Rod and eEye Square Off
Interesting read if you missed it on patchmanagement.
Marc an eEye often find themselves the object of ridicule, deserved or not their reputation in the security arena carries a lot of weight but is also viewed as grey hat, at best.
My personal and business experience with eEye was not what I would call professional either. Several years ago when we were looking into a patch scanner/installer one product we looked at was eEye’s product. After I told our sales rep at eEye we were going to go with a different product (SMS 2003) he decided it would be a good idea to give my director a call, just to make sure he had all the information he needed. Our IT director has a vendor line that goes directly to voice mail and after he listened to the message he gave me a call wondering why this person was contacting him. After he found out that I had previously told the sales rep that we were going with a different product and he had called him directly it sealed the fate of eEye’s future. What the sales rep didn’t realize is that the decision was already made and that by contacting our director after knowing that fact told our director what type of company eEye was, be it true or not. I also had a few words with the sale rep after his phone call.
Our decision was based mostly on cost, $800 for SMS versus $60,000 for eEye’s…not to mention functionality. The choice was obvious then and the unprofessional actions of the eEye sales rep only enforced the decision.
RE: Why Did Microsoft Delay IE Patch?
Exactly -- magic or not, even though SMS is affected by the issue, so is any
application or service that utilizes the WU technologies for patch
distribution. So, that means it is not a problem with SMS, and is not the
reason why the patch was delayed.
_____
From: Richard Threlkeld [mailto:RichardT@1e.com]
Sent: Thursday, August 24, 2006 7:57 PM
To: Patch Management Mailing List
Subject: RE: Why Did Microsoft Delay IE Patch?
I don't have any insights to delays, who is a good or bad guy or if anyone
is mad at anyone else. On point #3 though it should be clarified that the
bug is with the Windows Update Agent itself which SMS consumes to do the
scan. You can actually repro the issue just by going to WU without SMS
involved whatsoever. In this respect there is some inaccuracy in the
article.
Like all media it's sensationalized a bit. Hopefully people realize this and
can discern fact from fiction.
Richard
_____
From: Marc Maiffret [mailto:mmaiffret@eeye.com]
Sent: Thursday, August 24, 2006 5:35 PM
To: Patch Management Mailing List
Subject: RE: Why Did Microsoft Delay IE Patch?
Those are a lot of great points made on the whim without any data to back
them up. So if we take each one:
1. Some sort of eEye bad guy reference, honestly I do not understand what
you were trying to write there and it probably is pointless. So i'll move
on.
2. You say it is inaccurate that SMS is the cause of the delay. Then
enlighten us all and tell us what was the cause of the delay? Or how you
magically know that SMS was *not* the cause of the delay.
3. SMS has a bug in the architecture. Again see #2, if you know different or
have any data or basically something other than your *opinion* then please
enlighten us all.
4. You say its inaccurate that MS is upset at eEye? Is that a typo?
I think the patch management folks did not let the post through because its
a bunch of claims without any substance. But whatever, everyone can have
their own opinion, i'd rather talk about the facts.
Signed,
Marc Maiffret
Founder/CTO
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9329
http://eEye.com/Blink - End-Point Vulnerability Prevention
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
_____
From: Rod Trent [mailto:rtrent@cinci.rr.com]
Sent: Thursday, August 24, 2006 12:20 PM
To: Patch Management Mailing List
Subject: RE: Why Did Microsoft Delay IE Patch?
Here's my original post (rejected by the PM.org folks because you posted
first. :) )
================
Just wanted to pass this along, as it identifies some misconceptions being
passed around the www. I don't know if the eWeek people misrepresented what
they quoted from eEye, but the article seems to point to SMS as a problem,
while this is not a SMS problem. I'll leave it to the eEye people to respond
about the clarity of the article.
<http://www.eweek.com/article2/0,1895,2007643,00.asp>
http://www.eweek.com/article2/0,1895,2007643,00.asp
This quote, I believe, is taken out of context:
"If we are finding this, we have to assume the bad guys are looking and
finding it too," Maiffret said.
That would indicate that eEye is a potential "bad guy"? eEye has done a
great job, but I think the way this article was written, the author was
simply looking for article views.
Other parts that are inaccurate in the article:
1. Stating SMS is the cause of the delay
2. SMS has a bug in the architecture
3. MS is upset with Eeye for talking about the new issue with the patch
================
I'm still going through this, so there could be more...
My insistence to cc Joris, was so that cNet is aware that the quotes in the
article may be misleading, depending on how the author idealized the
comments.
_____
From: Dunn, Frederick J [mailto:dunn@uthscsa.edu]
Sent: Thursday, August 24, 2006 2:58 PM
To: Patch Management Mailing List
Cc: Joris.Evers@cnet.com; Rod Trent
Subject: RE: Why Did Microsoft Delay IE Patch?
Rod,
Joris didn't write the press release, it is from EWeek. What needs
correcting? If it is incorrect then let the group know.
Fred
_____
From: Rod Trent [mailto:rtrent@cinci.rr.com]
Sent: Thursday, August 24, 2006 1:33 PM
To: Patch Management Mailing List
Cc: Joris.Evers@cnet.com
Subject: RE: Why Did Microsoft Delay IE Patch?
Jeez...this is simply not true. Feel free to contact me directly to fix the
issues in this news release.
_____
From: Joris Evers [mailto:Joris.Evers@cnet.com]
Sent: Thursday, August 24, 2006 12:44 PM
To: Patch Management Mailing List
Subject: RE: Why Did Microsoft Delay IE Patch?
Looking at this, it suggests that Microsoft is delaying their patch because
its patch management product can't handle it. Could this be seen as an
unfair benefit, perhaps even anticompetitive? What if Shavlik's tool or
Altiris couldn't handle a MS patch, would MS put a patch on hold? Should
Microsoft not have just issued the patch and then told SMS customers to hold
off until it fixed the problem for them?
--
Joris Evers
Senior Writer
CNET News.com
+1.415.344.2688
AIM: joriseversca
YIM: joris_evers
_____
From: Dunn, Frederick J [mailto:dunn@uthscsa.edu]
Sent: Thursday, August 24, 2006 7:18 AM
To: Patch Management Mailing List
Subject: Why Did Microsoft Delay IE Patch?
Why Did Microsoft Delay IE Patch?
Interesting read. Almost makes you want to choke someone.
<http://www.eweek.com/article2/0,1895,2007643,00.asp>
http://www.eweek.com/article2/0,1895,2007643,00.asp
----------------------------------------------------------------------------
------------
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to bind
1E Ltd to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.
----------------------------------------------------------------------------
------------
Trackbacks
Comments
