Re: [Full-Disclosure] Knocking Microsoft

From: William Warren (hescominsoon_at_emmanuelcomputerconsulting.com)
Date: 02/27/04

  • Next message: cdowns: "Re: [Full-Disclosure] Knocking Microsoft"
    Date: Fri, 27 Feb 2004 16:21:42 -0500
    
    

    James P. Saveker wrote:

    > Some personal thoughts,
    >
    > Yes indeed it's no secret that Microsoft valued functionality over security
    > for many years. I think that's how they are a market leader today. This
    > model could not be sustained however, as with the advent of exponential
    > internet growth security has undoubtedly become a major concern.
    >
    > Microsoft has in there defence started the trustworthy computing scheme,
    > which many would not hesitate to laugh at. However windows server 2003 does
    > not by default load unnecessary services. Microsoft has developed "bits"
    > client to downloaded patches requiring minimal user interaction depending on
    > the configuration. In the enterprise they have improved SMS server to
    > deploy patches across "bits". For smaller business they offer SUS for FREE.
    > The code they produce is far more stringently tested in regard to security
    > than perhaps it was before.
    really? then are some ofhte flaws in win nt4 able to be exploit in 2k3?
      NOt a very good code review in my eyes.
    >
    > The key to increasing the windows security model is not just one thing,
    > however with the advent of granular code patches will be smaller and cheaper
    > to deploy requiring much less bandwidth than today. Longhorn will be a big
    > jump for Microsoft and a major test of the trustworthy computing yada yada.
    >
    > I do not understand why people knock Microsoft so much in regard to security
    > today.
    because it has been up to htis point marketing combined with FUD..which
    unfortunatly many buy into.
       I regularly hear people talking about how many vulnerability's
    > Microsoft has and how poor this is. As everybody subscribing to this list
    > and similar zone-h, bugtraq etc will know Linux has many warnings posted
    > also.
    here we go..apples to oranges..you have to take thelinux kernel AND all
    the 3rd party packages and combine them to approach MS's vulnerablility
    numbers..nice try..:)
    Yet I rarely hear people talking about that and indeed how it is far
    > more difficult to keep linux distro's up to date. Windows has a far greater
    > end user base than any other operating system. It would be a fair
    > assumption to then say that perhaps virus writers and "hackers" are going to
    > look for ways to exploit windows far more than other "end user" system in
    > order to gain greater penetration. That is not to say that people do not
    > look for sploits in web application servers running nix and other such
    > systems in respect to the amount of nix servers on the net.
    considering that linux is the #1 webserver paltform..hackers nail it all
    the time..though most tiems they are able to deface or own due to admin
    misconfiguring rather than code that is filled with bugs and holes.
    >
    > I don't mean to open an open "sauce" debate but merely say my bit and see
    > others peoples views on the topic.
    >
    > James Saveker
    >
    > "The only thing which helps me maintain my slender grip on reality is the
    > friendship I share with my collection of singing potatoes..."
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: cdowns: "Re: [Full-Disclosure] Knocking Microsoft"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #103
      ... MICROSOFT VULNERABILITY SUMMARY ... Computalynx CMail POP3 Server DELE Function Denial Of Service... ... IIS and Frontpage Extensions Vulnerability. ... This article will offer a brief overview of some of the steps security ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter # 150
      ... - automatically set positive security policies for real-time protection, ... MICROSOFT VULNERABILITY SUMMARY ... Meteor FTP Server USER Memory Corruption Vulnerability ... MDaemon SMTP Server Null Password Authentication Vulnerabili... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #174
      ... This issue sponsored by: Tenable Network Security ... the worlds only 100% passive vulnerability ... MICROSOFT VULNERABILITY SUMMARY ... Novell Netware Enterprise Web Server Multiple Vulnerabilitie... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #73
      ... Intrusion detection through NT/2000 security logs: ... MICROSOFT VULNERABILITY SUMMARY ... NetScreen ScreenOS Port Scan DoS Vulnerability ... MS Site Server Unauthorized SQL Command Injection Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #90
      ... MICROSOFT VULNERABILITY SUMMARY ... Evolvable Shambala Server FTP Server Directory Traversal... ... SBS 2000 accounts security settings ... Windows operating sytems. ...
      (Focus-Microsoft)