Case Studies: NTBugtraq


NTBugtraq was created to invite the free and open discussion of security exploits or bugs in Microsoft products and third party products that run on Microsoft operating systems, including Windows NT 4.0, Windows 2000 and Windows XP. The mailing list, which was never intended to be a means to discuss "how to" issues, has become a widely used forum to report reproducible security issues that subscribers personally encounter.

"As the editor of NTBugtraq I can tell you there is no way that this forum would be what it is today were it not for L-Soft's LISTSERV®, LSMTP® and ListPlex® products," Russ Cooper, NTBugtraq Editor, said. "Managing the submissions of the list's 30,000+ subscribers is hard enough, but handling bounces and spam makes such a task nearly impossible ... without L-Soft. Together with easily created rules in my Microsoft Outlook inbox, I am able to quickly determine the messages I need to review, the subscribers who have forgotten how to unsubscribe and the bounces from broken mailers that need to be handled manually. In short order I'm done with my administrative tasks for managing a very large list, allowing me to focus on the subscriber messages. The HTML interface to the archives that L-Soft provides is amazing, with full text search as well as historical listings. My subscribers have never asked for any feature not already implemented."

The NTBugtraq list operates on a confirmation basis. Subscriptions and list postings generate a confirmation message from LISTSERV@LISTSERV.NTBUGTRAQ.COM. This is there for the protection of the subscribers, ensuring that subscription requests really are from the actual individual email address. It is also there to allow users time to think about their messages prior to their being posted.

"And I must say a word about the speed. When my list first got rolling I quickly overran the capabilities of my Exchange server and network connection. L-Soft offered me an unlimited LSMTP license once the list got above 5,000 subscribers because NTBugtraq is a free service for the public at large. While the speed did increase, bandwidth quickly became the issue. When we switched over to Listplex, all problems disappeared. Now I can deliver a message to my entire subscriber base in approximately 5 minutes (or less). It used to take over an hour to deliver a message to 5,000 subscribers," Russ Cooper said. "I can safely say that I would never want to use any list management software other than L-Soft. I have friends who have suggested I look at some open-source solutions, but as a dedicated Windows person I can safely say that none of them work as effectively for my environment as L-Soft's applications."

By keeping the identities of list subscribers confidential (Review option turned off), NTBugtraq's intention is to attract individuals in organizations who have the ability to address the issues that get raised on the list without compromising their positions. The list reflects the fact that to pay Microsoft US $195 in order to report a bug (although it is refunded 3 or 4 days later) can often mean the difference between reporting a bug and not reporting it. This list provides an alternative to that process, and at the same time, allows the rest of the Windows community the opportunity both to take up the issue with their own Microsoft representatives and protect themselves from the possible damage that a security exploit or security bug might cause.

The NTBugtraq archives are live archives, meaning that each time a message is posted to the mailing list, it is immediately available through the Web interface as well.

Case study written in December 2003 with Russ Cooper, NTBugtraq Editor.

LISTSERV is a registered trademark licensed to L-Soft international, Inc.

See Guidelines for Proper Usage of the LISTSERV Trademark for more details.

All other trademarks, both marked and unmarked, are the property of their respective owners.