Home Articles SBS Show Vladfire About Links Contact Wiki RSS2 Feed

AJAXify your Wordpress

Learn how I ajaxified my wordpress blog with these few steps...

SBS Show!

Listen to the latest episode of the SBS Show, Dave Sobel talks about process management...

Vladville Newsletter!

Looking for a more focused, exclusive insight into the world of SMB tech & business? Sign up for my newsletter!

« TS2 SBS Crown Jewels Presentations | SBS Show Strikes Back »

Roadshow: No, WSUS can’t do that
Posted: 9:09 pm April 27th, 2006	Post a comment IT Culture, Microsoft, Security

As mentioned earlier, I am on the road presenting a part of the security content for Microsoft Technet seminars and meeting partners and professionals all over the state. It is quite exciting and most of all – insightful. As a service provider I make my bacon fixing problems out there and sometimes you don't hear all the problems through your own feedback channels, you have to see people face to face.

The speach of the day: "WSUS doesn't fix stupid. I guarantee that nowhere in WSUS categories will you find a patch class for stupid user keeps on clicking on things. You can't fix stupid, but you can eliminate the amount of things they can be stupid with."

To put it into some context I opened my portion of the Microsoft event by saying that at least half of all the security problems with the Microsoft software are Microsofts fault. Not in terms of them writing insecure operating systems, but in terms of system administrators not applying service packs, patches and hotfixes in a timely manner. I held a quick poll asking people if they waited a few days to deploy critical patches. A surprising number of hands went up. Well folks, this is why your networks get pwned. If you don't have a clear schedule every second Tuesday of the month and plan to spend an hour or two at the Wednesday Technet webcast covering the patchday… well, update your resume. There is this notion that nobody wants to be the first to blow things up. Ok, fair enough – thats what testing is for folks. You test the service pack, you roll, you call PSS if you must to clean things up, you define a process. You don't stick your head in the sand, trust that Microsoft published every single thing that patch fixed and put your security in the hands of 16 year olds that got nothing to do between TRL and American Idol. Cleaning up a box with a broken patch is a hell of a lot easier than cleaning up a rootkit, if you even notice you've been pwned to begin with.

The other half of the security blame falls squarely on the user. You can patch your servers. You flash your firewalls. You can define strict firewall rules. You can turn up logging to find potential problems. You can backup. You can patch your workstations 15 different ways. But you can't fix stupid. If your junior admin got his MCSE from a paper-mill and his solution to NTFS permission problem is elevating end user security roles you've got a case of stupid going on. Give it up, you won't be able to train your accountant. Or your marketing guy. Or your boss (unless I'm your boss, in which case you can suck it monkeys – thats why I'm on a separate server than the rest of you serfs). They are untrainable. But you can train your staff. You can define a plan. You can set a schedule. You control your stupid exposure.

Security is a process. Do you have a clear one?

Both comments and pings are currently closed.

7 Comments

CJ | April 27th, 2006 at 10:19 pm

You know whats really funny about this? Technet audience is high-end enterprise. The audience you were talking to likely has a JOB and not just a consultant per-hour engagement. It is their JOB to know about this and its incredible that these things are still so widely spread.

This is the issue in corporate America. This is what you get when you try to save $20,000 on your headcount by hiring anybody that can reboot a computer and firing real engineers.

Charles M | April 27th, 2006 at 11:08 pm

Good point, I wonder how many people even know that their boxes have some of these rootkits and undetectable malware running on the system. Some are completely untraceable until hacker phones home and you just happen to have netmon scanning at the same time.

I am by no means in the dark on why there is such an increase in spam and blog spams. Lets face it, at this point its moving from protection to avoidance.

Ivan Palnik | April 27th, 2006 at 11:19 pm

There is a fine line between secure and useless. Take a look at the beta, it throws so many alerts and warnings that people will likely ignore all the “cautions” as they go about their business. Will they take the same posture when a dangerous web site comes up?

Matt White | April 28th, 2006 at 8:53 am

Ah, the joys of working here for our wonderful brilliant boss.

Grace | April 28th, 2006 at 1:35 pm

Yeah, I’ll second that Matt. Our boss is infinitely trainable but we have to replace that backspace key because apparently MCSE’s can’t take typing classes!

Grace

vlad | April 28th, 2006 at 2:10 pm

Thanks guys, thank god for India

Allen | April 29th, 2006 at 11:29 am

The BB4B model sounds like the way I would structure my business, if I had the capital.

Makes me stop and think about the hedgehog principle– the importance of having “a clear, focused understanding of what you can do *better* than anyone else in the world”

Whats on Vlad's Mind?

Get The Newsletter

Twitter

@Tegwin @tubblog LOL. I run for fun... That's how I still fit in a single airline seat considering how I eat :) 1 week ago
Heading down to Miami for the marathon - quick trip, sorry won't be able to see anyone. :( I am making it to the Lincon Rd Mall & Bal Harbor 1 week ago
The beta period is over and Reloaded is officially a hit; hundreds of bugs fixed, 20+ integrators & brand new UI: http://t.co/ADMfBgsX 3 weeks ago
More updates...

Vladfire Vlog

Episode 27
Henry Craven

Runtime: 9:03
Windows Media (45 Mb)
Quicktime (47 Mb)

SBS Show Podcast

SBS Show is a free weekly podcast (Internet for recorded radio show) focusing on small business and technology. More at sbsshow.com but check out our latest episode:

SBS Show #26
Erick Simpson
Managed Services Part 2

Divider

Listen to older shows..

Categories		Archives		About
Apple, Awesome, Beta, Blogroll, Boss, Cloud, Deals, E12, Events, Exchange, ExchangeDefender, Friends, Gadgets, Gators, Gaypile, Google, GTD, iPhone, IT Business, IT Culture, Legal, Linux, Microsoft, Misc, Mobility, Open Source, OS, OwnWebNow, Pimpin, Podcast, Programming, Rant, SBS Show, Security, Shockey Monkey, SMB, System Admin, Thieving Weasel, Uncategorized, Vista, Vladcast, Vladfire, Vladville, Web 2.0, Windows Home Server, WordPress, Work Ethic, Wrong		February 2012, January 2012, December 2011, November 2011, October 2011, September 2011, August 2011, July 2011, June 2011, May 2011, April 2011, March 2011, February 2011, January 2011, December 2010, November 2010, October 2010, September 2010, August 2010, July 2010, June 2010, May 2010, April 2010, March 2010, February 2010, January 2010, December 2009, November 2009, October 2009, September 2009, August 2009, July 2009, June 2009, May 2009, April 2009, March 2009, February 2009, January 2009, December 2008, November 2008, October 2008, September 2008, August 2008, July 2008, June 2008, May 2008, April 2008, March 2008, February 2008, January 2008, December 2007, November 2007, October 2007, September 2007, August 2007, July 2007, June 2007, May 2007, April 2007, March 2007, February 2007, January 2007, December 2006, November 2006, October 2006, September 2006, August 2006, July 2006, June 2006, May 2006, April 2006, March 2006, February 2006, January 2006, December 2005, November 2005, October 2005, September 2005, August 2005, July 2005,		Vlad says: Thanks for checking out my blog. You've officially reached the end of the Internet so take in what you've read and don't look at it as gospel but an invitation to start thinking for yourself.