lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040227223058.GA11508@piper.madduck.net>
From: madduck at madduck.net (martin f krafft)
Subject: Re: Knocking Microsoft

also sprach James P. Saveker <james@...goat.net> [2004.02.27.2115 +0100]:
> I do not understand why people knock Microsoft so much in regard to security
> today.  I regularly hear people talking about how many vulnerability's
> Microsoft has and how poor this is. 

Because their design is flawed. They made software to be colourful,
and now they try to make it secure. UNIX was made to be secure, and
now they are adding colours.

> As everybody subscribing to this list and similar zone-h, bugtraq
> etc will know Linux has many warnings posted also.

Yeah sure, but these get fixed within hours, and you can't forget:
UNIX has 15 different web server, 15 different mail servers, 15
different this and 15 different that, where Windoze has 1 and 1 and
1 and 1. Thus, multiply the windows bugs by 15 and then try again!

Also, most Linux bugs are local exploits. Or at least: there are far
fewer remote exploits for Linux than for Windows. We are talking
about servers. What's more dangerous?

> Yet I rarely hear people talking about that and indeed how it is
> far more difficult to keep linux distro's up to date.

Obviously you've never tried Debian. You can't get it easier than
that. And hardly much more secure at the same time.

> Windows has a far greater end user base than any other operating
> system.  It would be a fair assumption to then say that perhaps
> virus writers and "hackers" are going to look for ways to exploit
> windows far more than other "end user" system in order to gain
> greater penetration.

Agreed. If they own the market, they should take proper care
according to that responsibility. In the future, when Linux will
take over more and more, you'll see the benefit of building things
atop a secure base rather than the way Microsoft does things.

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@...duck
 
invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!
 
"there are two major products that come out of berkeley: lsd and unix.
 we don't believe this to be a coincidence."
                                                 -- jeremy s. anderson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040227/2bfb0e03/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ