Re: Free Commodities Are Abused

From: Vernon Schryver (vjs_at_calcite.rhyolite.com)
Date: 11/16/05

• Next message: Milan VXdgsvt: "Re: Authentication on both sides"
• Previous message: TC: "Re: Looking for an encryption program"
• In reply to:(deleted message) Gene Cash: "Re: Free Commodities Are Abused"
• Next in thread: Len: "Re: Free Commodities Are Abused"
• Reply: Len: "Re: Free Commodities Are Abused"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 15 Nov 2005 22:01:12 -0700 (MST)

>If Linux or Mac boxes were as popular, they'd be a problem too, just
>maybe a smaller one. You'd see 'em running insecure services that didn't
>need to be there, people running crap from their email, and similar.
>
>It's just as hard to secure a UNIX box as it is a Windows box, although
>you can make it more secure in the end, and it's easier for the distro
>folks to make it secure out-of-the-box.

That is the standard Microsoft lie. It is a lie (although most of those
who repeat it don't know it is a lie), because it tries to obscure a
vital difference. Because many Windows applications do not work unless
run as Administrator, the de facto default user account on a Windows
box is equivalent to "root" on a UNIX-like system.

It is also a lie because it obscures a long history of Microsoft design
choices in favor of "user friendliness" over security. For years
Microsoft argued in public that the Java sandbox is a needless bother
and that ActiveX's power to do anything to any part of the system is
a vital feature. Microsoft has always been bent on confounding
authentication with authorization.

Then there are the many "features" of Internet Explorer and Outlook
(Express) that involve not only running any program that comes along,
but violating official standards to do it. Consider executing mail
messages from perfect strangers as programs despite their explicit
official non-program MIME types because they have names that look like
programs to Windows. Check the old IETF PPPEXT WG mailing list archives
where Microsoft argued strenuously for their notion of link layer
authentication and authorization based on claims that employees of a
bank would share a single user name and password.

Look at the insecurity of relatively recent Microsoft products, such
as MediaPlayer. That those holes are rationalized as protecting the
intellectual property of such as Sony instead of user friendliness is
not a step in the right direction.

Speaking of Sony, contrast the results of using those suddenly infamous
CDs on Windows, Linux, and Mac boxes. On only one are you likely to
get a rootkit. On all three, you'll get music, unless you try to
remove the rootkit, after which that CD drive will be kaput. Sony is
responsible for publishing those CDs, but Microsoft is responsible for
forcing most users to run as Administrators so that the rootkit can
be essentially covertly installed, for making Autorun the default, and
for making a rootkit easy to build compared to the other platforms.

Instead of unthinkingly repeating Mr. Ballmer's blather, really do
contrast Apple's history of security problems with Microsoft's.
Compare Apple's current problems with their current installed base
with any point in Microsoft's history back even to Microsoft's start
with DOS viruses when there were far fewer Microsoft systems than
there are now Macs.

Again, I don't particularly want to insult the other person, because
like most who repeat the Microsoft line, he probably does not know (or
want to know) that it is a pack of lies. I also don't want to minimize
the security problems in other systems. I just would like a reduction
in the dishonest apologia for convicted predatory monopolies.

Vernon Schryver vjs@rhyolite.com

---

• Next message: Milan VXdgsvt: "Re: Authentication on both sides"
• Previous message: TC: "Re: Looking for an encryption program"
• In reply to:(deleted message) Gene Cash: "Re: Free Commodities Are Abused"
• Next in thread: Len: "Re: Free Commodities Are Abused"
• Reply: Len: "Re: Free Commodities Are Abused"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Free Commodities Are Abused ... > That is the standard Microsoft lie. ... Because many Windows applications do not work unless ... > CDs on Windows, Linux, and Mac boxes. ... (sci.crypt) Re: People hate Linux ... Another lie. ... people would rather PAY to use Microsoft products then to use FREE ... Microsoft or Windows and I suspect your answers will be slightly different. ... (microsoft.public.windows.vista.general) SecurityFocus Microsoft Newsletter #176 ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows XP HCP URI Handler Arbitrary Command Execu... ... PHPNuke Category Parameter SQL Injection Vulnerability ... Microsoft Baseline Security Analyzer Vulnerability Identific... ... (Focus-Microsoft) SecurityFocus Microsoft Newsletter #49 ... Subject: SecurityFocus Microsoft Newsletter #49 ... Microsoft Windows NNTP Denial of Service Vulnerability ... Microsoft IIS SSI Buffer Overrun Privelege Elevation Vulnerability ... Microsoft ISA Server H.323 Memory Leak Denial of Service... ... (Focus-Microsoft) SecurityFocus Microsoft Newsletter #153 ... MICROSOFT VULNERABILITY SUMMARY ... ZoneAlarm Random UDP Flood Denial Of Service Vulnerability ... FloosieTek FTGatePro Mail Server Path Disclosure Vulnerabili... ... Microsoft Windows NetBIOS Name Service Reply Information Lea... ... (Focus-Microsoft)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)