lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <6199A25648C5CF4596C8577AC6D2031334C7@osiris.wetgoat.net>
From: james at wetgoat.net (James P. Saveker)
Subject: Knocking Microsoft

Some personal thoughts,

Yes indeed it's no secret that Microsoft valued functionality over security
for many years.  I think that's how they are a market leader today.  This
model could not be sustained however, as with the advent of exponential
internet growth security has undoubtedly become a major concern.

Microsoft has in there defence started the trustworthy computing scheme,
which many would not hesitate to laugh at.  However windows server 2003 does
not by default load unnecessary services.  Microsoft has developed "bits"
client to downloaded patches requiring minimal user interaction depending on
the configuration.  In the enterprise they have improved SMS server to
deploy patches across "bits".  For smaller business they offer SUS for FREE.
The code they produce is far more stringently tested in regard to security
than perhaps it was before.

The key to increasing the windows security model is not just one thing,
however with the advent of granular code patches will be smaller and cheaper
to deploy requiring much less bandwidth than today.  Longhorn will be a big
jump for Microsoft and a major test of the trustworthy computing yada yada.

I do not understand why people knock Microsoft so much in regard to security
today.  I regularly hear people talking about how many vulnerability's
Microsoft has and how poor this is.  As everybody subscribing to this list
and similar zone-h, bugtraq etc will know Linux has many warnings posted
also.  Yet I rarely hear people talking about that and indeed how it is far
more difficult to keep linux distro's up to date.  Windows has a far greater
end user base than any other operating system.  It would be a fair
assumption to then say that perhaps virus writers and "hackers" are going to
look for ways to exploit windows far more than other "end user" system in
order to gain greater penetration.  That is not to say that people do not
look for sploits in web application servers running nix and other such
systems in respect to the amount of nix servers on the net.

I don't mean to open an open "sauce" debate but merely say my bit and see
others peoples views on the topic.

James Saveker

"The only thing which helps me maintain my slender grip on reality is the
friendship I share with my collection of singing potatoes..."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3024 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040227/e945649d/smime.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ