[Info-vax] "Shanghai Stock Exchange" and OpenVMS

Fri Jan 23 08:59:12 EST 2009

In article <00659a5f$0$10051$c3e8da3 at news.astraweb.com>,
	JF Mezei <jfmezei.spamnot at vaxination.ca> writes:
> Bill Gunshannon wrote:
> 
>> We wre talking about systems in corporate situations run by supposed
>> professionals, not "your momma's PC", remember.  If they don't know
>> how to set up a secure system and don't know where to find the info
>> they belong on the breadline and not in the corporate datacenter.
> 
> 
> I don't want to support Mr Main's "666 patches per week to install", but...

Yeah, well that's crap, too.  While XP sees fairly frequent Windows updates
it is a desktop OS and if your using it for servers your an idiot anyway.
I run Server 2003 and 2008 and I can assure you I don't get updates every
day.  

> 
> A few years ago, the whole Québec medical IT network went down. It is
> all windows based. (pretty scary, isn't it ?). 

Mo.  People do stipid things all the time.

>                                                One PC got infected, 

How did it get infected?  If the machine is a part of a corporate
system there should be rules in place to prevent it.  If no rules
were in place it is not Windows fault.  if rules were in place and
the employees violated them it isn't Windows fault.  You know, my
car can easily do 140mph.  If I go that fast my trips accross the 
state become much shorter.  But there are rules that prevent me from
utilizing this capability of my car.  If I violate those rules and
have an accident killing myself or someone else, is th Mazda's fault?

>                                                                     and
> it infected the windows server above it. That one not only infected all
> other PCs below it, but also infected the server in the higher tier
> until the top tier was infected and distributed it to all other servers
> which distributed it to all workstations.

Sounds like a pretty shabby system to me.  All those servers and clients 
and no anti-virus software to be seen?  

> 
> One of the arguments given as explanation is that the IT guys did not
> have sufficient budget to hire people in charge of installing patches to
> protect against viri.

So, because they didn't want to pay the necessary money to hire enough
competent people (a very legitimate business espense) it suddenly became
Windows fault that this happened?  Give me a break.  So, I take my car
in for a brake job and the dealership, in order to save money only hires
$2.00/hr highschool dropouts with IQ's below 15.  When I pick up my
car and leave the wheels fall off because he didn't tighten the lug
nuts.  Must be Ford's fault.  Couldn't possibly be the garage.  Ford
whould have devised self-tightening lug nuts to prevent this from happening.

> 
> In the end, what matters isn't what *could* be done to make Windows
> secure, but what is actually done in real life. And if in real life,
> there are sufficient sites that have insufficient protection, then the
> fauna of Windows viri continues to expand.

And who's fault is that?  The tool or the workmen who refuse to use the
tool properly?

> 
> It is relatively easy for a geek to secure his windows desktop. Not so
> easy for a large corporate network with thousands of workstations to
> roll out a new patch across its network.

It is much easier than you think. If the boxes are set up properly and,
in a corporate network, that is not as hard as some would have you think,
most of these threats become a much lower precedence for concern.  	
would suggest that anyone doingt his for a living needs to do a lot
more of that professional development and self-study that is what
sepatrates us from the geeks.  Start with learning about something called
"Defense in Depth".

bill

-- 
Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n.  Three wolves
billg999 at cs.scranton.edu |  and a sheep voting on what's for dinner.
University of Scranton   |
Scranton, Pennsylvania   |         #include <std.disclaimer.h>   