lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <C246F099C408FE429BCEE7473E2DDC6042974E@internet1.mccd.edu> From: alexander.s at mccd.edu (Steven Alexander) Subject: Re: Microsoft Coding / National Security Risk /me pulls hair out. It is true that security is partly a function of the measures taken by the people responsible for securing a machine or network. However, an insecure operating system will remain insecure even if managed by smart, responsible security-conscious people. The security track record of Windows is pitiful! Microsoft is notorious for the number of bugs in their code, security related or otherwise. Their authentication sucks; grab both of Mudge and Schneier's PPTP papers off of www.schneier.com . The password encryption sucks (rainbowcrack anyone?). The firewall capability distributed with the OS is not even close to what is distributed with open source systems. The only buffer overflow protection available from Microsoft is the simple StackGuard-like protection built into Windows 2003 (can be turned on in Visual Studio by using /GS); however, Microsoft fucked it up (http://www.nextgenss.com/papers/defeating-w2k3-stack-protection.pdf). MS should really look to implement something stronger, at least as an option for systems that *NEED* to be secure. -steven >-----Original Message----- >From: joe [mailto:mvp@...ware.net] >Sent: Friday, March 26, 2004 10:24 AM >To: full-disclosure@...ts.netsys.com >Subject: RE: [Full-Disclosure] Re: Microsoft Coding / National Security Risk > <snip> > >You can have people who don't know how to run Windows, Linux, VMS, or ANY OS >or RTS. Security is a function of the quality of the people responsible for >securing the boxes more so than the OS/RTS on the box. > <snip>
Powered by blists - more mailing lists