| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: hescominsoon at emmanuelcomputerconsulting.com (William Warren) Subject: Knocking Microsoft James P. Saveker wrote: > Some personal thoughts, > > Yes indeed it's no secret that Microsoft valued functionality over security > for many years. I think that's how they are a market leader today. This > model could not be sustained however, as with the advent of exponential > internet growth security has undoubtedly become a major concern. > > Microsoft has in there defence started the trustworthy computing scheme, > which many would not hesitate to laugh at. However windows server 2003 does > not by default load unnecessary services. Microsoft has developed "bits" > client to downloaded patches requiring minimal user interaction depending on > the configuration. In the enterprise they have improved SMS server to > deploy patches across "bits". For smaller business they offer SUS for FREE. > The code they produce is far more stringently tested in regard to security > than perhaps it was before. really? then are some ofhte flaws in win nt4 able to be exploit in 2k3? NOt a very good code review in my eyes. > > The key to increasing the windows security model is not just one thing, > however with the advent of granular code patches will be smaller and cheaper > to deploy requiring much less bandwidth than today. Longhorn will be a big > jump for Microsoft and a major test of the trustworthy computing yada yada. > > I do not understand why people knock Microsoft so much in regard to security > today. because it has been up to htis point marketing combined with FUD..which unfortunatly many buy into. I regularly hear people talking about how many vulnerability's > Microsoft has and how poor this is. As everybody subscribing to this list > and similar zone-h, bugtraq etc will know Linux has many warnings posted > also. here we go..apples to oranges..you have to take thelinux kernel AND all the 3rd party packages and combine them to approach MS's vulnerablility numbers..nice try..:) Yet I rarely hear people talking about that and indeed how it is far > more difficult to keep linux distro's up to date. Windows has a far greater > end user base than any other operating system. It would be a fair > assumption to then say that perhaps virus writers and "hackers" are going to > look for ways to exploit windows far more than other "end user" system in > order to gain greater penetration. That is not to say that people do not > look for sploits in web application servers running nix and other such > systems in respect to the amount of nix servers on the net. considering that linux is the #1 webserver paltform..hackers nail it all the time..though most tiems they are able to deface or own due to admin misconfiguring rather than code that is filled with bugs and holes. > > I don't mean to open an open "sauce" debate but merely say my bit and see > others peoples views on the topic. > > James Saveker > > "The only thing which helps me maintain my slender grip on reality is the > friendship I share with my collection of singing potatoes..." >
Powered by blists - more mailing lists