| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dfs at roaringpenguin.com (David F. Skoll) Subject: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause On Sun, 18 Jan 2004, Wes Noonan wrote: [...] > It seems that you have shifted focus to email filtering only. There's > nothing wrong with this of course, but I think it shifts the discussion > some. That was my original topic. [...] > So is running any operating system. If you don't believe that, then you are > believing in the myth that solely by running something other than Windows > you are secure. I never said that. I said if you're running on Windows, you are insecure. :-) If you are running something else, you may or may not be insecure. [...] > Sorry. I read "rp-pppoe is free software; it comes without warranty or > support. We regret that we cannot offer e-mail or telephone support for > rp-pppoe." and it seemed to me to illustrate my point quite well. rp-pppoe is an old, stable product that hasn't changed in 2+ years and is shipped by all major Linux distributions. People wanting support can obtain it from their Linux distro vendor. (Unlike Microsoft: When Microsoft end-of-lifes a product, you're out of luck.) > > Absolutely. And those additional factors (better security, generally > > better support, and no worries about BSA enforcement) only add to > > Linux's cost advantage over Windows. > Well, there are plenty of TCO studies that don't quite come to that some > conclusion. Yeah, I know. Funny who the sponsor of those studies is, really... > > I run bog-standard distros; I'm not a kernel hacker. Just because I could > > fool with the source code to Linux doesn't mean I want to. > Sure, you don't. But that doesn't mean that Joe the admin didn't. I can assure you that "Joe the admin" won't hack the Linux kernel. :-) I've met lots of sysadmins, and they have enough to do without modifying Linux. > And now you have to figure it out. I'm not trying to just argue > specific examples though. I'm trying to illustrate the point with > the examples. The point is badly-taken, because administrators don't modify the source to production systems (any more than a Windows admin would patch the Windows kernel with binary patches of his own.) > And I would challenge you to prove that Microsoft has been complacent. Not > that they have made mistakes, but that they have been and continue to be > complacent. I'm not seeing that. Microsoft is less complacent in about the last 6-9 months, because they are finally seeing a threat to their monopoly. When governments can negotiate large discounts by threatening to use Linux, it means MS sees it as a serious threat. It could be that the governments were bluffing (they probably were, in many cases), but MS evidently didn't want to take the chance. > > Assumption 4: If Microsoft does *not* make Windows more secure, it > > will not lose revenue. This assumption is based on personal > > experience, recent court decisions stating that Microsoft has a > > monopoly, plus postings on this list. > This assumption can not be supported. Microsoft is making windows more > secure. This is a fact, not an opinion. Read the assumption again: If Microsoft does *not* make Windows more secure, would it lose market share? Let's suppose that Microsoft didn't make Windows any more secure. Would you recommend to your clients to look at alternative systems? Would you think seriously about switching yourself? If yes: Congratulations! If no: you're like most of the other respondents on this list, and (sadly) like most people I encounter. > Producers will always pass the cost of development to the end users, or in > the case of open source will pass the cost of support or maintenance. Heck, > look at your own software. You sell software to support not only that > development, but the development of software that you give away. Must have > one hell of a margin to be successful doing that. ;-) Yes, indeed. Our commercial software is based largely on open-source software (though not GPL'd software.) By leveraging that base, we can undercut out competitors. Furthermore, the free software we give away is a terrific marketing tool for our commercial software. Our software is installed on the e-mail gateways of huge multinationals; there's no way we could have penetrated those markets with traditional commercial software. However, once our free software is in, people start taking our commercial software (which is based on the free software) a lot more seriously. > Um, this already happens. There are and have always been alternatives to > Microsoft. Microsoft wasn't born with 90+% market share, they took it. The methods they used to take it are what raise such passion and ire in some quarters. For example, do you think that Microsoft used legitimate business tactics to take the browser market from Netscape? > Then I submit that you are looking at it entirely too cynical. I'm very cynical, I admit. But I believe history will show me to be right. There will absolutely be huge, costly Windows virus outbreaks in 2004. And 2005. And 2006. And 2007. And 2008. > Far too many security "professionals" seem to miss that point. It's > not all about the security. It's all about the business and security > is just another component sometimes more and sometimes less > important than the other components. I contend that in today's climate, security is (or should be) the first priority of most businesses. Regards, David.
Powered by blists - more mailing lists