| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: mailinglists at wjnconsulting.com (Wes Noonan) Subject: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause > I never said that. I said if you're running on Windows, you are insecure. > :-) > If you are running something else, you may or may not be insecure. This, while you are entitled to your opinion, has no basis in fact. You can most certainly be secure running Windows. Security isn't a uniquely Linux scenario. > rp-pppoe is an old, stable product that hasn't changed in 2+ years and > is shipped by all major Linux distributions. People wanting support can > obtain it from their Linux distro vendor. (Unlike Microsoft: When > Microsoft end-of-lifes a product, you're out of luck.) I always get a kick out of this. MS (and everyone else) EOL's stuff because better and in many cases more secure solutions are out there. Rather than moving to them though, people complain first about how wrong it is to expect them to move then second about how insecure the product is (though the order sometimes changes). > Yeah, I know. Funny who the sponsor of those studies is, really... Sure, no real difference from the ones pushing Linux as lower cost though now, is it? > I can assure you that "Joe the admin" won't hack the Linux kernel. :-) > I've > met lots of sysadmins, and they have enough to do without modifying Linux. And yet to effectively harden Linux in many cases that is exactly what Joe the admin has to do (modify Linux). > The point is badly-taken, because administrators don't modify the source > to production systems (any more than a Windows admin would patch the > Windows > kernel with binary patches of his own.) Really? I know plenty of Linux admins that do that (recompile) to customize the product. In fact, many of them point to this as a reason for choosing Linux over Windows. > Microsoft is less complacent in about the last 6-9 months, because > they are finally seeing a threat to their monopoly. When governments > can negotiate large discounts by threatening to use Linux, it means MS > sees it as a serious threat. It could be that the governments were > bluffing (they probably were, in many cases), but MS evidently didn't > want to take the chance. Sorry, they have been less complacent about it for at least the past 4 years, not 6-9 months... unless of course you honestly believe that W2K3 was developed in 6-9 months. This all started long before Linux was any kind of real threat. > > > Assumption 4: If Microsoft does *not* make Windows more secure, it > > > will not lose revenue. This assumption is based on personal > > > experience, recent court decisions stating that Microsoft has a > > > monopoly, plus postings on this list. > > > This assumption can not be supported. Microsoft is making windows more > > secure. This is a fact, not an opinion. > > Read the assumption again: If Microsoft does *not* make Windows more > secure, > would it lose market share? That isn't the assumption. The assumption is " If Microsoft does *not* make Windows more secure, it will not lose revenue". The answer is "yes, they very well might". > Let's suppose that Microsoft didn't make Windows any more secure. Would > you recommend to your clients to look at alternative systems? Would you > think seriously about switching yourself? If yes: Congratulations! If > no: you're like most of the other respondents on this list, and (sadly) > like > most people I encounter. Once again, you are looking at it solely from the security perspective. While that is fine and dandy, there are other perspectives that factor into the decision. That is probably why most of the other respondents on this list and most people you encounter think that way. That is why everyone I have run across does. > Furthermore, the free software we give away is a terrific marketing > tool for our commercial software. Our software is installed on the > e-mail gateways of huge multinationals; there's no way we could have > penetrated those markets with traditional commercial software. > However, once our free software is in, people start taking our > commercial software (which is based on the free software) a lot more > seriously. Oddly, this sounds an awful lot like Microsoft's Internet Explorer policy and Office policy before that. Of course, that couldn't be because Microsoft is an evil monopoly ;-) > > Um, this already happens. There are and have always been alternatives to > > Microsoft. Microsoft wasn't born with 90+% market share, they took it. > > The methods they used to take it are what raise such passion and ire in > some quarters. For example, do you think that Microsoft used legitimate > business tactics to take the browser market from Netscape? Yes, I happen to think they did. I'm sure at this point you will tell me how wrong I am though. > > Then I submit that you are looking at it entirely too cynical. > > I'm very cynical, I admit. But I believe history will show me to be > right. There will absolutely be huge, costly Windows virus outbreaks > in 2004. And 2005. And 2006. And 2007. And 2008. And likewise as/if Linux ever matures to more than a specialized operating system, it will join Windows in that dubious distinction - having more and more costly exploits and viruses. Like every other product ever made that became used more and more by the masses. > I contend that in today's climate, security is (or should be) the first > priority of most businesses. Really? I would wager that profit should be the first priority, but that's just me... and most of the business community. The goal isn't to be secure. The goal is to make money. Everything else is a secondary effect. Slowly, technology professionals are starting to learn that business acumen though. Wes Noonan mailinglists@...consulting.com http://www.wjnconsulting.com
Powered by blists - more mailing lists