Feeds

Roll up for the MS UK Win2k backdating updating system

We think maybe there's something they're not telling British businesses...

  • alert
  • submit to reddit

3 Big data security analytics techniques

Attention British businesses! Are you serious about security? Well, of course you are, so try this little excursion along the Microsoft road to corporate security.

First, fish out one of those old Windows 2000 Professional distribution CDs you have, and do a fresh install. As you're a British business, remember to set your system locale to UK. Now, go and get a copy of Microsoft Baseline Security Analyzer. This, in case you weren't aware, is a handy free tool for checking for vulnerabilities on systems, and has the particular advantage (unlike Windows Update) of allowing you to download the patches and install them on multiple machines, rather than just the one. You can get it here. It's an approved Microsoft security tool, as opposed to a favoured one, so they'll kill it off some day, but it's handy for the moment. Install it, fire it up and scan.

Scary, eh? Obviously, rather than grab that little lot all in one go, it makes sense for you to grab the latest Service Pack and see how many of the vulnerabilities are hosed by installing that. So now we'll use Baseline Security Analyzer to find the Service Pack. Click on the "How to correct this" link next to one of the vulnerabilities, then on the Software Update Services link at the bottom of the page it takes you to. Next, click on downloads in the left hand panel, then Service Packs.

Nearly there? Er, not exactly. Click on the Windows 2000 link and you go through to "How to Obtain the Latest Windows 2000 Service Pack (UK Version)" - because you're in the UK, and Microsoft knows this, right? As you can see, it's all spiffily up to date here - you can get Windows 2000 Service Pack 3, and all the post-SP3 hotfixes as well. What's that we hear you say? Win2k SP4's been out for yonks?

Well, not in Microsoft UK land, apparently. But don't worry, as you see, the link to SP3 takes you straight through to an MS UK site 404 page anyway. You may now, if you like, start searching microsoft.com for a version of SP4 that you can download and install by hand, but we really don't advise it, given that Microsoft's ultra-helpful systems will keep kicking you over to what they think are the latest updates for your UK system. And yes, well-spotted, you don't actually need to install Baseline Security Analyzer to have Microsoft's search systems screw over a system set to the UK, but we shoved it in anyway because it's a logical route for your average security-conscious business to take, if they don't want to use Windows Update.

And the moral of this little exercise? Well, the minor moral is that you're clearly better off searching for things on microsoft.com with Google (win2k sp4 gets you this as first rank), but the major moral is as follows. Microsoft is, as we keep hearing, serious about security, and it's also very serious about automating its systems so that they magically, painlessly, helpfully keep your systems up to date. Microsoft, however, is demonstrably incapable (see above) of automating its own systems to the extent that the automation itself is up to date. Therefore, the more automated it all gets, the more likely things are to break, and the less likely it is that you'll be able to dig yourself out and fix it by hand.

But the next generation of software update services will be better, right? Honest... ®

SANS - Survey on application security programs

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Windows XP still has 27 per cent market share on its deathbed
Windows 7 making some gains on XP Death Day
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.