lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200410151850.i9FIow5N035155@mailserver2.hushmail.com>
Date: Fri, 15 Oct 2004 11:50:58 -0700
From: <mrinfosec@...hmail.com>
To: bugtraq@...urityfocus.com, NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM,
   full-disclosure@...ts.netsys.com
Subject: Re: Writing Trojans that bypass Windows XP Service Pack 2 Firewall


This was an interesting message, until the beginning of the third paragraph.

Why are so many people on this mailing list so eager to deliver yet another
"Microsoft is evil incarnate" rant?  The basic gist of this note, as
far as I can tell, is that the firewall is no good because you need to
open some ports to enable management, and that the buffer overflow work
shows some merit but that sucks too because they didn't simultaneously
do that for W2K as well.

I think it's important to understand that this is the first time in history
that Microsoft has decided to compromise convenience for security.  
As security professionals, we need to applaud this work, not condemn
it.  Certainly I agree there is much more work to be done, but it's counterproductive
to dismiss the benefits of having a firewall on every Windows machine
out on the internet, or doing everything possible to eliminate buffer
overflows, or to provide more communication about security to users who
are willing to read and learn.  Any project on the scale of securing
Windows is going to take baby steps, people.

It sounds like "americanidiot" is unhappy with the general state of security
around Windows.  That's a reasonable stance -- but in that case, don't
use it!  There are lots of free options for other, more secure operating
systems, and even more commercial options.  At the moment, however, Windows
is the OS of the masses, and anything that Microsoft can to do protect
the rest of us from the uneducated hordes of unprotected potential zombie
hosts is progress, in my book.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ