News Stay informed about the latest enterprise technology news and product updates.

Tilting at Microsoft security windmills

I'm the administrator of a midsized network -- 6,000 users -- and due to who we are, we are always under attack from remote hackers. But over the past year, there have been three major attacks on our network that have come from within.

I can't tell you the number of hours we spend each year keeping machines up to date with the latest virus signatures and patches, as well as educating users and squelching the outbreaks. What I can tell you is that we have been completely paralyzed for days by a single worm. No printing, no access to files and no logins, as we verified that each machine was patched. In a computing environment where we provide 24/7 service, this is not acceptable.

The silver lining in all of these events has been that our Microsoft servers haven't gone down. And we are meeting the service level agreement (SLA) that we made to our users on server uptime. In our regular reports to management, our Windows servers appear stable and reliable.

Our users feel differently.

At my organization, we call these catastrophes RPEs, or "resume polishing events." Recently, I sought to find out what I could do to be more prepared for the next RPE -- if that's even possible.

The big security push

Anyone who deals with Microsoft knows that it is pushing security these days. A quick visit to the company's Web site will confirm that. Another sign is the training that Microsoft is now advocating. Where I live, I discovered that Microsoft was promoting two separate all-day events on secure computing. I also discovered that Microsoft was plugging free -- or very inexpensive -- all-day, hands-on third-party training events. I didn't want to miss a tip, so I decided to attend all of the events, which proved to be an investment of about 32 hours of my time.

My report: The two hands-on training sessions that were billed as security seminars were nothing more than sessions on securing workstations with various GPOs. The value to my organization was zero, and it wasted about 16 hours of my time. (One day spent at each class.)

My experience at the two road shows was almost identical to the hands-on sessions. Each of the shows got off to a promising start, however. Microsoft brought in several top presenters, and the room was packed with vendors offering security products. The presentations were excellent, and Microsoft had everyone excited. They were even giving away Xboxes and iPods. But afterward, when I thought about what practical information I could take back to my organization and use, the sad truth was that there was very little. As I was leaving, I asked other people about how valuable the session was to them. Their answers were much the same as mine.

I know Microsoft is big on security right now. Or are they?

Microsoft has a free product to deploy patches, Software Update Services, or SUS. While not perfect, I find it is worth using. Last year, Microsoft said that version 2.0 would be out by the end of the year and would have several enhancements and new reporting capabilities. Microsoft is now more than five months late with it, and I'm hearing rumors that it won't be released for another year or more.

Is anybody out there?

I've been trying to contact my Microsoft representative about this. Normally, he is very quick to return my calls or e-mails. After several days, I finally received the cryptic reply, "I am busy with a security concern." Translation: Microsoft has been hit hard with the latest worm.

If Microsoft is big on security, why don't they devote the resources to solve the patch management problem? Put more programmers on the project. Go out and buy a company currently offering a patch management solution. Doesn't Microsoft realize how much time IT departments waste on patching machines and dealing with security flaws instead of deploying additional Microsoft technologies?

My guess is that I spend a quarter to a third of a year wasting my time on these issues. How about you? Any ideas on how we can send a message to Microsoft telling them that we as network administrators need a solution now? Or do you think I'm being too demanding?

Are you going to be deploying XP SP2 this summer? Will it solve problems or create more headaches? I'm stocking up on aspirin; forecasts predict a shortage this summer. I'd like to know what you think. Please share your comments.

Douglas R. Spindler is a private consultant. Until recently, he was the Active Directory project manager for Lawrence Berkeley National Laboratory. Over the past 20 years, Douglas has been a technology consultant designing and implementing computer technology for companies around the world. He attended the University of California at Berkeley and holds many certifications, including MCSE + Internet. Douglas can be seen on TV, lecturing at industry events, has authored countless articles, sits on the Microsoft Advisory Board and is currently president of the San Francisco Networking Technologies Users Group.


The changing face of identity management

Microsoft extends availability of spam filter

Microsoft should weather IBM desktop move

Longhorn to offer plethora of features

Linux mentor now heads Windows group

Dig Deeper on Windows client management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.