lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: dufresne at winternet.com (Ron DuFresne) Subject: Who's to blame for malicious code? [SNIP] > > Would you blame OpenBSD if a user got hacked because he hadn't bothered to > patch? > > I'm not arguing that Microsoft has done the right thing or even that their > OS is secure. (It isn't, and I refuse to use it as a server unless forced > to. I prefer to use FreeBSD whenever possible.) I'm arguing that you > can't blame Microsoft for malicious code that takes advantage of weaknesses > for which they have already issued patches, sometimes 12 months in advance > of an outbreak. *That* is a problem directly attributable to users. > > What you're trying to argue is that, if OS vendors would simply do the > right thing from the start, users would be protected despite their lack of > patching, and I am saying that is preposterous. *No* OS is so secure that > you can simply leave it on the Internet, never patch it, and still be > secure. > Wasn't it you that made the argument during the msblaster episode that patching was a dead horse, that most env's of significatnly sized userbase were understaffed for the NUMEROUS patches that faced windows admins at the time and cuurrently? <perhaps I'm thinking it was you and in fact it was someone else> Either the arguement was false then and windows admins were and remain just plain lazy, or the argument was/is true and there's a problem within the core OS offered up from redmond... Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists