RE: [ok] [Full-Disclosure] RE: [Full-Disclosure]MS should re-write code with security in mind

• Previous message: KF_lists: "Re: [OT] Re: [Full-Disclosure] lame bitching about xpsp2"
• Next in thread: James Tucker: "Re: [ok] [Full-Disclosure] RE: [Full-Disclosure]MS should re-write code with security in mind"
• Reply: James Tucker: "Re: [ok] [Full-Disclosure] RE: [Full-Disclosure]MS should re-write code with security in mind"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Clairmont, Jan M'" <jan.m.clairmont@citigroup.com>, <full-disclosure@lists.netsys.com>
Date: Wed, 18 Aug 2004 16:00:05 -0500

Clairmont, Jan M wrote:
> M$ should just bite the bullet and re-write windows with
> security in mind, give it a true process scheduler, multi-user
> with windows as a client server processes.
<snip>

It ain't gonna happen. There is so much legacy code, dating all the way
back to NT 3.5 in 2K XP that no-one really knows how it works. Of course,
that is the beauty of open-source, lots of people know how Linux works.

Of course you don't have to be open-source to be secure, as Netware was
always built with security in mind. Novell engineers have a saying, "We
patch Netware twice a year whether it needs it or not." I hate to see it
go. I love SuSE linux, am running the 64-bit version on AMD, but I wish
they were keeping the Netware kernal also, for my security-critical clients.
Sadly, the days of not having to run around patching servers all the time
will be gone after Netware 7.

BTW, when I have to run windows (rarely), I start a VMWare session under
SuSE, do what I need, and close it out as quickly as possibe, after checking
for patches of course ;)

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• application/ms-tnef attachment: winmail.dat

• Previous message: KF_lists: "Re: [OT] Re: [Full-Disclosure] lame bitching about xpsp2"
• Next in thread: James Tucker: "Re: [ok] [Full-Disclosure] RE: [Full-Disclosure]MS should re-write code with security in mind"
• Reply: James Tucker: "Re: [ok] [Full-Disclosure] RE: [Full-Disclosure]MS should re-write code with security in mind"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [NT] Cumulative Security Update for Internet Explorer (MS04-025) ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ... (Securiteam) [NT] Vulnerability in HTML Help Allows Code Execution (MS05-001) ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ... (Securiteam) Re: The Myth of the secure Mac ... OEM Windows XP Home goes for a bit under $100. ... >> secure than Home. ... Though this really has nothing to do with security. ... Microsoft counts on third-party developers to provide more ... (comp.sys.mac.advocacy) SecurityFocus Microsoft Newsletter # 149 ... MICROSOFT VULNERABILITY SUMMARY ... EveryBuddy Long Message Denial Of Service Vulnerability ... Intellitactics Network Security Manager ... Windows operating systems. ... (Focus-Microsoft) SecurityFocus Microsoft Newsletter #120 ... Strengthening Network Security: FREE Guide Network security is a ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows File Protection Signed File Replacement... ... PlatinumFTPServer Information Disclosure Vulnerability ... (Focus-Microsoft)