Welcome to Dirteam.com/ActiveDir.org Blogs Sign in | Join | Help

The things that are better left unspoken

a blog by Sander Berkouwer

Related

AD Manager Plus
 

Blog roll

News



Archives

Server Core patching benefits, as shown by Secunia

On January 9 Jakob Balle from Secunia wrote an interesting blog post on its Personal Security Inspector (PSI) software. Here's a quick quote to get you up to speed:

95 out of a 100 computers that are connected to the Internet have insecure software installed. By "insecure application" it is understood, that there is a newer version available from the vendor of the application that corrects one or more vulnerabilities, but the user have yet to install the secure version.

To me the information in the post justifies the Server Core installation option in Windows Server 2008.

About Secunia and Personal Security Inspector (PSI)

Secunia is a Danish company in the industry of Vulnerability Assessment, Remediation, and Management. Secunia is a highly respected player in the industry. They are highly regarded and frequently acknowledged by software vendors, security institutions, and the global media. It is Secunias ambition to be the leading vulnerability intelligence provider and distributor in the world - second to none.

Secunias Personal Security Inspector is a piece of software you (as a private user) can use to map, patch, and secure the software installed on your computers. The best part of the software is you can join the PSI program for free.

How the figures came to be

The '95 our of a 100' statement was derived from the new PSI subscribers in the first week of January 2008, which were just over 20.000 PCs with well over 1,7 million applications. 

Secunia claims their PSI figures are 'best case' figures since they believe people with some sort of security consciousness and expertise download and install the program. Perhaps the opposite is also true and mostly people suspecting their PC to be vulnerable install the program...

Why Server Core won't be part of the 95%

When you're a subscriber to my blog you might have noticed Server Core is a minimalized installation option for Windows Server 2008 that is targeted at specific infrastructure server roles. I found five reasons why I think you won't find Server Core machines in the 95% region very fast:

  • It's an infrastructure server platform
    Windows server is mostly used as a server platform. Server Core doesn't provide much of the applications and eye candy a full installation of Windows Server 2008 (with the Desktop features enabled) offers. Very few people will use Server Core as their daily platform. Deploying it as a Terminal Server isn't very lucrative as well, since Server Core only allows one Remote Desktop (RDP) connection.
      
  • It's hard to leave it unpatched
    Most applications get installed as alternatives for other applications. Examples like Mozilla Firefox, Mozilla Thunderbird, Winamp, WinZip, and recently PDF printers get installed as alternatives to Windows programs that were installed out of the box. Since one of the products is not in use by the user anymore, it is mostly left unpatched. (but pieces of malware might just as well try to use it!) First off, since Server Core doesn't have much GUI tools it's not very easy to download alternative stuff onto it. Secondly, since Server Core doesn't come with fancy schmancy stuff like (Internet) Explorer the risk of leaving it unpatched is greatly reduced.
     
  • It has no stuff installed by default
    Server Core doesn't come with .Net Framework or Internet Explorer, which together are  responsible for the majority of Windows patches. With patching servers being a burden or at least a little bit of downtime some admins might choose to skip a Patch Tuesday, leaving their server unpatched. Skipping Patch Tuesdays might just be easy with Server Core.
     
  • It's used by expert admins
    Deploying Server Core installations of Windows Server 2008 requires some expert knowledge, a preference for using command lines and the will to deploy highly performing, highly stable but highly dedicated servers. I guess that rules out all the point-and-click admins out there. You know who they are: those admins that install any program they can find onto freshly installed Windows servers with the click of a button with reasons like "I thought that quad core box would be ideal for that Outlook password cracker. I thought I'd save myself some time"... sigh.
     
  • Personal Security Inspector won't run on Server Core Stick out tongue
    In the legendary words of Andrew Mason:
     
    It has dependencies outside of what is in Server Core.
     

 

Further reading

Interesting Statistics from the Secunia PSI 
How Insecure Is Your Computer? Ask Secunia PSI 
Nearly every Windows PC likely harbors an unpatched app, Secunia says 
Secunia: Alarming stats on insecure applications 
Security?! What the Heck Is It?! 
Fully patched PCs are a rare breed 
Nearly all Windows PCs have unpatched apps – Secunia
How Do You Rank in Unpatched Applications? 
Nearly every Windows PC likely harbors an unpatched app, Secunia says  
Iain McDonald and Andrew Mason show off the new Windows Server OS

 

Disclaimer Beta Software

The information on this webpage applies to software from Microsoft that was in testing phase but utilizable by experienced users by the time the webpage was written. This software has not been released for sale, distribution or usage for the general public. The information on this webpage and the beta software are provided "as is" without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose.

Posted: Friday, February 01, 2008 8:22 PM by Sander Berkouwer

Comments

The things that are better left unspoken said:

Microsoft touts the smaller attack surface as one of the biggest benefits of using Server Core, compared

# November 13, 2009 8:47 AM
Anonymous comments are disabled