In a system of about 50 users, Windows Updates are blocked by the hardware
filter iPrism. And the response from the un-IT supervisor is "the hardware
Internet filtering protects the network so updates are not needed". I know
this is not true and I need supporting documents to show her bosses just how
wrong she is.
I have computers with SP1, SP2 and SP3. I need ammunition. I need
Microsoft information that explicitly states the dangers of not updating
computers. Links to documents or other are appreciated.
Go to www.microsoft.com/security and start reading about all the updates and
vulnerabilities.
Google for windows vulnerabilities.
You will have enough reading to last you for weeks.
It's just a matter of time until something drastic happens in your network
and to your computers.
Your IT guy will most likely get fired then, because of the high cost you'll
face in getting things back to normal.
He should be fired, anyway.
"Charlotte" <Char...@discussions.microsoft.com> wrote in message
news:592E973D-611B-4967...@microsoft.com...
:I have a supervisor without IT training that controls the entire network
:
"Charlotte" <Char...@discussions.microsoft.com> wrote in message
news:592E973D-611B-4967...@microsoft.com...
2. Computers running WinXP SP2 will NOT be offered any further critical
security updates, Automatic Updates will cease to function, and Windows
Update website will not be available after 12 April 2010 until and unless
SP3 is installed.
Tip: Keep your resumé updated & ready to send out.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002
www.banthecheck.com
-------- Original-Nachricht --------
I looked into the FAQ of the iPrism product.
http://www.internet-filters.stbernard.com/faqs.shtml
LOL. It's just plain censorship, ah ..., internet filtering of URLs.
It's not even a firewall.
It has obviously nothing to do with security in its right sense.
It doesn't "protect the network" but your company against some wasting
of computer resources. Thats all. One access to one "right" URL, which
is not filtered, and you can forget about the security of your network.
Or you access a "legal" URL, which is manipulated by some chinese hacker ...
Not to mention the risks from mail attachments.
Shoot your IT-Supervisor to the moon.
Bernd
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html
On Aug 27, 4:03 pm, Charlotte <Charlo...@discussions.microsoft.com>
wrote:
[The original response I am now responding to was not made by me, headers
below my comments]
Sweet. An impersonating stalker.
It's probably SAQless, but I don't really care. Hope they have fun. ;-)
You actually need people like SAQless because it just proves a point - so...
Way to go SAQless! You keep pluggin' away!
They really went above and beyond on this one. Actually got an email
address one letter off from mine and everything. How sweet. ;-)
[The original response I am now responding to was not made by me, headers
below my comments]
[begin header of impersonator here]
From: Shenan Stanley <newsh...@gmail.com>
Newsgroups: microsoft.public.windowsupdate
Subject: Re: My supervisor says Microsoft Updates are not needed. Is that
tru
Date: Thu, 27 Aug 2009 15:13:30 -0700 (PDT)
Organization: http://groups.google.com
Lines: 44
Message-ID:
<36a7c448-0e05-4e87...@f20g2000prn.googlegroups.com>
References: <592E973D-611B-4967...@microsoft.com>
NNTP-Posting-Host: 67.207.214.172
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Trace: posting.google.com 1251411210 4854 127.0.0.1 (27 Aug 2009 22:13:30
GMT)
X-Complaints-To: groups...@google.com
NNTP-Posting-Date: Thu, 27 Aug 2009 22:13:30 +0000 (UTC)
Complaints-To: groups...@google.com
Injection-Info: f20g2000prn.googlegroups.com; posting-host=67.207.214.172;
posting-account=tfsa6QkAAAClgT9D9C8I2ZMAs0i0kfTH
User-Agent: G2/1.0
X-HTTP-Via: 1.1 groups.google.com
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET
CLR
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1; .NET CLR
3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729; OfficeLiveConnector.1.3;
OfficeLivePatch.0.0),gzip(gfe),gzip(gfe)
Path:
TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!newsfeed00.sul.t-online.de!t-online.de!news.glorb.com!postnews.google.com!f20g2000prn.googlegroups.com!not-for-mail
Xref: TK2MSFTNGP01.phx.gbl microsoft.public.windowsupdate:316493
[end header of impersonator here]
Unfortunately - your IT supervisor seems to be deluded. As others have
pointed out - the protect they are stating protects you does no such thing.
It especially does not protect you from an internal threat.
Suggest an External IT Audit - with that many users/computers, you'd be
justified if you just said you were worried about the company data.
"Shenan Stanley" <newsh...@gmail.com> wrote in message
news:utMbcc2J...@TK2MSFTNGP02.phx.gbl...
Shenan Stanley wrote:
> Unfortunately - your IT supervisor seems to be deluded. As others
> have pointed out - the protect they are stating protects you does
> no such thing. It especially does not protect you from an internal
> threat.
> Suggest an External IT Audit - with that many users/computers,
> you'd be justified if you just said you were worried about the
> company data.
Rich wrote:
> Unfortunately you, Charlotte, probably will receive the blame
> initially if something bad happens. Your Supervisor will then take
> credit for solving the problem, under influence from the Vendor,
> buying more expensive hardware from them.
Actually - I don't see how.
I did not suggest they punch holes in the theory that they are protected -
by doing something dangerous anyway- I suggested they suggest an external IT
Audit.
Someone comes in that is hired by the company and talks to people, looks at
configurations and makes suggestions to the management - not the IT people,
not Charlotte. Seen them happen all the time - and although I usually don't
see the point - I guess it is because I don't wortk in places where the
audit finds much of anything. hah
Charlotte suggesting it in a manner that she is just concerned about the
company as a whole (not laying any blame, not specifically saying 'our IT
people are stupid' - just 'I think there are some things we need to look at.
"I noticed that the company machines are not updated (not even to the same
level) and our data may be at risk (internally and externally) because of
this and other things (the mention of the filtering package that doesn't
provide any protection, etc.) - I'd like to report this in hopes that you
(management) will take this seriously before something bad happens and we
are recovering instead of laughing about it not affecting us."
If nothing else- it puts the buzz in the ears of managment. If you have
nothing to do with IT - that may be the best you can hope for and you likely
wouldn't want to come in with evidence you may not be able to back up
completely given your lack of access. ;-)
"Shenan Stanley" wrote:
Unfortunately, the un-IT supervisor has a degree in HR and used to work for
the vendor that makes "security" and "network" suggestions. I hold 2 IT
degrees and 3 certifications and with no network access, have to sit back and
watch AND fix the problems that currently occur and will most likely come our
way with our network. I know that when the mess hits hard it will be an
ugly day for me.
I want to update the machines, plus many other security measures, but the
filtering hardware prevents me from doing so. It also prevents me from
updating antivirus and other mission-critical programs.
I am not quite sure why the HR person ended up with the network. I need to
convince a panel of 5 (HR person's bosses) that this person is incompetent
and putting sensitive information at risk. These are not technically
savvy folk.
Which is why I need help getting information to support the insane stupidity
of the HR person... other than security bulletins because I understand those
but the panel won't. Sort of Windows Updates and Securities for Dummies...
Or something from Microsoft that explains the importance of updates... I have
not found such a document.
I do thank all that have posted a response. Good giggles...