RE: [fw-wiz] You'll never get fired for recommending IBM - sorry - Microsoft
To: firstname.lastname@example.org Date: Tue, 16 Dec 2003 10:56:12 -0500
an unpatched MS machine with a firewall that had been purposely configured
to open 135 for legitimate reasons would have been infected by MSblast.
Therefore, your firewall is NOT "under the hood". Since Microsoft keeps huge
sections of their code to themselves, no firewall or any other product is
able to protect against all these vulnerabilities unless you shut down every
port. Yes, such products exist that shut down all ports but you are
effectively removing the fuel injection from the car along with the powered
windows and the air conditioning all because you know thiefs can break into
cars when those features are in use. So, in the same way, a computer with
all its ports shut down is a useless computer. A computer with some ports
shut is a hobbled computer.
If it were not for firewalls Microsoft would be out of business! (And quite
a few others too!)
Now, that's OK that Microsoft doesn't release their code. I have no problem
with that. But when that fact is combined with the enormous head count of
Microsoft OS running computers, now the concept of monoculture has some
It really has nothing to do with Microsoft. It has more to do with the
circumstances we now face in this particular situation.
i) explosive high speed Internet access growth
ii) little to no foreseeable regulation of Internet use
iii) extraordinarily large homogenous OS use
iv) huge amount of unpublished code in that single OS
v) increasingly sophisticated worm and virus authors
vi) worm and virus authors increasingly incented by monetary rewards
All these factors and more make OS diversification a serious consideration
in the security stance of any organization or individual.
From: Breno Jacinto [mailto:email@example.com]
Sent: Tuesday, December 16, 2003 11:35 AM
To: Hawkins, Michael
Subject: Re: [fw-wiz] You'll never get fired for recommending IBM -
sorry - Microsoft
* MHawkins@TULLIB.COM (MHawkins@TULLIB.COM) wrote:
> Hi Marcus,
> Regarding monoculture, let me use a common analogy. My car is no more or
> less secure than any other car because it's a car among several
> manufacturers, with hundreds of car alarm manufacturers and products,
> services. Imagine a world for car thiefs where 99% of the cars are made by
> one manufacturer and car alarm manfacturers are only allowed to stick
> alarms in the passenger compartment. No security device is allowed under
> hood. There'd be more stolen cars per day than the public would be willing
> to accept. Things would change. The monopoly would be broken up.
I used to think like this. But notice the sentence: 'No security device
is allowed under the
hood.'. If we go to computers, this is false. You can run the firewall
of your choice, as well as AV, and implement the security policy you want.
And thats the point where monoculture doesnt matter.
Yes, M$ is lousy when it comes to security. They spent more money on
cosmetics than on security. But imagine that Apple had the monopoly,
and MacOS X was run by 99% of the world, wouldn't it be the same
thing? If people dont care about security, ANY system will be
insecure, even the paranoid OpenBSD.
The point for Blaster being such a success wasnt for Windows
Monoculture. It was because people werent running any firewall to
simply block 135 or worse, wasnt even *AWARE* port 135 was open in
his computer. This is what has to be changed! Security is not tied to
an specific OS, its tied to a decent policy and user education and
proper use of security technologies.
> Should we accept the same in the computer industry?
> Can anyone think of a monopoly of a manufacturer good like Microsoft has
No this is no good. But it is exageration to say that because of this
the Internet is insecure. It's bad 'coz M$ manipulates people, forcing
an endless (free software is changing it) dependency game. But this is
too off-topic :).
> Mike H
// Breno Jacinto
// Key fingerprint = A5C3 3B22 140D C973 6AC6 2D62 2318 B8FA 15F9 D3FC
// Never be afraid to try something new. Remember, amateurs built the
// ark; professionals built the Titanic. -- Anonymous
firewall-wizards mailing list