RE: Bypassing Personal Firewalls
From: John Howie (JHowie@securitytoolkit.com)
Date: 02/24/03
- Previous message: Michael Howard: "Securing Windows 2000 Server Documentation"
- Maybe in reply to: xenophi1e: "Bypassing Personal Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Feb 2003 12:11:05 -0800 From: "John Howie" <JHowie@securitytoolkit.com> To: Torbjörn Hovmark <torbjorn.hovmark@abtrusion.com>, <bugtraq@securityfocus.com>
Torbjörn,
> ... There are just too
> many holes in Windows for it to be feasible to plug them all. The focus
> ought to be on preventing the code execution in the first place, not on
> trying to contain it.
>
I think it unfair to paint Windows with such a broad brush, especially as most other OSes had just as many, if not more, security problems in the last year. The reality is that most vulnerabilities are in applications (and usually third-party ones, at that) that run on the OS, and not in the OS itself. Your point about preventing code execution is right on the mark. Most attacks can be prevented through user education and methodical, secure, application development.
Regards,
John
- Next message: Thamer Al-Harbash: "Re: buffer overrun in zlib 1.1.4"
- Previous message: Michael Howard: "Securing Windows 2000 Server Documentation"
- Maybe in reply to: xenophi1e: "Bypassing Personal Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
