[Full-Disclosure] Knocking Microsoft

• Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Knocking Microsoft"
• Next in thread: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Knocking Microsoft"
• Reply: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Knocking Microsoft"
• Reply: William Warren: "Re: [Full-Disclosure] Knocking Microsoft"
• Reply: cdowns: "Re: [Full-Disclosure] Knocking Microsoft"
• Maybe reply: David Vincent: "RE: [Full-Disclosure] Knocking Microsoft"
• Reply: Robert Brockway: "[OT] Re: [Full-Disclosure] Knocking Microsoft"
• Reply: Curt Purdy: "RE: [inbox] [Full-Disclosure] Knocking Microsoft"
• Reply: martin f krafft: "[Full-Disclosure] Re: Knocking Microsoft"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <full-disclosure@lists.netsys.com>
Date: Fri, 27 Feb 2004 20:15:55 -0000

Some personal thoughts,

Yes indeed it's no secret that Microsoft valued functionality over security
for many years. I think that's how they are a market leader today. This
model could not be sustained however, as with the advent of exponential
internet growth security has undoubtedly become a major concern.

Microsoft has in there defence started the trustworthy computing scheme,
which many would not hesitate to laugh at. However windows server 2003 does
not by default load unnecessary services. Microsoft has developed "bits"
client to downloaded patches requiring minimal user interaction depending on
the configuration. In the enterprise they have improved SMS server to
deploy patches across "bits". For smaller business they offer SUS for FREE.
The code they produce is far more stringently tested in regard to security
than perhaps it was before.

The key to increasing the windows security model is not just one thing,
however with the advent of granular code patches will be smaller and cheaper
to deploy requiring much less bandwidth than today. Longhorn will be a big
jump for Microsoft and a major test of the trustworthy computing yada yada.

I do not understand why people knock Microsoft so much in regard to security
today. I regularly hear people talking about how many vulnerability's
Microsoft has and how poor this is. As everybody subscribing to this list
and similar zone-h, bugtraq etc will know Linux has many warnings posted
also. Yet I rarely hear people talking about that and indeed how it is far
more difficult to keep linux distro's up to date. Windows has a far greater
end user base than any other operating system. It would be a fair
assumption to then say that perhaps virus writers and "hackers" are going to
look for ways to exploit windows far more than other "end user" system in
order to gain greater penetration. That is not to say that people do not
look for sploits in web application servers running nix and other such
systems in respect to the amount of nix servers on the net.

I don't mean to open an open "sauce" debate but merely say my bit and see
others peoples views on the topic.

James Saveker

"The only thing which helps me maintain my slender grip on reality is the
friendship I share with my collection of singing potatoes..."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• application/x-pkcs7-signature attachment: smime.p7s

• Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Knocking Microsoft"
• Next in thread: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Knocking Microsoft"
• Reply: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Knocking Microsoft"
• Reply: William Warren: "Re: [Full-Disclosure] Knocking Microsoft"
• Reply: cdowns: "Re: [Full-Disclosure] Knocking Microsoft"
• Maybe reply: David Vincent: "RE: [Full-Disclosure] Knocking Microsoft"
• Reply: Robert Brockway: "[OT] Re: [Full-Disclosure] Knocking Microsoft"
• Reply: Curt Purdy: "RE: [inbox] [Full-Disclosure] Knocking Microsoft"
• Reply: martin f krafft: "[Full-Disclosure] Re: Knocking Microsoft"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]