Re: [Full-Disclosure] Knocking Microsoft
From: William Warren (hescominsoon_at_emmanuelcomputerconsulting.com)
Date: Fri, 27 Feb 2004 16:21:42 -0500
James P. Saveker wrote:
> Some personal thoughts,
> Yes indeed it's no secret that Microsoft valued functionality over security
> for many years. I think that's how they are a market leader today. This
> model could not be sustained however, as with the advent of exponential
> internet growth security has undoubtedly become a major concern.
> Microsoft has in there defence started the trustworthy computing scheme,
> which many would not hesitate to laugh at. However windows server 2003 does
> not by default load unnecessary services. Microsoft has developed "bits"
> client to downloaded patches requiring minimal user interaction depending on
> the configuration. In the enterprise they have improved SMS server to
> deploy patches across "bits". For smaller business they offer SUS for FREE.
> The code they produce is far more stringently tested in regard to security
> than perhaps it was before.
really? then are some ofhte flaws in win nt4 able to be exploit in 2k3?
NOt a very good code review in my eyes.
> The key to increasing the windows security model is not just one thing,
> however with the advent of granular code patches will be smaller and cheaper
> to deploy requiring much less bandwidth than today. Longhorn will be a big
> jump for Microsoft and a major test of the trustworthy computing yada yada.
> I do not understand why people knock Microsoft so much in regard to security
because it has been up to htis point marketing combined with FUD..which
unfortunatly many buy into.
I regularly hear people talking about how many vulnerability's
> Microsoft has and how poor this is. As everybody subscribing to this list
> and similar zone-h, bugtraq etc will know Linux has many warnings posted
here we go..apples to oranges..you have to take thelinux kernel AND all
the 3rd party packages and combine them to approach MS's vulnerablility
Yet I rarely hear people talking about that and indeed how it is far
> more difficult to keep linux distro's up to date. Windows has a far greater
> end user base than any other operating system. It would be a fair
> assumption to then say that perhaps virus writers and "hackers" are going to
> look for ways to exploit windows far more than other "end user" system in
> order to gain greater penetration. That is not to say that people do not
> look for sploits in web application servers running nix and other such
> systems in respect to the amount of nix servers on the net.
considering that linux is the #1 webserver paltform..hackers nail it all
the time..though most tiems they are able to deface or own due to admin
misconfiguring rather than code that is filled with bugs and holes.
> I don't mean to open an open "sauce" debate but merely say my bit and see
> others peoples views on the topic.
> James Saveker
> "The only thing which helps me maintain my slender grip on reality is the
> friendship I share with my collection of singing potatoes..."
Full-Disclosure - We believe in it.