Editor's Desk

Here in Windowsville

How much harm comes of the anti-Windows bias in the world of security?

The SANS Institute allowed me to attend a few days of its recent Orlando conference. I chose an excellent two-day track on honeypots, taught by Lance Spitzner, a security architect for Sun Microsystems, and Marcus Ranum, founder and CTO of NFR Security. These two live and breathe honeypots.

If you’re unfamiliar with the concept, a honeypot is simply “a security resource whose value lies in being probed, attacked or compromised.” It might be used for commercial purposes (to gain knowledge to protect against the newest attacks), or it might be used for research (to learn about the psyche of the black hats).

Joke: Based on that definition, who’s the largest manufacturer of honeypots today? Answer: Microsoft.

“Security Advisor” columnist Roberta Bragg has covered the topic in her columns. What she hasn’t talked about is the pervasive anti-Microsoft/pro-Unix bias that exists in the security community at large.

Joke: How do you set up a honeypot? Answer: Bring a Windows box online.

The jokes here were quite popular in my training session.

Alan Paller, the director of research at SANS, has proclaimed in the past that the Microsoft certification program was to blame in part for the spread of Code Red last year—for not requiring MCSEs to show competency in security. (I must add, SANS offered a free class at that time to show people how to patch their systems.)

It’s tough to pay attention to people who know their stuff yet hold you in derision. But that’s what I’m suggesting you do.

Stephen Northcutt, also a principal at SANS, has begun warning that we can expect a worm to surface that will take advantage of SNMP vulnerabilities. This is our chance to prove that Paller’s judgment was a bit hasty. That means applying patches or disabling SNMP on your Windows machines. It also means securing your Cisco equipment, HP JetDirect firmware, network management solutions, power monitors, security systems, and a hundred other devices and programs that you take for granted but can’t do without. The CERT advisory on this exists here: www.cert.org/advisories/CA-2002-03.html.

Then in July we’ll be hosting our own security training event, the MCP TechMentor Summit on Security. Attendees will have the chance to watch a Windows 2000 network (and its related components) become hardened, using only what Microsoft makes available in its software and resource kits and online. You’re all invited to try to hack into the system. Learn more about that at www.techmentorevents.com/seattle/.

Here in Windowsville, we’ve made for an easy target when it comes to security. So I invite Paller and Northcutt, experts whose knowledge has been annealed on that other platform, to join us in Seattle and watch the new breed of security experts in action.

Am I misguided in feeling like the skinny guy in the Charles Atlas ads who has to eat sand? Tell me at dian.schaffhauser@mcpmag.com.

About the Author

Dian L. Schaffhauser is a freelance writer based in Northern California.

comments powered by Disqus

Reader Comments:

Sat, Jul 6, 2002 MCSE x 2 Calif.

extreme pro-Microsoft bias invalidates the writer. Anyone who has worked with their OSs knows the problems. Why doesn't she mention the EXCELLENT seminar that SANS puts on? Their Jason Fossen, whom she is also afraid to mention, has the best non-biased info around on securing Win2K and WinXP (to the best extent possible).

Tue, Jun 4, 2002 Anonymous Anonymous

Well stated article. Microsoft has the largest bullseye and target of many hackers. But as Unix/Linux popularity increases, so have their security concerns. Microsoft has stepped up it's efforts with security and proven they have the ability to deliver if they choose to make it a priority!

Mon, Jun 3, 2002 Dave Funk Stuttgart Germany

Fact: Windows owns a small minority of the major web server market and contributes the vast majority of break-ins. This dispite the preference for UNIX in the hacking community.
Fact: Most major business networks are Windows dominated.
Morale: There are problems with Windows, not all of those problems originate in Washington State. UNIX does not own the world. Everybody, get over it.

Mon, Jun 3, 2002 Anonymous Anonymous

Hay rember when dial in was first used with IBM TCAM (110 or 300 Baud), and the security requirements with people using datascopes to determin speed and parity requirements. This is where I first saw 3 tries and your out. The use of parity for security etc...

The only secure system is an unconnected system, so any connection to a system is a potential secutity hole, this includes terminals, modems, network connections an non secured consoles.

Sat, May 18, 2002 Anonymous Anonymous

cool..we need more of this stuff

Thu, May 16, 2002 Tony Alabama

First - to the fella above: It's good to see someone who can even REMEMBER there once was a Dec VAX! I cut my teeth on them!

I get tired of hearing all the bashing, but what are going to do? We can only do our best as a community to squash out such foolishness and move on. It is very unfortunate that so many companies think that just because someone can get around in Windows that they are a COMPENTENT Systems Administrator. They are paying for their "savings" now. Much of the blame lies with individual companies and not just Microsoft.

Thu, May 16, 2002 Greg Neilson Anonymous

Unfortunately, there's always a degree of snobbery with techies that will always be with us. Sure the Unix people sneer at Windows, but don't forget that some Netware people sneer at Windows, and even before that Banyan Vines folks used to sneer at Netware. And let's not ask DEC VAX folks what they think about IBM technologies :-). We're sure going through alot of pain now getting our Windows implementations hardened, but I think that in a couple of years we (and Microsoft!) will be better for this current emphasis on security.

Wed, May 15, 2002 Jim Michigan

Kudos to Diane for a nicely balanced look at Security problems in Windows!
As an administrator of several Windows systems, I have taken the time to earn my MCSE as well as learning how to install the security patches available. It's an unfortunate result that the ease-of-use of Windows allows for server "administrator" who are untrained, non-technical people who don't understand why THEY need to do something to keep their system secure. The end result is their inaction results in a generalization of all Windows servers being insecure.
To the Windows nay-sayers, I say, "not in my house!" My firewall shows many attempts, and our intrusion detection service has called a few times in the early morning hours, but to this day, any hack attempt made on my systems has been made a week or more after the patch to fix the vulnerability was applied.
Diligence has been paying off.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.