lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200403261824.i2QIOO4x054267@grenada.globat.com>
From: mvp at joeware.net (joe)
Subject: Re: Microsoft Coding / National Security Risk

I would hope the US government isn't using Windows in the way normal home
users are. And in fact having personally spoken with several folks from the
US Government and the US Military (US Army specifically which was
interesting...) in charge of this stuff this week at a conference I can
actually in fact say that they don't use Windows like normal home users. The
machines are locked down. I also spoke with someone with the Norwegian NSA
and can say they also don't run Windows machines like normal home users...
Imagine that... 

You can have people who don't know how to run Windows, Linux, VMS, or ANY OS
or RTS. Security is a function of the quality of the people responsible for
securing the boxes more so than the OS/RTS on the box.

Microsoft, imo, grew up in a time when added functionality was more critical
to user's purchase decisions than security. People wanted things to work
fully and completely out of the box and security was not something they were
asking for nor willing to pay additional for development of. MS acceded to
that and produced that product. Now that mindset has changed and MS is
working towards the new mindset. Obviously if they don't, product demand
would NATURALLY lessen for MS and whatever product was most secure (assuming
that is what users really want) would gain market share and win. 

As much as people would not like to believe it, MS can not make a complete
crap product and have people continue to purchase it. Market economics does
not work that no matter how much leverage MS may or may not have. We can say
all day that the lack of security is the fault of Microsoft but it really
comes back to what people were spending money on. They weren't looking for
security. Some were sure and those folks took what MS gave and locked it
down because the ability to lock many things down has been there for a long
while, just not heavily done. I have been hardening Windows machines since
at least NT4 SP3.  




 

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of borg@...h.com
Sent: Wednesday, March 24, 2004 9:00 AM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Re: Microsoft Coding / National Security Risk

> But if our government (USA) was smart (and I know they are) 
> they wouldnt rely on Microsoft products to protect their data.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ