[8395] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Summary of Printer Sharing and M1CR0S0FT Windows98

daemon@ATHENA.MIT.EDU (Paul Leach)
Wed Nov 4 13:22:06 1998

Date: 	Tue, 3 Nov 1998 12:27:32 -0800
Reply-To: Paul Leach <paulle@MICROSOFT.COM>
From: Paul Leach <paulle@MICROSOFT.COM>
To: BUGTRAQ@NETSPACE.ORG

> -----Original Message-----
> From: Paul Leach [mailto:paulle@MICROSOFT.COM]
> Sent: Thursday, October 29, 1998 1:31 PM
>
> G. We have always been quite clear that Win95 and Win98 are
> not the systems
> to use if you are in a hostile security environment. We
> recommend Windows NT
> for those environments.

I guess I thought what the above meant was clear from context, but judged
from the volume of mail I got, it wasn't. I apologize for the confusion;
here's what I meant to say:

First, we absolutely do recognize that the Internet is a hostile
environment.

Second, that comment was talking about file and printer sharing servers on
Win9x, not its use as an Internet client. We do recommend use of Win9x as an
Internet client, and we have agressively fixed TCP DoS bugs, Internet
Explorer bugs and Outlook Express bugs (among others) that would affect
users connected to the Internet, and recommend that anyone connected
directly to the Internet with Win9x apply those patches (many of which are
already in Win98). A good place to start is
http://www.microsoft.com/ie/security. We are committed to continuing to fix
any such bugs.

It's because we recognize the Internet as hostile that I gave instructions
on how to disable file and printer sharing from a dialup Internet connection
in item D of the original post. Similar instructions would apply to cable
modems and to services other than file/print sharing.

In a corporate environment, using a firewall is recommended, so the hostile
environment is kept away from Win9x systems (and others!). In the home
context, disabling file/print sharing and other services is intended to do
the same kind of thing as a firewall -- prevent connections originating from
the hostile network from being made to services running on the system.
(Don't get me wrong: a firewall does it in a different and usually more
flexibile and scalable manner -- I'm _not_ trying to say that Win9x is a
firewall.)

Paul

home help back first fref pref prev next nref lref last post