lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: dfs at roaringpenguin.com (David F. Skoll)
Subject: Anti-MS drivel

On Sun, 18 Jan 2004, Gregh wrote:

> I wonder if you would have the job you have or know the things you know were
> it not for MS.

I wasn't planning on responding, but I changed my mind.

Of course I can't answer if I'd have the job I have now if not for MS.  That's
a silly question; would you have the job you have now if not for UNIX?  IBM?
The transistor?

> I get tired of anti-MS drivel.

*I* get tired of people who dismiss reasoned arguments as "anti-MS drivel."

Look.  I'll try to spell it out simply.

Windows has a severe design flaw that has cost the world economy billions
of dollars.  That design flaw (the encoding of metadata -- specifically,
"executableness" -- in filenames) has been known since at least 1987 to
be highly dangerous in a network environment.  Furthermore, that design
flaw has been exploited several thousand times in the past.  Finally,
that design flaw cannot be fixed without fundamentally changing the way
Windows works.

So where does that leave us in 2004?

It leaves me running Linux, and waking up tomorrow to breakfast on a bagel.
It leaves thousands of Windows administrators staying up all night to ensure
that Bagle doesn't breakfast on their Windows machines.

It's pathetic that 17 years after CHRISTMA EXEC, hundreds of thousands of
Windows machines are succumbing to the same easily-preventable security flaw.
In the last 12 hours, my very low-volume mail server has dropped 16 Bagle
viruses.  By message volume, Windows viruses account for between 4-7%
of our daily mail volume.  Because they tend to be large, they account for
between 30-60% of our mail traffic if you count the number of bytes.

Windows people, I think we have a problem here.

> The fact is that around my area the businesses are medium-small to
> small and of course home users. Without MS, there wouldn't be
> anywhere near the amount of computer users there are now from whom I
> can make a living.

This is a revealing statement.  Better to make a buck from people
chronically in need of support due to a crummy operating system, than
sell them something that works and doesn't need support.

Trus me, if MS hadn't come along at the right time, someone else would have
(and I'd be bitching about Apple/IBM/whomever. :-))

> MS has weaknesses to be sure but if you think you can write a much better OS
> from the ground up with no holes in it, let me know. I would like to use it!

Linux/UNIX/*BSD/etc are much better OS's written from the ground up,
with no *serious design flaws* comparable to the one I outlined in
Windows.  I'd never be as arrogant as to claim that Linux has no holes
in it, but I will go out on a limb and say that for a general-purpose
operating system, the security holes in Linux are due to
implementation errors rather than design errors.

I will keep quiet now. :-)

Regards,

David.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ