Re: [Full-Disclosure] Knocking Microsoft

From: William Warren (
Date: 02/27/04

  • Next message: cdowns: "Re: [Full-Disclosure] Knocking Microsoft"
    Date: Fri, 27 Feb 2004 16:21:42 -0500

    James P. Saveker wrote:

    > Some personal thoughts,
    > Yes indeed it's no secret that Microsoft valued functionality over security
    > for many years. I think that's how they are a market leader today. This
    > model could not be sustained however, as with the advent of exponential
    > internet growth security has undoubtedly become a major concern.
    > Microsoft has in there defence started the trustworthy computing scheme,
    > which many would not hesitate to laugh at. However windows server 2003 does
    > not by default load unnecessary services. Microsoft has developed "bits"
    > client to downloaded patches requiring minimal user interaction depending on
    > the configuration. In the enterprise they have improved SMS server to
    > deploy patches across "bits". For smaller business they offer SUS for FREE.
    > The code they produce is far more stringently tested in regard to security
    > than perhaps it was before.
    really? then are some ofhte flaws in win nt4 able to be exploit in 2k3?
      NOt a very good code review in my eyes.
    > The key to increasing the windows security model is not just one thing,
    > however with the advent of granular code patches will be smaller and cheaper
    > to deploy requiring much less bandwidth than today. Longhorn will be a big
    > jump for Microsoft and a major test of the trustworthy computing yada yada.
    > I do not understand why people knock Microsoft so much in regard to security
    > today.
    because it has been up to htis point marketing combined with FUD..which
    unfortunatly many buy into.
       I regularly hear people talking about how many vulnerability's
    > Microsoft has and how poor this is. As everybody subscribing to this list
    > and similar zone-h, bugtraq etc will know Linux has many warnings posted
    > also.
    here we go..apples to have to take thelinux kernel AND all
    the 3rd party packages and combine them to approach MS's vulnerablility
    numbers..nice try..:)
    Yet I rarely hear people talking about that and indeed how it is far
    > more difficult to keep linux distro's up to date. Windows has a far greater
    > end user base than any other operating system. It would be a fair
    > assumption to then say that perhaps virus writers and "hackers" are going to
    > look for ways to exploit windows far more than other "end user" system in
    > order to gain greater penetration. That is not to say that people do not
    > look for sploits in web application servers running nix and other such
    > systems in respect to the amount of nix servers on the net.
    considering that linux is the #1 webserver paltform..hackers nail it all
    the time..though most tiems they are able to deface or own due to admin
    misconfiguring rather than code that is filled with bugs and holes.
    > I don't mean to open an open "sauce" debate but merely say my bit and see
    > others peoples views on the topic.
    > James Saveker
    > "The only thing which helps me maintain my slender grip on reality is the
    > friendship I share with my collection of singing potatoes..."

    Full-Disclosure - We believe in it.

  • Next message: cdowns: "Re: [Full-Disclosure] Knocking Microsoft"