| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Support the Sasser-author fund started "Shane C. Hage" to Bill Royds: > I agree with most of your statements below. Well, actually, he was wrong if you consider the NT family of OSes starting in about 1993-4 (true, OOTB they were configured to be "fully Win 3.x compatible" -- that is, with all security disabled/dumbed down -- but the underlying architecture design at least met most of the minimum criteria for C2...). > ... However, with competing > operating systems such as those you mentioned below plus OS/2 and Apple > Macintosh in the 1980's, the business leaders and consumers chose Windows. > > I think people forget that Microsoft must have filled a gap that these other > operating systems didn't. ... They beat OS/2 on installation ease (_great_ OS, dog of an install, even on some IBM hardware) and Apple by running on "any old crud" (and therefore very cheap) hardware (and the market size then contributed further to the PC harder getting much cheaper, much faster than Apple would allow/could match) with its proprietary hardware/OS lock-in. > ... How can we blame Microsoft for capitalizing on > the need at the time? "Need"? They sold completely insecurable products into large -- real large; I recall Ford being "poster boy" for _Win95_ fercrissakes -- markets to make sure they got market penetration, when (if they had any integrity or could have been at all objective about the product they'd either have pushed NT _or not even tried_ for the sale). Of course, some folk at Ford and many other large corporates that made the same mistake have a lot to answer for too... > When the Internet revolution started, there was no way to predict the > magnitude that a malicious program could have across the world. ... Bollox -- the Morris Worm had already showed us what could be achieved. Are we really so dense that we need weekly to monthly replays on a slightly different scale, and with slightly different attack vectors, before we can learn anything from such "attacks"? Or did the all-out greed fuelled by the contemporaneous dot-com bubble cloud some folks' judgement? > ... Sure, > Microsoft is playing catch-up with security. They are just filling the gap > in their own products now. The trouble with that approach is that there is just not enough spackle in the world for them to achieve that goal any time soon. So, what do they do? What they've always done -- continuing with "business as usual"; spin, spin, spin. Seems to have worked for you... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists