Re: [Full-Disclosure] Support the Sasser-author fund started
scosol_at_scosol.org
Date: 05/16/04
- Previous message: Georgi Guninski: "Re: [Full-Disclosure] Support the Sasser-author fund started"
- In reply to: Seth Alan Woolley: "Re: [Full-Disclosure] Support the Sasser-author fund started"
- Next in thread: Georgi Guninski: "Re: [Full-Disclosure] Support the Sasser-author fund started"
- Reply: Georgi Guninski: "Re: [Full-Disclosure] Support the Sasser-author fund started"
- Reply: Bill Royds: "RE: [Full-Disclosure] Support the Sasser-author fund started"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Seth Alan Woolley <seth@positivism.org> Date: Sun, 16 May 2004 12:19:21 -0700
Seth Alan Woolley wrote:
> On Sat, May 15, 2004 at 08:31:25PM -0400, Shane C. Hage wrote:
>
>>Why should Microsoft have more blame?
>>
>>In my opinion, I believe that software companies, especially Microsoft, have
>>taken all of the appropriate steps to provide security within their
>>products.
>
>
> Keep your head in the sand, then. The design from the very beginning
> was put together without security in mind. Their OS revolutionized the
> anti-virus industry. There are numerous alternative operating systems
> and cases where worms and viruses have been created for them (cf. the
> Morris worm, slapper, etc), and most of the bandwidth in the world sits
> on non-Microsoft software, mind you.
Isn't that more of a very gray area?
Yes, MS operating systems weren't really designed with security in mind
until (IMO) NT4, and then- that security wasn't really pushed to the
consumer until Win2k- but- that was *5 years ago* that it was.
Win2k and WinXP aren't that different from OSX or most popular Linux
distros from the "number of network servers enabled" perspective-
The MS operating systems are the main source of problems for really only
2 reasons:
1) their popularity makes them the most valuable targets
2) people don't update
All of us on this list know that if all consumers ran auto-update
properly and had it install stuff automatically, these worms would
become very rare occurences. (while admittedly creating an interesting
new set of problems)
I don't really see what more MS can be expected to do, short of shoving
auto-update down everyone's throats whether they like it or not (which
will bring the tinfoil-hat crowd out in force)
It is very seldom that a worm is out before the fix for the exploited
vulnerability- it's just a matter of diligence.
Also- your argument of "most of the bandwidth in the world sits
on non-Microsoft software" is IMO invalid- these machines that you speak
of are not operated by consumers- people are paid to keep them updated
and secure.
-- AIM: IMFDUP http://www.scosol.org/ RIP Red-Boy - 1998-2004 - "jupiter accepts your offer" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Georgi Guninski: "Re: [Full-Disclosure] Support the Sasser-author fund started"
- In reply to: Seth Alan Woolley: "Re: [Full-Disclosure] Support the Sasser-author fund started"
- Next in thread: Georgi Guninski: "Re: [Full-Disclosure] Support the Sasser-author fund started"
- Reply: Georgi Guninski: "Re: [Full-Disclosure] Support the Sasser-author fund started"
- Reply: Bill Royds: "RE: [Full-Disclosure] Support the Sasser-author fund started"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
