[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200311120959.07984.jeremiah@nur.net>
From: jeremiah at nur.net (Jeremiah Cornelius)
Subject: Microsoft prepares security assault on Linux ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 12 November 2003 07:49, amebix@...cast.net wrote:
> With Linux you have the ability to not install certain things. With Windows
> you have no choice, messenger will be installed and enabled. Its going to
> be exploitable out of the box.
This is true... A new XP box - installed from Media - requires over 90 MB of
new download patches! God help the <128Kbps crowd. This is applied VERY
slowly. We are talking two hours on a PIII 750MHz. Three reboots are
required, with a manual re-initialization of the patching sequence. How will
MS improve this? Mandatory patching? Retroactively enforced on machines
they /can't/ get to install the current fixes?
MS ought to make payments to high-speed ISPs!
> Take for example Debian Woody. Quite
> possibly the greatest operating system package ever released.
No argument! But the security of Woody is subject to a bunch of apt-get 's
after install - not too different from the MS situation - except for the
speed!
I always grab a subset of the Adamantix packages and I run Bastille to
automate securing defaults on the whole mess. Paid for my paranoia...
> Basic install
> is a kernel, C library, shell, and networking functions , etc. Its
> incredibly secure from default, and from that point on you download the
> up-to-date packages that YOU WANT.
Why does supposedly modern Windows require a reboot after installing .dot net
crap? That would be like making Deb reboot after adding Python and XML/RPC
libraries... After 9 years to work on this, 32-bit Windows really /is/
pathetic.
I DO miss getting a working Deb 2.x in less than 35 MB. I'd recycle Sparc 5
and IPX machines this way for auth gateways and SMTP forwarders - etc...
> Your not forced into anything you dont
> need. Windows is not more secure, ANY and i do mean ANY bloated operating
> system is going to be more vulnerable then one that is slimmed to your
> needs.
Yeah. The choir agrees.
> Windows is just to bloated and therefore insecure compared to a
> slimmed down Linux install. MS needs to kill the messenger service, enable
> ICF and give the user some more power of his / her box when it comes to
> security.
Good point about MS Messenger being default, and ICF not!
You can make meaningless counts of patches. You can compare numbers of
incidents. You can make rhetorical mountains out of statistical molehills.
Really, at the end of the day, MS lives in a glass-house. They will rue the
stone-throwing, even if they do manage to damage corporate and government
acceptance of Linux, etc.
None of this posturing affects Winders security - just press releases and
dubious "off-white" papers. The next Blaster waits around the corner.
Bolting IPSec to a turd won't help!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/snTrJi2cv3XsiSARAgPvAJ4rp45KtjoBGXdUjxVL933AXXdoDwCfZzKx
I1YkOny40W6WGkytn86BG7c=
=XOo7
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists