Home     Articles     SBS Show     Vladfire     About     Links     Contact     Wiki     RSS2 Feed    

AJAXify your Wordpress

Learn how I ajaxified my wordpress blog with these few steps...

SBS Show!

Listen to the latest episode of the SBS Show, Dave Sobel talks about process management...

Vladville Newsletter!

Looking for a more focused, exclusive insight into the world of SMB tech & business? Sign up for my newsletter!

Roadshow: No, WSUS can’t do that
Posted: 9:09 pm
April 27th, 2006 		Post a comment
IT Culture, Microsoft, Security

As mentioned earlier, I am on the road presenting a part of the security content for Microsoft Technet seminars and meeting partners and professionals all over the state. It is quite exciting and most of all - insightful. As a service provider I make my bacon fixing problems out there and sometimes you don't hear all the problems through your own feedback channels, you have to see people face to face.

The speach of the day: "WSUS doesn't fix stupid. I guarantee that nowhere in WSUS categories will you find a patch class for stupid user keeps on clicking on things. You can't fix stupid, but you can eliminate the amount of things they can be stupid with."

To put it into some context I opened my portion of the Microsoft event by saying that at least half of all the security problems with the Microsoft software are Microsofts fault. Not in terms of them writing insecure operating systems, but in terms of system administrators not applying service packs, patches and hotfixes in a timely manner. I held a quick poll asking people if they waited a few days to deploy critical patches. A surprising number of hands went up. Well folks, this is why your networks get pwned. If you don't have a clear schedule every second Tuesday of the month and plan to spend an hour or two at the Wednesday Technet webcast covering the patchday… well, update your resume. There is this notion that nobody wants to be the first to blow things up. Ok, fair enough - thats what testing is for folks. You test the service pack, you roll, you call PSS if you must to clean things up, you define a process. You don't stick your head in the sand, trust that Microsoft published every single thing that patch fixed and put your security in the hands of 16 year olds that got nothing to do between TRL and American Idol. Cleaning up a box with a broken patch is a hell of a lot easier than cleaning up a rootkit, if you even notice you've been pwned to begin with.

The other half of the security blame falls squarely on the user. You can patch your servers. You flash your firewalls. You can define strict firewall rules. You can turn up logging to find potential problems. You can backup. You can patch your workstations 15 different ways. But you can't fix stupid. If your junior admin got his MCSE from a paper-mill and his solution to NTFS permission problem is elevating end user security roles you've got a case of stupid going on. Give it up, you won't be able to train your accountant. Or your marketing guy. Or your boss (unless I'm your boss, in which case you can suck it monkeys - thats why I'm on a separate server than the rest of you serfs). They are untrainable. But you can train your staff. You can define a plan. You can set a schedule. You control your stupid exposure.

Security is a process. Do you have a clear one?

You can leave a response, or trackback from your own site.

7 Comments

CJ | April 27th, 2006 at 10:19 pm

You know whats really funny about this? Technet audience is high-end enterprise. The audience you were talking to likely has a JOB and not just a consultant per-hour engagement. It is their JOB to know about this and its incredible that these things are still so widely spread.

This is the issue in corporate America. This is what you get when you try to save $20,000 on your headcount by hiring anybody that can reboot a computer and firing real engineers.



Charles M | April 27th, 2006 at 11:08 pm

Good point, I wonder how many people even know that their boxes have some of these rootkits and undetectable malware running on the system. Some are completely untraceable until hacker phones home and you just happen to have netmon scanning at the same time.

I am by no means in the dark on why there is such an increase in spam and blog spams. Lets face it, at this point its moving from protection to avoidance.



Ivan Palnik | April 27th, 2006 at 11:19 pm

There is a fine line between secure and useless. Take a look at the beta, it throws so many alerts and warnings that people will likely ignore all the “cautions” as they go about their business. Will they take the same posture when a dangerous web site comes up?



Matt White | April 28th, 2006 at 8:53 am

Ah, the joys of working here for our wonderful brilliant boss.



Grace | April 28th, 2006 at 1:35 pm

Yeah, I’ll second that Matt. :) Our boss is infinitely trainable but we have to replace that backspace key because apparently MCSE’s can’t take typing classes!

Grace



vlad | April 28th, 2006 at 2:10 pm

Thanks guys, thank god for India :)



Allen | April 29th, 2006 at 11:29 am

The BB4B model sounds like the way I would structure my business, if I had the capital.

Makes me stop and think about the hedgehog principle– the importance of having “a clear, focused understanding of what you can do *better* than anyone else in the world”



Leave a Reply

OpenID

Anonymous

Whats on Vlad's Mind?

Sponsors:
This blog is made possible by Own Web Now Corp and ExchangeDefender. If you like this blog and are in the need of products we offer I hope you give us some consideration.

Get The Newsletter

Twitter

Vladfire Vlog

Divider


SBS Show Podcast
 

Categories

  

Archives

  

About
Divider Divider