Here in Windowsville

How much harm comes of the anti-Windows bias in the world of security?


The SANS Institute allowed me to attend a few days of its recent Orlando conference. I chose an excellent two-day track on honeypots, taught by Lance Spitzner, a security architect for Sun Microsystems, and Marcus Ranum, founder and CTO of NFR Security. These two live and breathe honeypots.

If you’re unfamiliar with the concept, a honeypot is simply “a security resource whose value lies in being probed, attacked or compromised.” It might be used for commercial purposes (to gain knowledge to protect against the newest attacks), or it might be used for research (to learn about the psyche of the black hats).

Joke: Based on that definition, who’s the largest manufacturer of honeypots today? Answer: Microsoft.

“Security Advisor” columnist Roberta Bragg has covered the topic in her columns. What she hasn’t talked about is the pervasive anti-Microsoft/pro-Unix bias that exists in the security community at large.

Joke: How do you set up a honeypot? Answer: Bring a Windows box online.

The jokes here were quite popular in my training session.

Alan Paller, the director of research at SANS, has proclaimed in the past that the Microsoft certification program was to blame in part for the spread of Code Red last year—for not requiring MCSEs to show competency in security. (I must add, SANS offered a free class at that time to show people how to patch their systems.)

It’s tough to pay attention to people who know their stuff yet hold you in derision. But that’s what I’m suggesting you do.

Stephen Northcutt, also a principal at SANS, has begun warning that we can expect a worm to surface that will take advantage of SNMP vulnerabilities. This is our chance to prove that Paller’s judgment was a bit hasty. That means applying patches or disabling SNMP on your Windows machines. It also means securing your Cisco equipment, HP JetDirect firmware, network management solutions, power monitors, security systems, and a hundred other devices and programs that you take for granted but can’t do without. The CERT advisory on this exists here: www.cert.org/advisories/CA-2002-03.html.

Then in July we’ll be hosting our own security training event, the MCP TechMentor Summit on Security. Attendees will have the chance to watch a Windows 2000 network (and its related components) become hardened, using only what Microsoft makes available in its software and resource kits and online. You’re all invited to try to hack into the system. Learn more about that at www.techmentorevents.com/seattle/.

Here in Windowsville, we’ve made for an easy target when it comes to security. So I invite Paller and Northcutt, experts whose knowledge has been annealed on that other platform, to join us in Seattle and watch the new breed of security experts in action.

Am I misguided in feeling like the skinny guy in the Charles Atlas ads who has to eat sand? Tell me at [email protected].

About the Author

Dian L. Schaffhauser is a freelance writer based in Northern California.

Featured