| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.58.0401151659110.4000@shishi.roaringpenguin.com> From: dfs at roaringpenguin.com (David F. Skoll) Subject: Re: January 15 is Personal Firewall Day, help the cause On Thu, 15 Jan 2004, Mary Landesman wrote: > This anti-MS drivel is so tiresome. I'm sorry you find the truth tiresome. Heck, Dan Greer got fired for speaking the truth -- that's pretty tiresome for him. I agree that security is not a product, it's a process. I agree that every product has its security problems. But by ignoring the HUGE security problems with Microsoft, we're doing everyone a disservice. By ignoring the vast differences in openness and responsiveness of open-source vendors to security problems compared to Microsoft's responsiveness, we're denying reality. The fact is that Windows is fundamentally insecure. To give just one example, encoding meta-data in filenames (eg: .exe means "executable") is a monstrous design mistake that has cost the economy billions by allowing virus propagation. That design mistake is impossible to fix without fundamentally changing Windows. It's in a completely different league from "bugs" like buffer and heap overflows. It's a "design flaw", not a "bug". While security is a process, not a product, you'll find that very often, insecurity of a product is something that no process can fix. -- David.
Powered by blists - more mailing lists