lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: mvp at joeware.net (joe)
Subject: IE Web Browser: "Sitting Duck"

I don't think anyone can propose a realistic test at this point in time. I
don't think one is possible until you get some sort of large non-techno
weenie installed based going for the *nix or another OS for that matter. As
another poster pointed out, the diversity and chaos in the open source world
right now helps contribute to its safety as there is no large exposed
surface in terms of Microsoft large. Plus MS simply makes good news. 

Once more non-weenies hit the OS and start doing things, something will
start to take a majority because friends will tell their other friends about
this specific version and the people running it won't be of the type to keep
swapping things around and trying other things and someone will come up with
some decent marketing or distribution method that appeals to the mass
market. In terms of marketing and distribution right now from what I see
that could very well be Lindows aka Linspire. I'm waiting for them to start
giving away Lindows PCs to schools actually like Apple did/does. They have
Apple beat because while a school could get it cheap, little billy at home
wasn't so lucky as mom and dad looked at the price in the store and said no
way. Do that with Lindows PCs, then mom and dad go to Walmart because billy
talks about how he likes it so much and low and behold they see on shelf a
whole PC for $300 or so dollars. Hopefully they keep Lindows on it instead
of realizing, hey this isn't what mommy and daddy like and go to ebay and
buy a pirated copy of XP that can't be updated with security fixes because
MS in its infinite wisdom decided that people who don't buy legit don't get
to have security. You want to complain about MS, complain about that.  

I can say in my experience that I have seen fewer RSTS/E worms and viruses
than *nix but it doesn't mean it is more secure. At that point though there
weren't lists going around distributing the holes to the kids to exploit and
people going oh my god, DEC is evil, RSTS/E sucks, SunOS is MUCH better and
more secure. If we found a really bad issue, we would tell DEC and we would
tell any companies we were friendly with that we knew were running the same
thing.  I guess we weren't quite as religious then. If we wanted religion,
we went to church. We simply used computers to do our jobs.

  joe
 



-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Bruce Ediger
Sent: Wednesday, July 07, 2004 8:41 AM
To: FULL-DISCLOSURE@...ts.netsys.com
Subject: RE: [Full-Disclosure] IE Web Browser: "Sitting Duck"

<SNIP>

Can you propose a test of the install-based theory?  If not, I wish you
wouldn't use it, it's little more than special pleading for the use of
Microsoft products.


Powered by blists - more mailing lists