Re: Office 2000 on SBS2003?
From: root (postmaster_at_buchanangc.com)
Date: Wed, 23 Jun 2004 18:48:43 -0700
"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <email@example.com>
wrote in message news:upKDCsYWEHA.3024@TK2MSFTNGP09.phx.gbl...
> Yes, EXACTLY, that was the point of Russ Cooper's talk to the
> Austrialian CERT security meeting last month where he did a count of
> vuln flaws of IIS 6.0 which he said was 60 [which really what 48 because
> he screwed up the count]. So go knock yourself out trying to uninstall
> OE and Media player and IE. Word is "adding" a threat vector.
> "Wordpad" is already there. Because you cannot separate out the
> underlying gunk of the operating system, IIS 6.0 has flaws, so that even
> though Microsoft in the press says -0- flaws for IIS 6.0 there is in
> reality approximately [per Russ 60, me and Bernard who is the IIS guru
> say 48] but the point is you have those programs in there.
> There are right now unpatched vulnerabilities for IE that are out in the
> wild and if you are surfing, IE in low to medium, running as admin,
> running without the IE in secure mode [as is the default in Win2k3] you
> can get yourself overrun with a trojan that will trigger cross site
> scripting and active X vulnerabilities. If you want a POC web site[s]
> that will nail your system, ping me offline. I'm not posting the links
> here. Don't surf at the server, don't read email at the server, don't
> use the server for anything other than a server.
Now you are beginning to get it. How and what you do is the issue and not
what you install. Keep your eye on the ball.
> Root you just argued yourself back to the original exercise of this
> thread... don't use the server as a workstation and install unnecessary
No, it seems that what you did.
> The real security issue is don't use your server as a workstation. It's
> a server. Chicken Little would agree with me on this one.
Yes, as now you've totally circularized.
> Mountain Dew. Seattle. I'm buying.
> root wrote:
> > "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <firstname.lastname@example.org>
> > wrote in message news:u0LxUPSWEHA.email@example.com...
> >>Wordpad is already on the server Root. It's part of the OS.
> >>So your threat vector surface is unchanged.
> > OH NO, it should be immediately removed as it does increase the surface
> > area and calculator too. My obviously flawed copy of SBS2003 came with
> > dastardly trojan Outlook Express preinstalled whose surface area exceeds
> > sponge's and then there's the preinstalled Arch Villian IE6 whose
> > area exceeds a pile of nanotubes. How in the devil did Windows Media
> > make it onto my copy of SBS2003....I'm gonna have to change the admin
> > password as someone musta bin sneakin in here in the middle of the night
> > installin Windows Media Player.
> > What's installed ISN'T the primary issue. The issue is HOW it gets used
> > WHAT.
> > Thoughtless chicken little rules obscure the REAL security issues that
> > should be concentrating upon.
> >>root wrote:
> >>>"Frank McCallister" <anonymous> wrote in message
> >>>>Hi Root
> >>>>Don't know if they will install or crash your server but Wordpad will
> > open
> >>>>your Word documents and it is safe!
> >>>OH NO...Wordpad is expanding your surface area....now what about Excel?