lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 5 Jul 2004 09:40:09 +0200 (CEST)
From: "Radoslav Dejanovic" <radoslav.dejanovic@...us.hr>
To: "Alun Jones" <alun@...is.com>
Cc: bugtraq@...urityfocus.com
Subject: RE: Microsoft and Security


> figure out exactly what you're looking for.  Perhaps it's just a platform
> to
> vent at Microsoft - fine, vent away.  If you have any suggestions for
> improving the process, perhaps you should try and express those
> suggestions
> in a coherent manner that could be used, rather than choosing several
> contradictory stances and insisting that Microsoft satisfy them all.

IMHO, security issues in Microsoft OS are closely interwined, due to the
centralized nature of the software. While you can easily fix Mozilla or
KHTML problem without worying that it is going to break some part of Linux
kernel, this might be of great concern on Windows platform. I think
Microsoft got caught with all this security stuff; remember that up to
Windows NT there weren't any serious security measures on desktop and
networking side. Just as Microsoft got caught with the Internet (if you
remember "MSN is going to be the network of the future" statements back
then, and all those plans to put communication sattelites in the orbit),
they got caught with security issues - if I may say, Redmond
underestimated them. Now, it is going to be tough one to solve: software
is centralized and interdependent, it will teke time to solve all those
issues while breaking as few things as possible, and the transition simply
*must* be easy for the end user, not to mention the business world that
needs to get things fixed, not broken up. So I belive this security game
is going to be tough and expensive for Microsoft, mainly for the reason
that they integrated a lot of things. This bunch of interdependencies is
going to give them a big headache.
If you ask me for one advice to help resolving this in the future, it
would be: stop integrating, diversify! After all, this Unix philosophy of
having a myriad of small tools to solve comnplicated tasks has proven to
be tougher for end user, but safer and more versatile in the end.
But for Microsoft it has been just the opposite strategy. With it's set of
great advantages, but with a set of painful disadvantages as well.

-- 
Radoslav Dejanovic
founder and director
Operacijski sustavi d.o.o.
http://www.opsus.hr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ