Re: Ten least secure programs

From: Chris Berry <compjma(at)hotmail.com>
Date: Mon Jun 30 2003 - 18:58:30 EDT

>From: John Horn <jhorn1@security.ci.tucson.az.us>
>Hmmm... Well, I think you should re-arrange the list in order of
>severity with the most unsecure programs at the top. Done this way,
>the top few would be some arrangement of MS-Word, MS-Excel, ActiveX,
>Outlook (various versions), MS-IE, IIS and SQL-Server. Telnet,
>Sendmail, FTP and their ilk would have to come further down the list.

I've since added rsh and activeX. MS word and excel are vulnerable to macro viruses but that's pretty much taken care of by using a decent virus scanner nowadays, so I didn't feel they qualified for top ten. IE didn't seem to be that much worse than any of the other browsers (except opera), and is pretty easy to secure by locking down the settings. The only big SQL-Server one I've heard of is Slammer, which is supposedly fixed now.

Chris Berry
compjma@hotmail.com
Systems Administrator
JM Associates

"Encrypt everything, and ask questions later."

---

STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail

---

Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.      

Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance.           

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm

---

Received on Wed Jul 2 11:57:32 2003