| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: todd at hostopia.com (Todd Burroughs) Subject: Operating Systems Security, "Microsoft Security, baby steps" On Thu, 18 Mar 2004, Schmehl, Paul L wrote: > > Updating any OS is a pain in the ass, but all of them have > > flaws and need to be updated. I find that at least with the > > UNIX-like ones, you can go on the Net and do your updates > > faster than you get rooted. > > This is foolish thinking. Do you really think that, when a patch comes > out, *then* the hackers start working on exploits? The exploits were > being used *long* before the patch comes out. The only thing a patch > gets you is protection against *future* hack attempts against *that* > weakness. Wasn't that something that MS tried to say, the "hackers" are reverse engineering our patches? That was funny, but the sad thing is that a lot of people will believe it. What I meant is that you can most likely actually use the Internet to get patches with a fresh install before you get taken over, not that somehow UNIX-like systems make patches before the exploits are out there and being used ;-) It's quite apparent by other threads on the list that this is not generally the case with Windows. Just being patched doesn't mean that you are safe, but it's better than running well known security holes. Obviously, if you go on the Net with all services running, especially on an unpatched box, you're gonna get rooted pretty quickly. Todd Burroughs
Powered by blists - more mailing lists