Re: Windows Is Now More Secure Than Linux
From: Alun Jones (alun@texis.com)Date: 07/31/02
- Next message: Richard Atkinson: "Re: Windows Is Now More Secure Than Linux"
- Previous message: Alun Jones: "Re: The main issues"
- In reply to: Richard Atkinson: "Windows Is Now More Secure Than Linux"
- Next in thread: Richard Atkinson: "Re: Windows Is Now More Secure Than Linux"
- Reply: Richard Atkinson: "Re: Windows Is Now More Secure Than Linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: alun@texis.com (Alun Jones) Date: Wed, 31 Jul 2002 12:28:53 GMT
In article <ai8666$11rtn9$1@ID-29070.news.dfncis.de>, "Richard Atkinson"
<big@un.com> wrote:
>FOR IMMEDIATE PUBLIC RELEASE
>
>CERT Advisory CA-2002-23 Multiple Vulnerabilities In OpenSSL
.. all fine and dandy so far...
>OpenSSL is compiled into just about every 'secure' application in the Unix
>world, OpenSSH, Apache/SSL, the list is endless. As I understand it exploits
>are in the wild.
>
>Windows is the only answer.
No.
You know, a lot of people see me as a "Windows defender", mainly because I pop
up and challenge people's incorrect assumptions based on rumour, supposition
and just plain wild guess, but I've got to tell you, this post of yours is
just plain idiotic.
Buffer overflows happen... occasionally. There are, perhaps, one or two
programmers out there who claim to have never put any in their published code,
and who might be right in their assertion - although I wouldn't ever trust my
system to such an assumption. Buffer overflows happen in Unix systems, in
Linux systems, in IBM systems, etc, and in Windows. Exploits happen in all
systems. It's ludicrous to suggest that _any_ one operating system is "the
only answer" to security worries.
For what it's worth, there are bugs in the Windows CryptoAPI that make SSL on
that platform less than wonderful - for instance, there have been more than a
couple of posts that indicate that a DSA-signed certificate doesn't work in
any of the sample server code provided by Microsoft. When those posts
appeared (one from me, so I'm pretty sure that it doesn't work), there was no
reply from Microsoft to the issue.
The solution, if there is one, to security problems, is to choose a supplier
that keeps you informed, and to stay informed, about flaws - and fixes - in
the platforms you administer. Security is not a passive, "fire and forget",
process, it's something you have to keep at, something you have to repeatedly
check. Right now, Microsoft is one such supplier, yes, and its software is
certainly more secure than ever before, and is being maintained in a more
secure fashion than ever before, but it's not the only such supplier.
The best that you can say right now is that it's meaningless to make a
purchasing decision based on security alone - the security aspect is not the
over-riding issue that it once was, and you now have to consider it as part of
the whole picture (along with the old favourite "will it do the job I need it
to do").
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
-- Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at 1602 Harvest Moon Place | http://www.wftpd.com or email alun@texis.com Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.
- Next message: Richard Atkinson: "Re: Windows Is Now More Secure Than Linux"
- Previous message: Alun Jones: "Re: The main issues"
- In reply to: Richard Atkinson: "Windows Is Now More Secure Than Linux"
- Next in thread: Richard Atkinson: "Re: Windows Is Now More Secure Than Linux"
- Reply: Richard Atkinson: "Re: Windows Is Now More Secure Than Linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
