lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030927040716.UOSA4662.lakemtao06.cox.net@winxppro>
Date: Fri, 26 Sep 2003 23:07:14 -0500
From: "Rick Kingslan" <rkingsla@....net>
To: "'Fabio Gomes de Souza'" <bugtraq@....com.br>
Cc: <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com>,
   "'Jonathan A. Zdziarski'" <jonathan@...learelephant.com>
Subject: RE: CyberInsecurity: The cost of Monopoly


Wow.  Is this just troll bait (and I succumbed) or have you been watching
too many re-runs of the "X-Files"?

I'll not argue that the Windows operating systems are the target of the
majority of virus', but that's typically what happens when a system is used
by a known large group of people that might not be qualified to run a
computer, much less secure it.

And, regardless of what MS does - I doubt that they can force Mom and Dad to
not screw up the security settings (though, the default out of the box sucks
anyway).

Do you think that virus writers will stop IF Windows ceases to be a target?
Or, what seems to be your argument - if the Anti-Virus companies are
eliminated, the virus writers are going to just go away, too?  "Well,
they're not trying to stop us anymore - I guess we should quit trying to
wreak havoc and go back to being productive citizens again.  Virus writing
isn't fun anymore."

Yeah - that's going to happen.

As a response to open source, bravo.  My hat is off to what has been
accomplished.  But, I'd like to see the same level of success as a secure
platform (which, in the hands of someone with no clue how to run it - Linux
is insecure, regardless of the out of the box config) when it commands a
majority of the desktops.  And, I don't care what the platform or OS -
nothing is completely secure.  Humans write code, humans make mistakes, ergo
code has mistakes.  Same goes for configuration settings.

The 'bad guys' and 'bored kids' are going to target the largest base - and
there will always be holes to compromise and exploit.  Viruses have never
been a threat to Open Source because the target is not yet juicy enough.

And, just because I'm really curious, can you provide documentation and
detail on the cited 'Microsoft Virus Support(TM)'?  I've not heard of this -
well, except through your posts.  But, I'm open to be educated.

-rtk

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Fabio Gomes de
Souza
Sent: Friday, September 26, 2003 8:07 PM
To: Jonathan A. Zdziarski
Cc: full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com
Subject: Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly

Destroying the monopoly also lets the World get rid of (Anti)Virus
companies, since they are protected by Microsoft Virus Support(TM).

Viruses are a threat which has been intentionally neglected by Microsoft
since the AntiVirus thing became a business. A BIG business. Imagine if
Microsoft removed the Virus Support. Billions of dollars would stop being
moved from people's pockets to the software giants. Mega companies would
simply disappear from the Market. Hundreds of people would be unemployed.
Given the facts, Microsoft is simply UNABLE to fix such vulnerabilities.

Vulnerabilities in Microsoft systems can only be fixed before they become a
business. This rule has became worst after their antitrust trial.

Virues have never been a threat for Open Source systems, since they
(viruses) use vulnerabilities that get fixed by users *regardless* of some
company liking or not.

Diversification and Open Source is the solution for most security threats.

These guys have done a GREAT WORK!

Best regards,

Fábio Gomes de Souza
CEO
GS2 Tecnologia da Informação Ltda
Olinda, Brazil


Jonathan A. Zdziarski escreveu:
> This was released yesterday just incase nobody noticed.  
> http://www.ccianet.org/papers/cyberinsecurity.pdf
> 
> Among the authors are Bruce Schnier, Dan Geer, and Charles Pfleeger. 
> Interesting read.
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ