> We are all over-worked. Just because you are the only one isnt any > excuse for failing to test and plan a roll out. You need to make the > case to your boss about help. Like they say here in the US > "Ignorance of > the law is no excuse."
Personally, I like a former coworker's comment: "If we don't have the time to do it right the first time, when are we going to have time to do it again?" Personally, the original poster brought the entire issue upon himself. Had this been an obscure, undocumented issue, we'd be right there trying it out with him. But this is about the most well documented patch in the history of Microsoft. Roger ------------------------------------------------------ Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com > -----Original Message----- > From: Mike Carlson [mailto:[EMAIL PROTECTED]] > Sent: Thursday, November 08, 2001 3:35 PM > To: Exchange Discussions > Subject: RE: Outlook blocked access to the following > potentially unsafe > > > The MS01-052 patch is a case in point of making sure you TEST patches > BEFORE you roll them out. > > The day that patch was released, NTBugTraq lit up like a > christmas tree > with all the problems people had with that patch. > > As an administrator you absolutely need to test everything before you > roll it out and read ALL the documentation regarding the patches. > > If you do not and you cause downtime because the patch breaks > something, > the powers that be may have some words for you. > > We are all over-worked. Just because you are the only one isnt any > excuse for failing to test and plan a roll out. You need to make the > case to your boss about help. Like they say here in the US > "Ignorance of > the law is no excuse." > > Where I work we have a few dozen servers ranging from ancient VAX > systems to OS/2 boxes to Novel 4.11 to Win2k to SQL 7 to > Lotus Notes to > CC:Mail to ArcServe to IIS all managed by 4 of us. We have a > few hundred > users in the US and a few dozen scattered over the rest of the planet. > > Our supported applications are everything from Acces 2.0 > applications to > all kinds of weird freakish applications to Office XP. > > OSs are everything from Linux to WinXP to MacOS X. > > Again, 4 of us. We still manage to test everything before we roll it > out. That is not to say we dont get bit in the butt once in a > while, but > we are sure to take all the steps we can. > > Outlook is working exactly as designed. It is meant to do what it is > doing. If you do not like they way Outlook works now, uninstall it and > start from stratch. > > Mike > > > -----Original Message----- > From: Tom.Gray [mailto:[EMAIL PROTECTED]] > Sent: Thursday, November 08, 2001 2:13 PM > To: Exchange Discussions > Subject: RE: Outlook blocked access to the following > potentially unsafe > > > Shawn: (and all others that seem to enjoy raging against Microsoft) > > If you truly believe what you say about Microsoft's incompetence, why > are you using their products? There are other products out there, as > you proclaim in your message. If you are really opposed to > that product > why do you support it? Aren't there plenty of companies out > there that > are so sick and tired of Microsoft's faulty software that > they run other > packages? > > If your response to the above is "well, I HAVE to use them because..." > -- then since you realize the weakness in these products shouldn't you > KNOW the potential for problems in their fixes? You DON'T have to > support those products. Find another company with "better" software. > Sure, that job market is smaller, but isn't it better than > working with > this miserable Microsoft software? > > But in case you don't realize it: > Microsoft products (like all other ones) have problems. Patches and > Upgrades have consequences. README files are there for a reason. > Competent administrators make plans and perform tests because > they KNOW > that every case is not covered by the manufacture in testing. > > > If you truly hate Microsoft, stop supporting it and find another job > with a company that doesn't use their products (good luck) > where all you > do is watch the systems run smoothly all day long and get paid > handsomely. Otherwise, quit whining about it and get used to the fact > that being an administrator in a "microsoft" network takes > lots of WORK! > > > Tom Gray, Network Engineer > University of North Carolina at Chapel Hill > Internet: [EMAIL PROTECTED] > AT&T Net: (919)960-8888 > > > > > > > > > -----Original Message----- > From: Shawn Connelly [mailto:[EMAIL PROTECTED]] > Sent: Thursday, November 08, 2001 2:30 PM > To: Exchange Discussions > Subject: RE: Outlook blocked access to the following > potentially unsafe > > > You know, it astounds me that so many IT people are blind to > Microsoft's > incompetence! > > BTW Mike, your 'car head light' analogy is not even relevant. A more > apt analogy would refer to the Ford Pinto's with the exploding gas > tanks. Sure the user could be mindful of driving only on > roads with no > other vehicles, thereby preventing a back-end collision. The > 'solution' > in service patch 2 could be likened to Microsoft removing the gas tank > altogether. > > First, I read about 70% of the material related to this service patch. > There are about 20 pages of material relating to this patch > and since I > run a dept. with over 50 systems and 6 servers ON MY OWN (no help, not > even support contracts), I really don't have the time (nor is > it humanly > possible) to read every patch/update/security document produced by > Microsoft alone (to say nothing about the 50+ other products I look > after). No, I'm not whining!! > > Simply put, this patch broke Outlook!! An email program that cannot > accept > .com and .exe's is damaged! Yes, yes, I know there are other methods > of > receiving files (such as zip'ed) but the point is that no other email > program such as Eudora, Groupwise, Netscape block these attachments. > All Microsoft had to do was to either disable the dangerous > capabilities > of .asp,.vbs, (et al) code OR entirely block access to this code. IT > WAS AS SIMPLE AS THAT!! > > Geezz, what's with some of you in this (supposed to be?) friendly > discussions group? > > I sent a message asking about this (yes, I admit it was > confrontational) > and I read return responses basically calling me an idiot > based on inane > assumptions! > > Of course, I had to risk installing this patch because the risk of an > Outlook-based virus outbreak out weighted the potential annoyance of > breaking Outlook. BTW, I have never experienced a virus > outbreak in the > 6 years I've been with this company because of my pro-active stance on > these issues. > > Message to Lori: > "Project Plan and Test Plan Results"??? For such a typically minor > patch? How many IT people do you have in your organization? The last > time I had the time to do anything like that was in 98/99 for Y2K. I'm > beginning to feel very small; am I the only IT person in this > discussion > group with an IT budget less than my wage? > > Message to Andy David: > See note about inane assumptions. > > Over and out, > Shawn > > -----Original Message----- > From: Exchange Discussions digest > [mailto:[EMAIL PROTECTED]] > Sent: November 6, 2001 1:00 AM > To: exchange digest recipients > Subject: exchange digest: November 05, 2001 > > Subject: RE: Outlook blocked access to the following > potentially unsafe > at tach ments > From: "Mike Carlson" <[EMAIL PROTECTED]> > Date: Mon, 5 Nov 2001 09:38:28 -0600 > X-Message-Number: 38 > > It amazes me when people complain about this patch. First developers > wanted the ability to autmoate/script everything to customize it for > their environment. "Give us the tools! Give us the ability!" Well > Microsoft did. Now that users and administrators are too stupid, yes I > mean stupid, to be mindful of attachments and security > issues, they now > blame Microsoft for releasing a buggy product. Its like blaming a car > company, when you get rear-ended, for your brake lights being out. > > Similarily, the current crap about IIS being insecure is the same > situation. If the system administrators would apply patches when they > come out, and properly configure the machines, they would have no > problems. > > When a company like Microsoft has to write into their application a > security process that the administrators should do > themselves, you have > no one to blame but moron users and incompetant administrators. > > No one in our company had the ability, except admins, to open .exe, > .vbs, wsh files from Outlook before they released the patch. We have a > policy that everything must be in .zip or other compressed archive > format like .sit or .tar. This way we can limit the vulnerabilites we > have. > > People want it easy to use and administer. With that comes > responsibility. If you cant take responsibility, you do not > deserve your > job. > > BTW: A company I do development for, fired 2 administrators > because they > got hacked by Code Red and Nimda. They were too stupid and incompetent > to install patches that had been out for quite a long time. > > So again, blame stupid users and lazy administrators, not Microsoft. > > Also, if you blindly install patches and fixes without reading the > documentation first and then testing the patches, your job > should be on > shakey ground. > > -----Original Message----- > From: Hunter, Lori [mailto:[EMAIL PROTECTED]]=20 > Sent: Monday, November 05, 2001 8:50 AM > To: Exchange Discussions > Subject: RE: Outlook blocked access to the following > potentially unsafe > at tach ments > > > Sue Mosher and I (and so many many others) made it a personal goal to > speak ill of this patch whenever possible. In fact, we only > refer to it > as the Hell Patch. Not sure who coined that one but it does fit. > > So Shawn, can you show me your Project Plan and Test Plan Results for > the application of this patch in a production environment? Or did you > just blindly apply it and are now here to get your money back? > > No soup for you. NEXT!! > > -----Original Message----- > From: Andy David [mailto:[EMAIL PROTECTED]] > Sent: Friday, November 02, 2001 8:16 PM > To: Exchange Discussions > Subject: RE: Outlook blocked access to the following > potentially unsafe > at tach ments > > > Ahhh, I love it.. > If you had bothered to do even a little research before > applying the SP > you would have known this... But of course, it's Microsoft's fault. > > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
