> 1. Microsoft already provides that feature Sure. Yo have no problem about running it automatically? > 2. As soon as possible for "you" No. As soon as the customer phones asking you to drop by. Meanin: when it's too late. > >> 2. If a patch cannot be installed, find workarounds > >That does not work with the workarounds customer need to facilitate > >life (security <> easy of use, remember) > And the computers/networks will be so easy to use when lines > are saturated, > file systems are corrupted or data are stolen That's the problem they are prepared to deal with at the moment it comes. They think it's cheaper. > >> 3. If it is a port-related threat, find out if such ports are > >> in use, and if not, make sure they are closed. > >Once the virus is on the LAN it can do whatever it wants. > > Hello! Block the ports BEFORE they hit the LAN. Proactive security. > Also, do us a favor and don't propogate the shit! Well of course they are blocked. But there are other means of coming in you know. > >> Some of the comments overheard this week regarding Sasser: > >I did propose some firewall, but they feel it's too much EUREUREUREUR > > And you provided some sort of analysis showing potential losses due to > the lack of a security infrastructure, right? Well indeed of course not. Customer is not prepared to pay for that kind of analysis. > >> Will they learn from history? Only history will tell. > >I'm pretty sure they won't. Even most tech guys don't have a clue. > > Evidently, thanks for your example. There's no reason to get personal here. Don't judge me on such a restraint discusion. My only point is, SMB businesses are not prepared to pay for advanced security, which you say I should provide, and to whick I totally agree. Maybe my boss does not have the right business plan and marketing to 'sell' security. Probably. Serge _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Learn from history?
Serge van Ginderachter (svgn) Thu, 06 May 2004 02:36:55 -0700
- [Full-Disclosure] Learn from history? Lennart Damm
- RE: [Full-Disclosure] Learn from histor... Alerta Redsegura
- Re: [Full-Disclosure] Learn from histor... Valdis . Kletnieks
- RE: [Full-Disclosure] Learn from histor... Serge van Ginderachter (svgn)
- RE: [Full-Disclosure] Learn from hi... Alerta Redsegura
- RE: [Full-Disclosure] Learn from histor... full-disclosure
- RE: [Full-Disclosure] Learn from histor... Stuart Fox (DSL AK)
- RE: [Full-Disclosure] Learn from hi... Alerta Redsegura
- RE: [Full-Disclosure] Learn from histor... Stuart Fox (DSL AK)
- Re: [Full-Disclosure] Learn from hi... Ondrej Krajicek
- RE: [Full-Disclosure] Learn from histor... Serge van Ginderachter (svgn)
- RE: [Full-Disclosure] Learn from hi... Alerta Redsegura
- RE: [Full-Disclosure] Learn from histor... Ferris, Robin
- RE: [Full-Disclosure] Learn from hi... Alerta Redsegura
- RE: [Full-Disclosure] Learn from histor... Steve Bremer
- RE: [Full-Disclosure] Learn from histor... Serge van Ginderachter (svgn)
- RE: [Full-Disclosure] Learn from histor... full-disclosure
- RE: [Full-Disclosure] Learn from histor... Serge van Ginderachter (svgn)
- RE: [Full-Disclosure] Learn from histor... Serge van Ginderachter (svgn)
- RE: [Full-Disclosure] Learn from histor... Ng, Kenneth (US)
- RE: [Full-Disclosure] Learn from hi... Alerta Redsegura
