lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: scosol at scosol.org (scosol@...sol.org)
Subject: Support the Sasser-author fund started

Seth Alan Woolley wrote:
> On Sat, May 15, 2004 at 08:31:25PM -0400, Shane C. Hage wrote:
> 
>>Why should Microsoft have more blame?
>>
>>In my opinion, I believe that software companies, especially Microsoft, have
>>taken all of the appropriate steps to provide security within their
>>products.
> 
> 
> Keep your head in the sand, then.  The design from the very beginning
> was put together without security in mind.  Their OS revolutionized the
> anti-virus industry.  There are numerous alternative operating systems
> and cases where worms and viruses have been created for them (cf. the
> Morris worm, slapper, etc), and most of the bandwidth in the world sits
> on non-Microsoft software, mind you.

Isn't that more of a very gray area?
Yes, MS operating systems weren't really designed with security in mind 
until (IMO) NT4, and then- that security wasn't really pushed to the 
consumer until Win2k- but- that was *5 years ago* that it was.
Win2k and WinXP aren't that different from OSX or most popular Linux 
distros from the "number of network servers enabled" perspective-
The MS operating systems are the main source of problems for really only 
2 reasons:
1) their popularity makes them the most valuable targets
2) people don't update

All of us on this list know that if all consumers ran auto-update 
properly and had it install stuff automatically, these worms would 
become very rare occurences. (while admittedly creating an interesting 
new set of problems)
I don't really see what more MS can be expected to do, short of shoving 
auto-update down everyone's throats whether they like it or not (which 
will bring the tinfoil-hat crowd out in force)
It is very seldom that a worm is out before the fix for the exploited 
vulnerability- it's just a matter of diligence.

Also- your argument of "most of the bandwidth in the world sits
on non-Microsoft software" is IMO invalid- these machines that you speak 
of are not operated by consumers- people are paid to keep them updated 
and secure.

-- 
AIM: IMFDUP
http://www.scosol.org/
RIP Red-Boy - 1998-2004 - "jupiter accepts your offer"

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ