> We do have an experienced windows sysadmin... Namely me... OK. Don't take this personally, but you're the same person who said you didn't know whether patches were applied, right? You don't know about automated patching solutions? You don't know what services can or can't be turned off on a production Windows web application server?
> The point is that Linux doesn't require a reboot when it gets > updates, only windows does. This is due to the fact that windows > updates patch core windows components, things that shouldn't have > problems in the first place. Windows inherently has problems. Every complex system inherently has problems. Again, most Windows patches do not require reboots. Windows patches sometimes affect core OS components, as do Linux patches. Of course, what's a core OS component anyway? On Windows, IIS is considered a "core OS component" and of course if you're using it, you'll be concerned that it's adequately secure. But many, many Windows patches affect end-user applications like IE. Are you using IE from your server console to browse the internet? Again, proper system configuration beforehand can help you avoid most of these problems. Most available Windows patches are not needed in a properly configured production web application server environment. > Even a well configured Windows system can be taken down, due to > the fact that a lot of problems exist in the core windows components, > things that cannot be disabled. A well-configured system, running any mainstream OS, on an untrusted network, can be "taken down" if it does anything useful on that network. But any competent Windows system administrator can reduce the probability of being vulnerable to automated attacks to near zero. Although it's a little dated, you might find the O'Reilly book "Securing Windows NT/2000 Servers for the Internet" (http://www.oreilly.com/catalog/securwinserv/) useful. Again, I don't want you to take this as a personal attack, because it's not. But I'm a bit irked when people say over and over again that Windows servers can't be adequately secured, because they can. And it's just not that difficult to do, either. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:225213 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
