Mircosoft are showing their true colours again, this time refusing to make a fix for a Denial of Service attack available for NT4 (Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks). In essence, they say it is too difficult to write a code-fix or service pack for NT4.
Repeat after me:
“Thank God this can’t happen in Open Source systems.”
s/fax/fix/
Hi Ken, not being snotty or sarcastic but did you ever consider that MS may not be bothered patching this issue as there really isn’t a point?
Lets remember, NT admins have evolved differently than their Unix counterparts. Where Unix guys running production systems don’t like to fly without a safety net and take a cautious approach to patching and upgrades, NT guys have dealt with patches and required OS rebuilds for years.
Having seen them work up close for a few years now I can tell you for a fact that their mindset is much different than Unix admins. To this end I believe that very few of them are still running NT 4.0 for critical or internet facing tasks.
At one stage 100% of our windows servers were NT 4.0, now 100% of then are Win2K, and in less than a year I’d guess 100% of them will be Win Server 2003.
As I said, NT guys have evolved differently from Unix admins, they tend to upgrade OS’s quicker as usually the upgrade solves a clutch of current outstanding issues, as well as introducing a whole new set of bugs of course, they also tend to patch and rebuild more frequently so they are used to being on the bleeding edge of their platform.
I’m not sure it’s about it being too difficult, I think a lot of it is about there being on a miniscule NT 4.0 userbase which this might currently effect, and even those users it does effect are probably planning to drop it soon and step up to the next rev of the OS.
Sure Open Source would solve this issue, but would there be users who require it is the question.