lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <403FB4E6.5010102@emmanuelcomputerconsulting.com>
From: hescominsoon at emmanuelcomputerconsulting.com (William Warren)
Subject: Knocking Microsoft


James P. Saveker wrote:

> Some personal thoughts,
> 
> Yes indeed it's no secret that Microsoft valued functionality over security
> for many years.  I think that's how they are a market leader today.  This
> model could not be sustained however, as with the advent of exponential
> internet growth security has undoubtedly become a major concern.
> 
> Microsoft has in there defence started the trustworthy computing scheme,
> which many would not hesitate to laugh at.  However windows server 2003 does
> not by default load unnecessary services.  Microsoft has developed "bits"
> client to downloaded patches requiring minimal user interaction depending on
> the configuration.  In the enterprise they have improved SMS server to
> deploy patches across "bits".  For smaller business they offer SUS for FREE.
> The code they produce is far more stringently tested in regard to security
> than perhaps it was before.
really? then are some ofhte flaws in win nt4 able to be exploit in 2k3? 
  NOt a very good code review in my eyes.
> 
> The key to increasing the windows security model is not just one thing,
> however with the advent of granular code patches will be smaller and cheaper
> to deploy requiring much less bandwidth than today.  Longhorn will be a big
> jump for Microsoft and a major test of the trustworthy computing yada yada.
> 
> I do not understand why people knock Microsoft so much in regard to security
> today.
because it has been up to htis point marketing combined with FUD..which 
unfortunatly many buy into.
   I regularly hear people talking about how many vulnerability's
> Microsoft has and how poor this is.  As everybody subscribing to this list
> and similar zone-h, bugtraq etc will know Linux has many warnings posted
> also.  
here we go..apples to oranges..you have to take thelinux kernel AND all 
the 3rd party packages and combine them to approach MS's vulnerablility 
numbers..nice try..:)
Yet I rarely hear people talking about that and indeed how it is far
> more difficult to keep linux distro's up to date.  Windows has a far greater
> end user base than any other operating system.  It would be a fair
> assumption to then say that perhaps virus writers and "hackers" are going to
> look for ways to exploit windows far more than other "end user" system in
> order to gain greater penetration.  That is not to say that people do not
> look for sploits in web application servers running nix and other such
> systems in respect to the amount of nix servers on the net.
considering that linux is the #1 webserver paltform..hackers nail it all 
the time..though most tiems they are able to deface or own due to admin 
misconfiguring rather than code that is filled with bugs and holes.
> 
> I don't mean to open an open "sauce" debate but merely say my bit and see
> others peoples views on the topic.
> 
> James Saveker
> 
> "The only thing which helps me maintain my slender grip on reality is the
> friendship I share with my collection of singing potatoes..."
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ