Completely off topic: FW: Trustworthy Computing

KRFinch at dstsystems.com KRFinch at dstsystems.com
Mon Jul 22 14:12:18 CDT 2002 

Setting up your own trusted update server is supposed to be one of the
compelling reasons for companies to adopt Micro$oft's ".net" framework into
your active directory domain.  It won't really be available to the masses
unless they feel like paying a bundle (in hardware and software) to set up
their own .net enabled active directory domain, and having a dedicated
server to handle the update requests through SMS.

The other option, I suppose, is simply adding the update site's domain as a
127.0.0.1 entry in your hosts file.  Then it can't automatically update,
and you can control when it does.

- Kevin

                                                                                                    
                
                    Michael                                                                         
                
                    <mogmios at mlug.missouri       To:     bkelsay at comcast.net                        
                
                    .edu>                        cc:     kclug at kclug.org                            
                
                    Sent by:                     Subject:     Re: Completely off topic: FW: 
Trustworthy Computing   
                    owner-kclug at marauder.i                                                          
                
                    lliana.net                                                                      
                
                                                                                                    
                
                                                                                                    
                
                    07/21/2002 11:05 PM                                                             
                
                                                                                                    
                
                                                                                                    
                

Does Windows Update not allow you to set your own server? Sounds kind of
sucky. If it can use a proxy server for requesting the files then you
could still limit your business to downloading the files just once. It's
been quite some time since I had to deal with admin'ing Windows but
overall it sounds Like once again Linux kicks it's butt. Both RH's up2date
programe and Ximian's Red Carpet (doesn't it seem odd that Red Carpet
isn't from RedHat?) handle those two little features nicely. :)

> >   Has it ever occurred to anyone that WU itself, if it ever were
> > compromised, would become the mechanism to spread a worm to EVERY
SINGLE
> > "TRUSTWORTHY" COMPUTER?
>
> I fear this every day at work, but what are you gonna do?  I think that
MS
> ought to give away a free version of Patch Server to each Enterprise
level
> customer. (They don't currently have such a thing as far as I know.)
With
> this you could mirror the patches on Windows update and test them in a
> secure environ and them distribute the patches via SMS or a startup
script.
> We currently waste all kinds of bandwidth downloading the same patches
over
> and over again. Some patches can be downloaded and stored on a server,
but
> I'm talking about when you have WIndows update analyze the PC and load
> several patches at once.  I also routinely discover PCs with really old
> outdated images that haven't been defragged in two and a half years and
> such.  I usually find them when I get a helpticket for a virus infection.

More information about the Kclug mailing list