The Knowledge Base article is no longer available on support.microsoft.com, but a lot of other sites have a copy: http://www.kbalertz.com/Feedback_820673.aspx Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor@pivx.com Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> -----Original Message----- From: Kim Scarborough [mailto:kjs@uchicago.edu] Sent: Friday, April 16, 2004 10:01 AM To: bugtraq@securityfocus.com Subject: "Delete anti-virus and firewall software" --Microsoft Isn't the "Resolution" in this Knowledge Base article a little, uh, ill-advised: <http://support.microsoft.com/default.aspx?scid=kb;en-us;820673> Isn't this the same company that says things like this under "Mitigating Factors" in their security bulletins: "Firewall best practices and standard default firewall configurations can help protect networks from remote attacks originating outside of the enterprise perimeter. Best practices recommend blocking all ports that are not actually being used. For this reason, most systems attached to the Internet should have a minimal number of the affected ports exposed." Unless you want to use Outlook, I guess. I don't even want to think about the implications of Microsoft *encouraging* Outlook users to uninstall anti-virus software... -- ------------------------------------------------------------------------ ---- Kim Scarborough http://www.unknown.nu/kim/ ------------------------------------------------------------------------ ----