Re: Security rankings

From: Galen (galennews_at_gmail.com)
Date: 04/14/05 

Date: Thu, 14 Apr 2005 08:35:00 -0400

In news:jHm7e.505$fP5.114@fed1read03,
Imhotep <NoSpam@nothanks.net> had this to say:

<snip>

There. That's done. Now we'll be on the same page.

Now, I read said article. I read it clearly and completely. I am not, in my
opinion, sidestepping anything. Nor am I a MS zealot. I will rant just as
hard as the rest when there's a security problem with any OS assuming, of
course, that it's something that I can grasp well enough to rant about. My
original post was to show a reverse to your post and I still think that the
facts found in studies (regardless of who paid for the one which I find the
most authorative) carry more weight than opinions of 6000+ software
engineers. My post wasn't made to say, "You're wrong and I'm right." Not at
all. My post was there to provide you with an alternate viewpoint because,
in my opinion, the value of facts and testing is far greater than that of
opinions. (While I don't want to sound arguementative they're not engineers,
they're managers or, more accurately "software developement managers" but
that's a moot point and they're surely entitled to their opinions.)

I think that the most valid statement on the page you gave is the very first
comment. Here, I'll make it easy for you. I'll cut and paste:

<quote>

(Posted Apr 12, 2005 19:17 UTC (Tue) by subscriber jwb) (Post reply)
A developer survey reflects popular opinion versus actual experience. How
about a survey of sysadmins? That would be more interesting. Given that
every kernel released prior to April 4, 2005 has an exploitable SMP race, I
think you'll hear a slightly different opinions. Said opinion may be of the
form "Everything is crap!"

</quote>

If you go back to the original post and all the rest that I've made you'll
see that I didn't say any ONE source of information was correct. In fact I
agreed with your statement. You said interesting article and gave a link. I
agreed it was interesting and responded in kind to an alternate source of
information with an opposing view.

To answer the questions that I missed:

FUD - Fear, Uncertainty, Doubt

Why did I say it was practice that makes security in defense of *NIX?
Because, to be honest, I read a lot of articles and many of them point out
the exploits in the *NIX builds and many people think that it's less likely
to be secure than MS products. A lot of people also think that as the
popularity of the OS grows the number of found exploits will increase and I
can't argue with that logic. Instead, I believe that the security is based
on the actions of the end-user and/or administrator and that nothing will
ever be completely secure.

I certainly don't wish you to think you're being mistreated and that your
thoughts, opinions, and links aren't welcome. They are and you are. When you
post something that's as controversial as that and based soley on a survey
then you're going to get feedback. When you responded as you did (though you
seem to have calmed down a bit now) you did indeed seem as a *NIX zealot
which is okay. It's good to be excited and passionate about things. It turns
out that you're multi-platformed and that too's just fine.

You have here, from my experiences, one of the greatest collections of minds
gathered on the planet freely giving you their time. They are one of my most
valued resources and you're certainly willing to contribute and more than
welcome though you should be aware that when you post something you're going
to get feedback. Very seldom does that feedback result in personal
negativity and in a subject as vague as security at best you're going to get
alternate opinions most of the time.

Galen 

-- 
Signature changed for a moment of silence.
Rest well Alex and we'll see you on the other side.

Relevant Pages

  • Re: docking station or other for Inspiron 9300?
    ... Thanks Fred for the additional thoughts and opinions. ... I work out of a home office, and so am less concerned with the security ... The main reason I was considering the wireless though is that I need to buy ... > like having bluetooth enabled unless needed. ...
    (alt.sys.pc-clone.dell)
  • Re: Enough is enough...
    ... I work in computer security and companies have ... The result was that staff at the building were forever forbidden from having ... customers wouldn't actually given a hoot. ... the opinions expressed in this opinion do not necessarily ...
    (alt.computer.security)
  • Re: get ip
    ... Balmanno wrote: ... |> | Philippe l. ... You brought a security issue into this discussion. ... you should allow for other options and opinions. ...
    (microsoft.public.scripting.jscript)
  • Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?)
    ... Opinions are still... ... However Mr. Litchfield is in the category of expert that would be deemed an "expert witness" in a court of law. ... On the factual evidence of published/known vulnerabilities, the historically long time to patch, the revisions to released patches when they are found to not protect are clear evidence of a firm that needs to perhaps be a tad more security aware. ... In databases, probably the most common and public security event affecting the database security world, I would argue, was SQL slammer, an incident that had a patch available ahead of time. ...
    (Bugtraq)
  • Re: Koblitz and Menezes: Another Look at "Provable Security"
    ... security, how to interpret "proof of security" results, the limits ... Don't be surprised if others have differing opinions. ... PSS gets a stronger provable security ... that I am overjoyed when anyone reads one of my papers; ...
    (sci.crypt)