time to test all the patches that MS bunched
together this month. MS purposely changed how patches are delivered, so
they come out one a month, instead of when they are ready. If the eight
patches were releasedspread out, it would be much easier for to test and
push them out.

> I've never had a customer compromised, but we design with the idea
> that NO OS/Service IS SECURE (since none are) and with that in mind,
> we've never had a compromised server, workstation, node, nada.

I doubt you deal with number of computers that many of the largest
corporations have to deal with.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Anonymous
August 18, 2005 6:30:29 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Wednesday 17 August 2005 06:19 pm, kurttrail had this to say in
microsoft.public.windowsxp.general:

> NoStop wrote:
>> On Wednesday 17 August 2005 04:06 pm, Dimple Wathen had this to say in
>> microsoft.public.windowsxp.general:
>>
>>> NoStop wrote:
>>>> On Wednesday 17 August 2005 08:13 am, Alias had this to say in
>>>> microsoft.public.windowsxp.general:
>>>>
>>>> You have to be a pretty knowledgeable computer user on Linux to
>>>> make it "not" secure.
>>>
>>> Has "Linux" removed all buffer overflow bugs then? Hmmm... that means
>>> that there are none that even nobody has found yet! COOL!
>>
>> Since the majority of the Web runs on Linux, when is the last time
>> you heard of malicious code bringing down a website running on Linux?
>> OK, I thought so ... you haven't.
>
> Actually, I had a website that was hosted on Linux servers, and had my
> home page replaced.
>

Well Kurty old boy, after seeing your web sites, I must congratulate anyone
who could hack in and change it. A hacked website is not what we're talking
about when we're talking about malicious code compromising an *operating
system*. Your website was probably hacked by a simple dictionary attack
that allowed a hacker to ftp onto your site and plant a new index.html file
there.


--
Have you been MicroShafted today?
To mess up a Linux box, you need to work *at* it.
To mess up a Windows box, you need to work *on* it.
Anonymous
August 18, 2005 6:30:30 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

NoStop wrote:
> On Wednesday 17 August 2005 06:19 pm, kurttrail had this to say in
> microsoft.public.windowsxp.general:
>
>> NoStop wrote:
>>> On Wednesday 17 August 2005 04:06 pm, Dimple Wathen had this to say
>>> in microsoft.public.windowsxp.general:
>>>
>>>> NoStop wrote:
>>>>> On Wednesday 17 August 2005 08:13 am, Alias had this to say in
>>>>> microsoft.public.windowsxp.general:
>>>>>
>>>>> You have to be a pretty knowledgeable computer user on Linux to
>>>>> make it "not" secure.
>>>>
>>>> Has "Linux" removed all buffer overflow bugs then? Hmmm... that
>>>> means that there are none that even nobody has found yet! COOL!
>>>
>>> Since the majority of the Web runs on Linux, when is the last time
>>> you heard of malicious code bringing down a website running on
>>> Linux? OK, I thought so ... you haven't.
>>
>> Actually, I had a website that was hosted on Linux servers, and had
>> my home page replaced.
>>
>
> Well Kurty old boy, after seeing your web sites, I must congratulate
> anyone who could hack in and change it. A hacked website is not what
> we're talking about when we're talking about malicious code
> compromising an *operating system*. Your website was probably hacked
> by a simple dictionary attack that allowed a hacker to ftp onto your
> site and plant a new index.html file there.

LOL! My site wasn't the only only that was hacked.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Anonymous
August 18, 2005 3:02:13 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Leythos wrote:
> In article <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
> dimplewathen@hotmail.com says...
> > What is making things worse are the Mircosoft apologists.
>
> No, what makes things worse is the people that don't know how to
> properly secure a network or node so that even exploits don't impact
> them no matter how much they run in the wild.

Yeah, but you took that quote out of context.

> I've never had a customer compromised, but we design with the idea that
> NO OS/Service IS SECURE (since none are) and with that in mind, we've
> never had a compromised server, workstation, node, nada.

Yeah, but when it comes to bugs like buffer overflows you don't know
they exist until someone finds them! Hopefully other admins find them
first, create and post a patch, and you update your machines. Duh!
GNU/Linux admins and programmers and kernel hackers all work together
to make your job easy, correct? (Or at least *easier*.)

Which goes back to your broad statements that "Linux" is secure "out of
the box" and will run forever without work. NOT TRUE. You even state
here that a network must be "properly secured" and that you "design
with the idea" of security.

It does take work to adminster and patch and maintain GNU/Linux. But as
I've said, Linux admins and programmers all work together to help each
other. This is a really good thing! It make for increased security,
faster fixes, etc.

But then again, this is a newsgroup about XP and not GNU/Linux.
Anonymous
August 18, 2005 3:49:02 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Leythos wrote:
> Ed, you don't need to be sorry, I've seen what you describe many times -
> that one way we get so many new customers. We're known for building
> secure networks and securing broken ones for new clients - if you are
> not proactive when you talk with clients, don't document their
> holes/flaws, if you don't sell them on the idea that it can be secured,
> then you're always going to be part of the mess.

After reading all that you (and others) have said (and the quote above
tends to summarize it all), I realize that I have been part of the
mess. (I wish an IT company with your attitude had setup our company's
WIN2K server which is now is bad shape and totally undocumented.)

I kinda sorta don't blame people for being upset that their shiny new
XP computer gets cracked.

If the reason is they downloaded a screensaver that installed a porn
server along with it, well, they didn't know better and the screensaver
programmers comitted fraud... so I am more likely to sympathize with
them.

If the reason is that they left port 445 open and got exploited via FTP
and all they had to do was block the port to protect themselves, well,
home users should not have to know what a TCP/IP port is and I still
can not blame the user. Windows can come hardened out of the box.

If the reason is that Microsoft had a design flow in DCOM or RPC or
something and they got exploited, I certainly blame Microsoft. Even if
Microsft had a patch made available.

However, I don't make a living on IT support, but there are several
computers I maintain and as someone who is supposed to know about bugs
and exploits and ports, *I messed up* if I did not do as much as I
generally can to protect those computers. We do know that these
problems exist and haxe existed for all Windows versions.

And I messed up.

--
The thing is is that Micrososft is constantly and consistantly loosing
the battle. All their patches are to fix *really serious flaws* in
their OS. Ans in a rush to fix things their fixes sometimes cause
problems.
Anonymous
August 18, 2005 5:13:08 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

In article <uahLwg6oFHA.1416@TK2MSFTNGP09.phx.gbl>,
dontemailme@anywhereintheknowuniverse.org says...
> Leythos wrote:
> > In article <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
> > dimplewathen@hotmail.com says...
> >> What is making things worse are the Mircosoft apologists.
> >
> > No, what makes things worse is the people that don't know how to
> > properly secure a network or node so that even exploits don't impact
> > them no matter how much they run in the wild.
>
> Large corps hardly had time to test all the patches that MS bunched
> together this month. MS purposely changed how patches are delivered, so
> they come out one a month, instead of when they are ready. If the eight
> patches were releasedspread out, it would be much easier for to test and
> push them out.

And you want to know something funny - we didn't apply any of the update
until this week, and not one system was compromised. In general, the
exploits/worms have to have a way in first - and if you block the way in
you don't have near as much to worry about. You also need to block the
spread - as I recall, the latest worm spread via 445 and loaded it's
payload via FTP. So, why do people let 445 out of their local networks?
Why do people allow outbound FTP access except as specifically needed?

> > I've never had a customer compromised, but we design with the idea
> > that NO OS/Service IS SECURE (since none are) and with that in mind,
> > we've never had a compromised server, workstation, node, nada.
>
> I doubt you deal with number of computers that many of the largest
> corporations have to deal with.

You are right, we work with about 1000+ nodes right now, soon to be
around 1500 as we pick up another client with 9 offices. While we don't
have 20,000 workstations with one client, the methods are the same and
they scale very nicely. Once the methods are in place you don't have
near as much work to do. Don't forget, I come from the industrial sector
where the entire plant (all processes) and the connecting plants had to
run even when the front office networks (which we were not responsible
for) were compromised - we learned how to secure without impacting
business functions in the worst possible conditions, and it carries
through into the business sector too - at least it has worked for all of
our clients. We left the industrial sector about 5 years ago, started
with just non-industrial clients and found that the work was a lot
easier, paid better, and we don't get dirty as much :) 

--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
August 18, 2005 5:13:09 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Leythos wrote:
> In article <uahLwg6oFHA.1416@TK2MSFTNGP09.phx.gbl>,
> dontemailme@anywhereintheknowuniverse.org says...
>> Leythos wrote:
>>> In article <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
>>> dimplewathen@hotmail.com says...
>>>> What is making things worse are the Mircosoft apologists.
>>>
>>> No, what makes things worse is the people that don't know how to
>>> properly secure a network or node so that even exploits don't impact
>>> them no matter how much they run in the wild.
>>
>> Large corps hardly had time to test all the patches that MS bunched
>> together this month. MS purposely changed how patches are
>> delivered, so they come out one a month, instead of when they are
>> ready. If the eight patches were releasedspread out, it would be
>> much easier for to test and push them out.
>
> And you want to know something funny - we didn't apply any of the
> update until this week, and not one system was compromised.

When exactly?

> In
> general, the exploits/worms have to have a way in first - and if you
> block the way in you don't have near as much to worry about. You also
> need to block the spread - as I recall, the latest worm spread via
> 445 and loaded it's payload via FTP. So, why do people let 445 out of
> their local networks? Why do people allow outbound FTP access except
> as specifically needed?

And none of these corps had a need for FTP?

>
>>> I've never had a customer compromised, but we design with the idea
>>> that NO OS/Service IS SECURE (since none are) and with that in mind,
>>> we've never had a compromised server, workstation, node, nada.
>>
>> I doubt you deal with number of computers that many of the largest
>> corporations have to deal with.
>
> You are right, we work with about 1000+ nodes right now, soon to be
> around 1500 as we pick up another client with 9 offices. While we
> don't have 20,000 workstations with one client, the methods are the
> same and they scale very nicely. Once the methods are in place you
> don't have near as much work to do. Don't forget, I come from the
> industrial sector where the entire plant (all processes) and the
> connecting plants had to run even when the front office networks
> (which we were not responsible for) were compromised - we learned how
> to secure without impacting business functions in the worst possible
> conditions, and it carries through into the business sector too - at
> least it has worked for all of our clients. We left the industrial
> sector about 5 years ago, started with just non-industrial clients
> and found that the work was a lot easier, paid better, and we don't
> get dirty as much :) 

Is that the royal "we?"

Yeah, I'm sure some of these corps could do a better job with security,
but that doesn't make MS any less cupable for paying for its negligent
mistakes.

You want to blame everybody but MS. MS should NOT profit from fixing
its negligent mistakes! MS should be responsible for its mistakes.

But keep blaming the victims of MS's negligent code. I bet you blame
rape victims for their rapes too, because that is the kinda guy you are.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Anonymous
August 18, 2005 6:19:26 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

In article <##5oDq$oFHA.1968@TK2MSFTNGP14.phx.gbl>,
dontemailme@anywhereintheknowuniverse.org says...
> Leythos wrote:
> > In article <uahLwg6oFHA.1416@TK2MSFTNGP09.phx.gbl>,
> > dontemailme@anywhereintheknowuniverse.org says...
> >> Leythos wrote:
> >>> In article <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
> >>> dimplewathen@hotmail.com says...
> >>>> What is making things worse are the Mircosoft apologists.
> >>>
> >>> No, what makes things worse is the people that don't know how to
> >>> properly secure a network or node so that even exploits don't impact
> >>> them no matter how much they run in the wild.
> >>
> >> Large corps hardly had time to test all the patches that MS bunched
> >> together this month. MS purposely changed how patches are
> >> delivered, so they come out one a month, instead of when they are
> >> ready. If the eight patches were releasedspread out, it would be
> >> much easier for to test and push them out.
> >
> > And you want to know something funny - we didn't apply any of the
> > update until this week, and not one system was compromised.
>
> When exactly?

Last night to be specific, and there are machines that may not get the
updates until later this week or early next week.

> > In
> > general, the exploits/worms have to have a way in first - and if you
> > block the way in you don't have near as much to worry about. You also
> > need to block the spread - as I recall, the latest worm spread via
> > 445 and loaded it's payload via FTP. So, why do people let 445 out of
> > their local networks? Why do people allow outbound FTP access except
> > as specifically needed?
>
> And none of these corps had a need for FTP?

They all have a need for FTP, but that doesn't mean you have to allow
FTP outbound from every node in the network - any one that allows
outbound access without reason is asking for trouble. As a standard, we
don't even allow full HTTP access outbound for all nodes - we ask the
customer to tell us what stations need outbound access, what type of
access they need, and what they will be doing with it - then we setup
rules based on the need.

In many cases Outbound FTP is limited to business partners of the
company - meaning we limit FTP to the sites that the require in order to
do business.

> >>> I've never had a customer compromised, but we design with the idea
> >>> that NO OS/Service IS SECURE (since none are) and with that in mind,
> >>> we've never had a compromised server, workstation, node, nada.
> >>
> >> I doubt you deal with number of computers that many of the largest
> >> corporations have to deal with.
> >
> > You are right, we work with about 1000+ nodes right now, soon to be
> > around 1500 as we pick up another client with 9 offices. While we
> > don't have 20,000 workstations with one client, the methods are the
> > same and they scale very nicely. Once the methods are in place you
> > don't have near as much work to do. Don't forget, I come from the
> > industrial sector where the entire plant (all processes) and the
> > connecting plants had to run even when the front office networks
> > (which we were not responsible for) were compromised - we learned how
> > to secure without impacting business functions in the worst possible
> > conditions, and it carries through into the business sector too - at
> > least it has worked for all of our clients. We left the industrial
> > sector about 5 years ago, started with just non-industrial clients
> > and found that the work was a lot easier, paid better, and we don't
> > get dirty as much :) 
>
> Is that the royal "we?"
>
> Yeah, I'm sure some of these corps could do a better job with security,
> but that doesn't make MS any less cupable for paying for its negligent
> mistakes.
>
> You want to blame everybody but MS. MS should NOT profit from fixing
> its negligent mistakes! MS should be responsible for its mistakes.

No, I actually agree that MS is at fault for creating a mess and a very
insecure OS/applications, but it's not like we don't know it, it's not
like we don't know that all OS's have holes/exploits. As a good IT
Manager one should expect this and learn how to deal with it. You can
bitch about MS all you want, but it won't get your network back up or
keep it safe unless you protect it.

I would rather secure my networks and not have to deal with those issues
as a normal practice than to do nothing and just rant at MS every time a
system gets compromised. MS isn't going to do much to change the way
things are, and as long as we can stay ahead of the problems it means
that we can continue to run MS products without problems.

> But keep blaming the victims of MS's negligent code. I bet you blame
> rape victims for their rapes too, because that is the kinda guy you are.

You have no clue - and I never said to NOT blame MS, I said:

In article <MPG.1d6db9c8330db46f989c35@news-server.columbus.rr.com>,
void@nowhere.lan says...
> In article <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
> dimplewathen@hotmail.com says...
> > What is making things worse are the Mircosoft apologists.
>
> No, what makes things worse is the people that don't know how to
> properly secure a network or node so that even exploits don't impact
> them no matter how much they run in the wild.

I don't absolve MS of any responsibility in the above statement, what I
do it point out all the IT managers that don't really have a clue about
security not to mention the home users and their ilk.

All the information needed to secure networks is available on Microsofts
websites, on Google, around the globe, but few people take the time to
look for them, fewer take the time to implement them, and tons of people
take the time to bitch about something they could have prevented if they
had put as much energy into preventing it as they do complaining about
it.

--

spam999free@rrohio.com
remove 999 in order to email me
August 18, 2005 10:26:16 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Thu, 18 Aug 2005 13:06:37 GMT, Leythos <void@nowhere.lan> wrote:

>If you spend all that time checking and maintaining it then, forgive me
>for saying it this way, then you don't have it setup properly.

Well, I'm no IT. Even though I help a friend that is an Outsource IT,
I do so only because he is a friend and I learn something each time I
go with him. My home network consists of two computers networked
together via a Linksys wireless setup. I probably don't have my home
network set up properly but I can say with pride that all virii,
spyware, adware, etc. have been 86ed at the front door with none
getting any further. But, and as you suggest, me not knowing what I
am doing has made me have to spend countless hours riding herd on my
network and system security apps to keep it that way.

>Funny you bring this up - The company I started does just what you think
>doesn't work - we provide outsourced IT support and design services to
>places from the east to west coasts, and none of them have had any
>problems, not even with the latest worm.

I was talking about outsourced ITs having to come in and clean up a
network and individual systems that they did not design or build and
which has been "abandoned" (for a better word) due to the fact that
those that did design and build it were given their walking papers
thus leaving the whole network and individual systems in an abandoned
state of existence. Then, the powers that be wait until enough of the
network and individual systems have toppled down before calling for
help.

>That's a shame - does that mean that you were unable to present a
>corrective action plan to them?

No me, I was just asked to help with hardware maintenance because I
had some knowledge on how to handle that part. I'm no IT. My friend,
that got the call on this outsourced contact, did just as you
suggested and/or asked. And... this government agency learned a big
lesson about closing down departments without any knowledge of what
that department's true worth to the agency really is or what the
future ramifications could be without that department close at hand.

Yes, my friend set them up on a "Plan" that will keep them up and
running. However, I later learned that the time and resources
required to fulfill that "Plan" on the size of this agency would
require almost as much money as what they were paying their own
internal IT that they let go.... So, as I was trying to get across in
my original post, this agency brought all these woe's on themselves...
it was not the fault of any internal IT or outsourced IT. They, in
essence by letting their internal IT go, abandoned their network and
individual systems and didn't call for help until most of it had
pulled a Humpty Dumpty and came crashing down.

I think outsourced IT's have their place but when you are talking
about something the size of this agency, I personally think it was
cheaper to have an in house IT on salary. I just think some of the
bean counters with these "Big" companies and "Big" agencies, who are
being forced to cut here and cut there, are not thinking the whole
thing through when they think they don't need an In house IT any more.

My friend is telling me that he is seeing this more and more, where
outsourced IT's are called in (after the fact) to salvage "Abandoned"
networks and Systems. Please take note that we are talking about
Abandoned instead of immediately turned over to an outsourcer for plan
development and implementation.

Regards,
Ed
Anonymous
August 18, 2005 11:00:24 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

In article <1124386496.731288.115990@f14g2000cwb.googlegroups.com>,
dimplewathen@hotmail.com says...
> Which goes back to your broad statements that "Linux" is secure "out of
> the box" and will run forever without work. NOT TRUE. You even state
> here that a network must be "properly secured" and that you "design
> with the idea" of security.

I hate to tell you this, but I've never, not once, said that Linux is
secure out of the box, and I firmly believe that it's not secure out of
the box as I've seen new installed systems rooted in under 4 hours.

--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
August 18, 2005 11:05:55 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

In article <1124388669.372418.286380@g49g2000cwa.googlegroups.com>,
dimplewathen@hotmail.com says...
> I adminster many Windows machines. And 75% of them keep failing.
> Actually, all Windows machines slowly degenerate over time. They really
> do. They are like old cars where the transmission is going, the brakes
> are wearing, and the under body rusts out. It needs constant
> maintenance.
>
> Everytime a program is installed on Windows the system becomes just a
> little bit more unstable. The more programs one installs the more
> unstable Windows becomes. Windows, to this day, still allows programs
> to install and replace systems files in it's system folder!! This is so
> stupid!!!! That is Window's biggest problem.

You have got to be trolling.

I install tons of applications on a weekly basis for testing a design
work, have many computers personally, not to mention all the work that
gets done at clients locations - and not one of the has any issues with
the Windows XP OS or any of the standard MS Office applications, nor
with many of their other commercial / common applications.

My wife has been using a Windows XP computer that was a upgrade from
Windows 2000 Professional, without any issues (for accounting, books,
editing images, newsletters, etc) for almost 3 years without any rebuild
of the system and we're just now moving it to a faster hardware platform
(via ghosting to the new drive and then doing a repair install).

The only constant maintenance a Windows box needs it a monthly defrag of
the drives on a busy system and to ensure that Windows automatic updates
are working.

--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
August 18, 2005 11:23:17 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

In article <1124390942.175047.13630@o13g2000cwo.googlegroups.com>,
dimplewathen@hotmail.com says...
> Leythos wrote:
> > Ed, you don't need to be sorry, I've seen what you describe many times -
> > that one way we get so many new customers. We're known for building
> > secure networks and securing broken ones for new clients - if you are
> > not proactive when you talk with clients, don't document their
> > holes/flaws, if you don't sell them on the idea that it can be secured,
> > then you're always going to be part of the mess.
>
> After reading all that you (and others) have said (and the quote above
> tends to summarize it all), I realize that I have been part of the
> mess. (I wish an IT company with your attitude had setup our company's
> WIN2K server which is now is bad shape and totally undocumented.)
>
> I kinda sorta don't blame people for being upset that their shiny new
> XP computer gets cracked.

I also don't blame users when their systems are compromised, unless it
was due to not following rules of basic security. The sad part is that
all the information on how to be safe is easily available on the web,
but those types don't look for it.

Imagine all the people that open the ebay email and actually go to the
fake ebay site and enter their personal information - that one mode of
getting peoples personal info has been on every news channel, in most of
the tech sections of news papers, listed on ebay's real site, and is
easy to determine if it's real or not, but people still fall for it.

Ignorance is not an excuse, it's a wanton action of being lazy in my
opinion.

> If the reason is they downloaded a screensaver that installed a porn
> server along with it, well, they didn't know better and the screensaver
> programmers comitted fraud... so I am more likely to sympathize with
> them.

Yea, but with a properly secured network they would not be able to
download any content that might contain malicious files - like we don't
allow .SCR files to pass through the HTTP sessions in our firewalls.

> If the reason is that they left port 445 open and got exploited via FTP
> and all they had to do was block the port to protect themselves, well,
> home users should not have to know what a TCP/IP port is and I still
> can not blame the user.

I can, as there is no reason to allow outbound ports 135~139, 445, 1433~
1434 and FTP outbound should be limited to a specific internal machine
or to know good FTP sites. We have all the Sororities setup so that
outbound traffic to destination ports 135~139, 445, 1433~1434, and to
non-approved FTP locations is blocked - in addition to blocking content
in HTTP sessions.

> Windows can come hardened out of the box.

Windows can not come hardened out of the box, it would break to many
existing methods and fail in corporate environments. They need a new
version, abandoning all the prior versions.

> If the reason is that Microsoft had a design flow in DCOM or RPC or
> something and they got exploited, I certainly blame Microsoft. Even if
> Microsft had a patch made available.
>
> However, I don't make a living on IT support, but there are several
> computers I maintain and as someone who is supposed to know about bugs
> and exploits and ports, *I messed up* if I did not do as much as I
> generally can to protect those computers. We do know that these
> problems exist and haxe existed for all Windows versions.
>
> And I messed up.

This is the start - knowing that you don't know and accepting that you
have to learn more - that's all that I ask of my team. Never say you
know when you don't, never fake it, never feel afraid to say "I don't
know". It's always better to learn that to hide.

--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
August 18, 2005 11:30:58 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Leythos wrote:
> In article <##5oDq$oFHA.1968@TK2MSFTNGP14.phx.gbl>,
> dontemailme@anywhereintheknowuniverse.org says...
>> Leythos wrote:
>>> In article <uahLwg6oFHA.1416@TK2MSFTNGP09.phx.gbl>,
>>> dontemailme@anywhereintheknowuniverse.org says...
>>>> Leythos wrote:
>>>>> In article
>>>>> <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
>>>>> dimplewathen@hotmail.com says...
>>>>>> What is making things worse are the Mircosoft apologists.
>>>>>
>>>>> No, what makes things worse is the people that don't know how to
>>>>> properly secure a network or node so that even exploits don't
>>>>> impact them no matter how much they run in the wild.
>>>>
>>>> Large corps hardly had time to test all the patches that MS bunched
>>>> together this month. MS purposely changed how patches are
>>>> delivered, so they come out one a month, instead of when they are
>>>> ready. If the eight patches were releasedspread out, it would be
>>>> much easier for to test and push them out.
>>>
>>> And you want to know something funny - we didn't apply any of the
>>> update until this week, and not one system was compromised.
>>
>> When exactly?
>
> Last night to be specific, and there are machines that may not get the
> updates until later this week or early next week.
>
>>> In
>>> general, the exploits/worms have to have a way in first - and if you
>>> block the way in you don't have near as much to worry about. You
>>> also need to block the spread - as I recall, the latest worm spread
>>> via 445 and loaded it's payload via FTP. So, why do people let 445
>>> out of their local networks? Why do people allow outbound FTP
>>> access except as specifically needed?
>>
>> And none of these corps had a need for FTP?
>
> They all have a need for FTP, but that doesn't mean you have to allow
> FTP outbound from every node in the network - any one that allows
> outbound access without reason is asking for trouble. As a standard,
> we don't even allow full HTTP access outbound for all nodes - we ask
> the customer to tell us what stations need outbound access, what type
> of access they need, and what they will be doing with it - then we
> setup rules based on the need.
>
> In many cases Outbound FTP is limited to business partners of the
> company - meaning we limit FTP to the sites that the require in order
> to do business.
>
>>>>> I've never had a customer compromised, but we design with the idea
>>>>> that NO OS/Service IS SECURE (since none are) and with that in
>>>>> mind, we've never had a compromised server, workstation, node,
>>>>> nada.
>>>>
>>>> I doubt you deal with number of computers that many of the largest
>>>> corporations have to deal with.
>>>
>>> You are right, we work with about 1000+ nodes right now, soon to be
>>> around 1500 as we pick up another client with 9 offices. While we
>>> don't have 20,000 workstations with one client, the methods are the
>>> same and they scale very nicely. Once the methods are in place you
>>> don't have near as much work to do. Don't forget, I come from the
>>> industrial sector where the entire plant (all processes) and the
>>> connecting plants had to run even when the front office networks
>>> (which we were not responsible for) were compromised - we learned
>>> how to secure without impacting business functions in the worst
>>> possible conditions, and it carries through into the business
>>> sector too - at least it has worked for all of our clients. We left
>>> the industrial sector about 5 years ago, started with just
>>> non-industrial clients and found that the work was a lot easier,
>>> paid better, and we don't get dirty as much :) 
>>
>> Is that the royal "we?"
>>
>> Yeah, I'm sure some of these corps could do a better job with
>> security, but that doesn't make MS any less cupable for paying for
>> its negligent mistakes.
>>
>> You want to blame everybody but MS. MS should NOT profit from fixing
>> its negligent mistakes! MS should be responsible for its mistakes.
>
> No, I actually agree that MS is at fault for creating a mess and a
> very insecure OS/applications, but it's not like we don't know it,
> it's not like we don't know that all OS's have holes/exploits. As a
> good IT Manager one should expect this and learn how to deal with it.
> You can bitch about MS all you want, but it won't get your network
> back up or keep it safe unless you protect it.
>
> I would rather secure my networks and not have to deal with those
> issues as a normal practice than to do nothing and just rant at MS
> every time a system gets compromised. MS isn't going to do much to
> change the way things are, and as long as we can stay ahead of the
> problems it means that we can continue to run MS products without
> problems.
>
>> But keep blaming the victims of MS's negligent code. I bet you blame
>> rape victims for their rapes too, because that is the kinda guy you
>> are.
>
> You have no clue - and I never said to NOT blame MS, I said:
>
> In article <MPG.1d6db9c8330db46f989c35@news-server.columbus.rr.com>,
> void@nowhere.lan says...
>> In article <1124330892.945567.294140@g47g2000cwa.googlegroups.com>,
>> dimplewathen@hotmail.com says...
>>> What is making things worse are the Mircosoft apologists.
>>
>> No, what makes things worse is the people that don't know how to
>> properly secure a network or node so that even exploits don't impact
>> them no matter how much they run in the wild.
>
> I don't absolve MS of any responsibility in the above statement, what
> I do it point out all the IT managers that don't really have a clue
> about security not to mention the home users and their ilk.
>
> All the information needed to secure networks is available on
> Microsofts websites, on Google, around the globe, but few people take
> the time to look for them, fewer take the time to implement them, and
> tons of people take the time to bitch about something they could have
> prevented if they had put as much energy into preventing it as they
> do complaining about it.

You said you don't absolve MS of any responsibility, but never say what
that responsibility is.

You just seem to be pissy about blaming everybody else.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Anonymous
August 19, 2005 5:57:58 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

In article <1o2ag1hmf9shpn5t8rvjrnsdiusir24mb4@4ax.com>, fake@fake.com
says...
> On Thu, 18 Aug 2005 13:06:37 GMT, Leythos <void@nowhere.lan> wrote:
>
> >If you spend all that time checking and maintaining it then, forgive me
> >for saying it this way, then you don't have it setup properly.
>
> Well, I'm no IT. Even though I help a friend that is an Outsource IT,
> I do so only because he is a friend and I learn something each time I
> go with him. My home network consists of two computers networked
> together via a Linksys wireless setup. I probably don't have my home
> network set up properly but I can say with pride that all virii,
> spyware, adware, etc. have been 86ed at the front door with none
> getting any further. But, and as you suggest, me not knowing what I
> am doing has made me have to spend countless hours riding herd on my
> network and system security apps to keep it that way.
>
> >Funny you bring this up - The company I started does just what you think
> >doesn't work - we provide outsourced IT support and design services to
> >places from the east to west coasts, and none of them have had any
> >problems, not even with the latest worm.
>
> I was talking about outsourced ITs having to come in and clean up a
> network and individual systems that they did not design or build and
> which has been "abandoned" (for a better word) due to the fact that
> those that did design and build it were given their walking papers
> thus leaving the whole network and individual systems in an abandoned
> state of existence. Then, the powers that be wait until enough of the
> network and individual systems have toppled down before calling for
> help.

I know you were talking about outsourced I.T., and that's what I run my
business as - we're the team that people outsource to when they get sick
of their other outsource people or when they want a cheaper alternative
to full time IT staff. When you consider benefits, insurance, sick-days,
training, skills, it's cheaper and better ROI to outsource if you can
find a company that is reputable.

> >That's a shame - does that mean that you were unable to present a
> >corrective action plan to them?
>
> No me, I was just asked to help with hardware maintenance because I
> had some knowledge on how to handle that part. I'm no IT. My friend,
> that got the call on this outsourced contact, did just as you
> suggested and/or asked. And... this government agency learned a big
> lesson about closing down departments without any knowledge of what
> that department's true worth to the agency really is or what the
> future ramifications could be without that department close at hand.
>
> Yes, my friend set them up on a "Plan" that will keep them up and
> running. However, I later learned that the time and resources
> required to fulfill that "Plan" on the size of this agency would
> require almost as much money as what they were paying their own
> internal IT that they let go.... So, as I was trying to get across in
> my original post, this agency brought all these woe's on themselves...
> it was not the fault of any internal IT or outsourced IT. They, in
> essence by letting their internal IT go, abandoned their network and
> individual systems and didn't call for help until most of it had
> pulled a Humpty Dumpty and came crashing down.

And, being that we're an provider of IT servers with clients in the 5+
years range so far, we've never found where the above was true with our
clients. We have got a lot of new business/clients due to what you
describe, but without a good methodology outsourcing IT will always
fail.

If the client is large enough you put someone onsite x hours per week as
part of the contract, and it's still cheaper than having full time IT
people, and provides better support too.

> I think outsourced IT's have their place but when you are talking
> about something the size of this agency, I personally think it was
> cheaper to have an in house IT on salary. I just think some of the
> bean counters with these "Big" companies and "Big" agencies, who are
> being forced to cut here and cut there, are not thinking the whole
> thing through when they think they don't need an In house IT any more.

It's only cheaper if the outsource company and the local company don't
understand and manage it properly - which is usually the fault of sales
people not also being IT people and telling the client what they want to
hear for any price. The companies where the senior people are IT people
that also understand sales and business and accounting are the ones that
succeed.

> My friend is telling me that he is seeing this more and more, where
> outsourced IT's are called in (after the fact) to salvage "Abandoned"
> networks and Systems. Please take note that we are talking about
> Abandoned instead of immediately turned over to an outsourcer for plan
> development and implementation.

Yep, see it too, and that's how we get new clients - and at that point
the client is ready to listen. They are also ready to let you secure the
network so it doesn't happen again.


--

spam999free@rrohio.com
remove 999 in order to email me
August 19, 2005 5:57:59 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Fri, 19 Aug 2005 01:57:58 GMT, Leythos <void@nowhere.lan> wrote:


>If the client is large enough you put someone onsite x hours per week as
>part of the contract, and it's still cheaper than having full time IT
>people, and provides better support too.

Well, that would be my misunderstanding as I thought it would be
cheaper in larger deployments to just have the IT as part of the local
infrastructure.

>The companies where the senior people are IT people
>that also understand sales and business and accounting are the ones that
>succeed.

Big Belly laugh here..... remember Leythos, I am talking about a
government agency here, where it is a foreign concept to have anything
near efficiency of manpower hours excelled via the ability to
multitask across fields of expertise. But anything other than
anything associated with government and what you say and suggest is
definitely the way to go. As a matter of fact, I have a friend that
runs a small (Small) company in the aviation support field and his son
is his lead sales agent, Ferrier and the IT for the company.

Regards,
Ed
!