| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jsage at finchhaven.com (John Sage) Subject: RE: Linux (in)security I think it's relevant to bring a recent post to the list over here to this thread, re: the relative security of Windows, versus Linux et al. Microsoft seemingly can't even make it's own patches work properly. Again. To quote: Subject: RE: [Full-Disclosure] Anyone running SUS see the content update today? From: "Jerry Heidtke" <jheidtke@...h.edu> To: "Joshua Levitsky" <jlevitsk@...hie.com>, <full-disclosure@...ts.netsys.com> Date: Wed, 22 Oct 2003 22:09:20 -0500 "...There were a variety of "issues" with last weeks patches. MS03-045 installation failed on some language version of Windows 2000 SP4. Since this patch replaces the entire core of the OS, it often left the computer in a completely unusable state. /* snip */ All the original 10/15 OS patches included a new version of update.exe that contained a critical bug. In an attempt to reduce the number of reboots, MS tested to see if the user installing the patch had the debug privilege. This privilege allows system files that are in-use to be replaced on a running system. Normally only Local System and Administrators have this right. The intention was that if the user had the debug right, the files would be replaced and no reboot would be needed. The check to see if the current user had this right would sometimes enter an infinite loop, and sometimes system files would be damaged, putting the computer into an endless reboot cycle..." /* snip */ ahem... "A variety of issues..."? Are you kidding me? And yet, how often is it found that a Microsoft "patch" causes problems with the systems it is intended to be helping? Some of the time? Most of the time? I simply cannot think of a more clear, distinct, and comprehensive indictment of Microsoft and its operating systems than the unrelenting torrent of patches that it issues to fix the defective products that its monopoly position in the marketplace has allowed it to foist upon the world. Sure, the UNIX'es and Linux'es of the world have some problems, but really now, nothing like Windows. And a patch, when issued, pretty much works as expected. But with Microsoft, and Windows? Lots of luck. The *really* startling fact is that Microsoft, with all its vast engineering and financial resources, seems to be incapable of doing anything about it... - John -- "Most people don't type their own logfiles; but, what do I care?" - John Sage: InfoSec Groupie - ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus- - ATTENTION: this entire message is privileged communication, intended for the sole use of its recipients only. If you read it even though you know you aren't supposed to, you're a poopy-head.
Powered by blists - more mailing lists