To Update or Not to Update (Split from Mac Thread)

**nichomach** · 25-05-2006, 10:41 AM

Originally Posted by Koolpc

I am not saying people should not use the facility. I think they should. Just that i don't.

Fine, but by repeatedly posting "I don't use updates and I've never had a problem", you're misleading people into thinking that they shouldn't. Perhaps through a combination of good AV, a good hardware firewall, and IDS your machine has always been fine. The problem is that while you may be technically literate enough to understand that these are essential preconditions, a LOT of people reading the threads in which you post this "I never update" stuff aren't going to be. They'll just read it as "Oh, those updates aren't important - that guy's never updated, and he's never had a problem, so why should I?". Do what you want on your own machine, but for pity's sake stop advising people, both explicitly and implicitly to not apply security updates. It's just wrong, OK?

Oh, and PCs and networks are my job too, and I make DAMN sure I have WSUS working.

**Gordy** · 25-05-2006, 12:31 PM

Originally Posted by Moby-Dick

untill your mates brings his Pc over for a LAN party...your firewall will be about as much use as a chocolate teapot

I've said it before and I'll say it again , and again and again.

The *only* way to approach IT security and safe keeping of your systems is to adopt a layered approach. The only difference between an enterprise and a home system is in the number of layers.

Its everything from keeping an eye on who is connecting to your network , to keeping software up to date to using an antivirus product , to using a permiter firewall and potentially an application level firewall. That way you are covered for events at every level of the system.

I've seen the after effects of a system where someone thought that their perimeter firewalls would cover them and its not pretty. It caused far more work than the 20 minutes it would have taken to test and rollout a patch.

No single layer is designed to be infallable , but the combination of them should lead to a secure and stable environment.

Can't agree more.

In IT security the weakest point in any system is the most out of date or least managed part of the security be that out of data AV or firewall or an old bug ridden hardware firewall.

**directhex** · 25-05-2006, 12:55 PM

Originally Posted by Gordy

In IT security the weakest point in any system is the most out of date or least managed part of the security be that out of data AV or firewall or an old bug ridden hardware firewall.

wrong.

in it security, the weakest point is poorly educated humans.

**Gordy** · 25-05-2006, 01:02 PM

Well thats true as well

**TheAnimus** · 25-05-2006, 01:18 PM

intresting people are talking about hardware firewalls..... because for a second here i thought we weren't talking about enterprise stuff.

now most people who know me will tell you, i dont place much importance on the software firewalls, that is because i tend to be running as a user with debug priveldges (ie i can walk into another proccess of my user, and use it to surf the net, like say using IE's). But even more than that, zonealarm and the other "huggy fealie" firewalls can all be bypassed by a simple window message, simulating the button! All users in windows can make global hooks happen. So detecting the firewall blocking is easy. In short a software firewall won't save you from outbound attacks.

In windows the way a well made NDIS layer driver loads means that your firewall will be working before your MAC is reciving traffic. So as for bootup-down problems, don't worry about that enless theirs a flaw in your MAC (your network card persay).

Now, do you USE your computer? You can educate someone as much as you like but if my email address sends pictures to my parents with "my 21st" or something as the title, which anyone who hates me could think to do. Then because i've educated my parents (giggles) rather than patched the computer, they open it. The images display fine, except for one. Now because i didn't patch against an RPC exploit, and the software is inside the PC even thou their running as regular user the malicous code can get admin access...... you see where i'm going with this?

To advocate not patching at all is moronic.

To say that "un-required" patches shouldn't be applied is understandable.

To say that you disable windows updates on mates PCs is just retarded. I'd like to put forward this as a test, I've got a box which is an a 500mhz jobbie, i'll stick that on the net if the uni will let me, and well see how long it lasts with no patches but a firewall. I'll nock up some code to surf to forums in IE or FF (with no patches) Might be 2 years, but with no browser patches, or OS patches it would certainly be less. I think the uni would say no thou, because they'd hate to have a box which is infected on the 'safe' side of their network.

**directhex** · 26-05-2006, 08:42 AM

http://www.eweek.com/article2/0,1895,1967941,00.asp

remember kids, "knowing what you're doing" means security holes like the above stop existing!

Thread: To Update or Not to Update (Split from Mac Thread)

LinkBack

Thread Tools

Thread Information

Users Browsing this Thread

Similar Threads

Another Mac Networking Thread

Windows Update flaw 'left PCs open' to MSBlast

Posting Permissions