[E] Re: BIND 9 windows XP builds

Tue Apr 18 15:04:03 UTC 2017

no, microsoft is *not* repsonsible for fools which connect a 15 years 
old, long unsupported OS version to a network. responsible are the 
people who are running that machines from hell and vendors which provide 
updates for software running on them which appears for users that there 
is some support - just build the binaries with a compiler so that they 
don't run on WinXP "by accident" and the problem goes away sooner or 
later when the machines are no longer working at all

Am 18.04.2017 um 16:39 schrieb David Erickson via bind-users:
> One could argue the problem is Microsoft in general.  Problem is people don't take security seriously cause they don't think they could ever get compromised or hacked.  And then most of the ones who have already been compromised just ignore the symptoms thinking their old end of life system is just slow :)  But the Microsoft platform in general is the problem not just one single end of life platform :)  Unfortunately we definitely can't drop support for all of Microsoft lol

> -----Original Message-----
> From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of G.W. Haywood
> Sent: Tuesday, April 18, 2017 10:28 AM
> To: bind-users at lists.isc.org
> Subject: [E] Re: BIND 9 windows XP builds
> 
> Hi there,
> 
> On Tue, 18 Apr 2017, Evan Hunt wrote:
> 
>> ... I wanted to find out whether there's a reason for so many people
>> to still be doing this -- even if it wasn't a very good reason --
>> before I cut them off.
> 
> Personally I'm more than a bit surprised, and even a little offended that ISC still provides an XP build.  Running an XP machine connected to the Internet is like driving around town in an uninsured vehicle with no roadworthiness certificate.  It's irresponsible.  Those of us who manage mailservers and who take any kind of interest in the threat landscape will attest to the number of XP botnets still plying their obnoxious trade, especially (sorted by greatest volume in my mailserver logs first) from China, Vietnam, India and the USA.
> 
> Cut them off.  If, by being one more provider which drops support for a sociopathic menace, you tend to reduce the threat from it, then you will at least have the warm appreciation of hard-pressed and generally ill-appreciated mail administrators the world over.
> 
> If you don't already run 'p0f', then you might want to consider it to give you an idea of what's connecting to your servers.  I'd guess it will be more informative than any feedback you get from real users.
> It wouldn't surprise me if most of the downloaders of XP builds that you're seeing are themselves bots.