| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: yossarian at planet.nl (yossarian)
Subject: Anti-MS drivel
> On Sat, 2004-01-17 at 13:47, James Patterson Wicks wrote:
>
> > Business on the other hand is moving slowly to Linux. Why slowly? Who
> > do you sue when your business is hacked by someone who planted a
> > backdoor in the Linux kernel? Won't happen you say? Let's see, almost
> > happened once already . . .
>
>Scott Taylor wrote"
> How many businesses are suing Microsoft for putting out a wonderful
> platform on which to automatically replicate viruses? No, the reason is
> that managers get their free keychains and t-shirts from Microsoft for
> going to their stupid seminars and believe that all their vaporware will
> really revolutionize the world pretty soon, if only they choose to
> invest hundreds of hours converting their current enterprise into
> something that fits the active directory model, and in the process
> paying excessive amounts of money to consultants that correctly answered
> a couple multiple choice tests to get their silly Microsoft
> certification. Its a free market, let them waste their money like that.
> I've found some great deals on hardware at the auctions of companies
> that really truly believed all that marketing crap.
It is not the keychains 'n stuff. MS software suits amateurs better, 95% or
more of all people using computers are basically that, amateurs. By choice
or by necessity. Maybe that is why linux is safer as well - beginners don't
touch the stuff.
In many businesses it still holds true that MS rules the desktop, but is
considered a frivolous piece of computing, not to be taking too seriously.
It is the smaller companies relying on MS alone, rarely bigger companies -
unless it is IT companies of course. But they don't need a fully functional
network anyway - just powerpoint. IBM still holds a firm grip on the bigger
environments, but people working on big iron in that line of business rarely
touch the internet - even less security groups, since that is a boring
debate between MS Believers and *NIX Zealots talking about CGI sploits
updates for distro whatever or something, and PHP scripts. When do we get to
see some real software over here?
I checked the flaws reported the last week - and yes I read many many lists,
some 250 mails per day - and the only thing getting close to software used
in bigger environments is this BEA thingie 5 days ago. Yeah, and I quote: "a
weakness in BEA WebLogic Server and Express allowing malicious people to see
a password when it is entered {a weakness in BEA WebLogic Server and Express
allowing malicious people to see a password when it is entered - it is
echoed to the screen when using ANT". So what? Looking at a keyboard is
easier. And stuff like BEA, or any J2EE for that matter, are just emerging
on the perifery, and have still a long way to go. The security industry is
primarily focussed on what is happening in small computing or the internet,
and these discussions here just mirror this narrowness. Alas, yet true. This
is also an explanation for the lack of legal claims - one of many, I know
that - against MS for the vulnerable software, it rarely hurts the bigger
companies that can afford the legal costs. And Yes you guys can give me a
lot of examples of companies hits over the years. So can I. But think again,
there are a lot of big companies out there. Do they all keep silent? You
think they can?
And a propos the ADS rant - you can hardly call it an MS invention. For me
it is NDS revisited. Lets face it - IT companies can't design software that
suits entire companies. Especially all of them.
Have fun, it is supposed to be weekend.
Powered by blists - more mailing lists