Damon Cortesi's blog

Musings of an entrepreneur.

MS Security

| Comments

OK, it’s time for a little rant!

I am tired of people complaining about MS security, or rather the lack thereof. This is such a horribly over-generalized statement. If you take any system, application, or device and throw it on a network without tailoring it to what you need and making sure it’s got the latest software on it…you’re asking for trouble.

I’ve managed NT/IIS systems in the past that were Internet accessible (not even a firewall) and never had a problem. And yes, I would have known if a problem came up! grin When my superior’s came to me yelling “nimda nimda!”, I simply shrugged my shoulders as I had already patched all of our systems and only production webservers were running IIS in the first place.

Unfortunately, not all Windows administrators out there are as cognizant of the security aspects of administration as they should be. This is where a great deal of the failure has occured. Yes, there are numerous issues with Microsoft products, but there are issues with Cisco, MySQL, Linux, Oracle as well. You simply cannot drop a system in, make sure it works, and walk away…but this is what happens! Not all administrators have that little BSD devil sitting on their shoulder wondering what holes were left in a system.

So that’s how we dealt with systems of three or four years ago that weren’t even programmed with security in mind. But take a look at how Microsoft is coding today. Let’s take IIS6, for example. Michael’s post about IIS6 vs Apache2 is what got me fired up about this. Since the release of IIS6, there has not been a critical issue with Microsoft’s latest web server. This is an amazing accomplishment and indicative of the way that Microsoft is trying to do (Trustworthy Computing…) to address the problem of what drives administration - making things work.

Are there problems in Microsoft products? Yes Are there problems in other vendors products? Yes Is it possible to secure Microsoft technology? Yes!

So stop whining about how Microsoft is the worst software around. You can make it secure, it just requires a little effort.

end rant