Damned if they do, damned if they dont

2003-09-12

I had just sold management in the company I am clienting for on the ability of W2K3 to avoid these, with the line that during the Windows Security Push, all 9,000+ Windows developers stopped and poured over essentially every line of Windows code remove these kinds of situations and make W2K3 the most secure OS. Now two of these in the last month. To say that this has stopped a massive redeployment is an understatement.Sam Gentile’s Blog

So you oversold an idea to a client and now you’re mad at Microsoft?

You’re concerned about the security of your server platform. W2K3 is more secure than W2K and NT4. NT4 is no longer supported and won’t be getting any patches. Client has NT4 servers.

What do you advise and why?

These changes have made Windows Server 2003 much more secure than any previous version of Windows. Microsoft is intent upon improving the security of its products and technologies: the Windows Security Push was only one part of the company’s ongoing commitment to creating more secure software. The Windows Security Push

They have to move from NT4. No choices there. You can’t run production systems on an unsupported OS… If they have to stay on a Microsoft platform then they should move to either W2K or W2K3. If everything they need to run is compatible with W2K3 then move to that; if not move to a mixed bag with W2K3 in all places that it can be and maintain an aggressive migration strategy.

Why? W2K3 is the most secure of the options; therefore your client is limiting their exposure to security threats by choosing the most secure option they have.

Your position doesn’t change just because a patch is released for all of the OSs you could choose including W2K3. It only changes if more patches are released for just W2K3 and even then it only changes if these new patches are for functionality that works just fine in the other server platforms (ie not new functionality that you cant get elsewhere) and it only changes if your client uses the functionality that was patched (and was, thus, vulnerable).

Your client’s wrong not to move and you were wrong to convince them to move by overselling W2K3. Be pragmatic. Move on.

I don’t buy the ‘when we move to 100% managed code things will be lovely’ idea either. Sure we’ll eliminate a whole host of buffer overrun related issues but I expect there will still be security issues. It may take a while for the attackers to switch gears and start exploiting these new issues but they will. So even if the whole world switches to a 100% managed OS there will still be security vulnerabilities and there will still be patches required. Why? People write the code, people make mistakes. Bugs are the result of mistakes. The solution isn’t a new tool or set of tools its more thought and testing. If Microsoft want their OS to be really secure then you need people whos job it is to break it and you need them trying to break it all the time and they need to be doing it with full access to all the source they need. If they want the doubters to trust they’re really trying then these people need to be an independent company…

I agree that these patches shouldn’t require a reboot, I’d like to think that Microsoft were trying to move in that direction, but I’d also prefer to have a patch that works and a patch that’s available to me quickly. If that means I have to reboot then OK I’ll have the patch now please and you can continue working towards a no reboot situation.

Reading back through this it comes across as a bit aggressive towards Sam, it’s not supposed to be, but I can’t be arsed to rework it. ;)