lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 24 Aug 2006 20:14:03 +0100
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Microsoft product vs Microsoft patch

My request to security researchers:

I have for a long time now been under the theory that *some* Microsoft
patches once added together outweigh the actual file size of the
original Microsoft product.

Can someone gather *all* the security patches for each Microsoft product and
calculate the total weight of Microsoft security patches vs the original
size of the released Microsoft product.

I believe for their operating system and their web browser Microsoft patches
take up half or all the original size of the Microsoft product.

I don't have the resources to carry out this study on my own, and I know
some folks do have those resources to release such information to the
security community.

We need this information to be published professionally so its suitable for
media outlet consumption.

This kind of information should be available to the public at large, to push
public opinion towards installing a Linux distro, and educate the general
public further, the scale of Microsoft's failure at every level and frontier
over the years to release secure products.


My request to security vendors:

We're beginning to see the "Ubuntu" (Debian) Linux distro being most
appealing towards the general public right now due to its
Microsoft-like easy to install properties.

No one in a position of power would ever recommend Linux, like Symantec (for
example), because they make so much money out of Microsoft, but if they
really had everyones security interests in mind, they would be.

Symantec were only last week or so getting nervous that Windows Vista is
locking out security vendors from its kernal. Maybe if Symantec can't hack
into the new Windows Vista kernal, (and no longer can make enough money from
Microsoft) then perhaps, now is the time for Symantec to be stabbing
Microsoft in the neck and officially recommend a Linux distro as a security
solution each time a MS06-040 style flaw is released.

In a perfect situation, we need people in a position of credibility to
recommend Linux to Microsoft users! Ubuntu is a perfect Linux distro to
point them to.


My request to security researchers:

Contact me (on or off list) to help us get this research compiled and pushed
out.

n3td3v

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ