Editor's Desk

Here in Windowsville

How much harm comes of the anti-Windows bias in the world of security?

The SANS Institute allowed me to attend a few days of its recent Orlando conference. I chose an excellent two-day track on honeypots, taught by Lance Spitzner, a security architect for Sun Microsystems, and Marcus Ranum, founder and CTO of NFR Security. These two live and breathe honeypots.

If you’re unfamiliar with the concept, a honeypot is simply “a security resource whose value lies in being probed, attacked or compromised.” It might be used for commercial purposes (to gain knowledge to protect against the newest attacks), or it might be used for research (to learn about the psyche of the black hats).

Joke: Based on that definition, who’s the largest manufacturer of honeypots today? Answer: Microsoft.

“Security Advisor” columnist Roberta Bragg has covered the topic in her columns. What she hasn’t talked about is the pervasive anti-Microsoft/pro-Unix bias that exists in the security community at large.

Joke: How do you set up a honeypot? Answer: Bring a Windows box online.

The jokes here were quite popular in my training session.

Alan Paller, the director of research at SANS, has proclaimed in the past that the Microsoft certification program was to blame in part for the spread of Code Red last year—for not requiring MCSEs to show competency in security. (I must add, SANS offered a free class at that time to show people how to patch their systems.)

It’s tough to pay attention to people who know their stuff yet hold you in derision. But that’s what I’m suggesting you do.

Stephen Northcutt, also a principal at SANS, has begun warning that we can expect a worm to surface that will take advantage of SNMP vulnerabilities. This is our chance to prove that Paller’s judgment was a bit hasty. That means applying patches or disabling SNMP on your Windows machines. It also means securing your Cisco equipment, HP JetDirect firmware, network management solutions, power monitors, security systems, and a hundred other devices and programs that you take for granted but can’t do without. The CERT advisory on this exists here: www.cert.org/advisories/CA-2002-03.html.

Then in July we’ll be hosting our own security training event, the MCP TechMentor Summit on Security. Attendees will have the chance to watch a Windows 2000 network (and its related components) become hardened, using only what Microsoft makes available in its software and resource kits and online. You’re all invited to try to hack into the system. Learn more about that at www.techmentorevents.com/seattle/.

Here in Windowsville, we’ve made for an easy target when it comes to security. So I invite Paller and Northcutt, experts whose knowledge has been annealed on that other platform, to join us in Seattle and watch the new breed of security experts in action.

Am I misguided in feeling like the skinny guy in the Charles Atlas ads who has to eat sand? Tell me at dian.schaffhauser@mcpmag.com.

About the Author

Dian L. Schaffhauser is a freelance writer based in Northern California.


  • Microsoft Previews Windows VM Authentications via Azure Active Directory

    Microsoft on Thursday announced a preview of remote authentications into Windows-based Azure virtual machines (VMs) using Azure AD credentials.

  • Windows Server 20H1 Getting Smaller Containers and Faster PowerShell

    Microsoft is promising to deliver a smaller container size and improved PowerShell performance with its next release of Windows Server.

  • Microsoft Previews Microsoft Teams for Linux

    Microsoft on Tuesday announced a "limited preview" release of Microsoft Teams for certain Linux desktop operating systems.

  • Hyper-V Architecture: Some Clarifications

    Brien answers two thought-provoking reader questions. First, do Hyper-V VMs have direct hardware access? And second, how is it possible to monitor VM resource consumption from the host operating system?

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.