Tim Mullen, 2002-12-02
Microsoft's security policies are getting better every day, even as a new report slams open-source competitors as security nightmares. But the easy answers aren't always the right ones.
Colapse all |
Post comment
Research Supports Dumping Linux
2002-12-03
Anonymous (1 replies)
Anonymous (1 replies)
Perhaps in deference to Microsoft, the oft-used "Our products were not designed for security" quote should be supplied with some additional context. Much of their code was written **for manageability**, at a time when one of the driving market forces was maintaining some kind of centralized control...
[ more ] [ reply ]
[ more ] [ reply ]
Research Supports Dumping Linux
2002-12-03
Anonymous (1 replies)
Anonymous (1 replies)
I disagree completely here.. the managability aspect is
only prevalent on the desktop, not the server market (I
wont talk about the advances being made by Linux on the
desktop for this post though). Centralized managability
is actually single user pc managability for a windows
concept. Par NT...
[ more ] [ reply ]
only prevalent on the desktop, not the server market (I
wont talk about the advances being made by Linux on the
desktop for this post though). Centralized managability
is actually single user pc managability for a windows
concept. Par NT...
[ more ] [ reply ]
Research Supports Dumping Linux - RE: Silvio's comments
2002-12-06
Anonymous
Anonymous
"the manageability aspect is only prevalent on the desktop, not the server market" - Interesting how this could be, considering I centrally manage my entire infrastructure (250 users in the Toronto office) from Active Directory, the rest of the global domains are also managed in an AD environment. N...
[ more ] [ reply ]
[ more ] [ reply ]
Not FUD, rather Aberdeen cluelessness.
2002-12-03
Anonymous (3 replies)
Anonymous (3 replies)
I think Tim is really stretching the definition of "professional research" in referring to the Aberdeen paper.
I'm a realist, I work in Information Security which means that I have to take disparate business processes and systems and mitigate the risks associated while allowing them to function....
[ more ] [ reply ]
I'm a realist, I work in Information Security which means that I have to take disparate business processes and systems and mitigate the risks associated while allowing them to function....
[ more ] [ reply ]
Not FUD, rather Aberdeen cluelessness.
2002-12-05
Anonymous
Furthermore, I remember a CERT advisory this past summer (http://www.cert.org/advisories/CA-2002-22.html) for MS-SQL that had FIVE vulnerabilities under one advisory. The Aberdeen researchers neglected to count them as 5, rather as one instance. Did the Aberdeen experts even read through the vuln...
[ more ] [ reply ]
Anonymous
Furthermore, I remember a CERT advisory this past summer (http://www.cert.org/advisories/CA-2002-22.html) for MS-SQL that had FIVE vulnerabilities under one advisory. The Aberdeen researchers neglected to count them as 5, rather as one instance. Did the Aberdeen experts even read through the vuln...
[ more ] [ reply ]
Not FUD, rather Aberdeen cluelessness.
2002-12-05
Anonymous
Anonymous
> To attribute Open Source flaws to Linux is like blaming
> Microsoft for the holes in AOL Instant Messenger.
And exactly how many of these vulnerabilities were actually in the linux kernel? According to Microsoft IE is part of the windows OS, that means that IE vulns are Windows vulns. Holes i...
[ more ] [ reply ]
> Microsoft for the holes in AOL Instant Messenger.
And exactly how many of these vulnerabilities were actually in the linux kernel? According to Microsoft IE is part of the windows OS, that means that IE vulns are Windows vulns. Holes i...
[ more ] [ reply ]
Not FUD, rather Aberdeen cluelessness.
2002-12-05
Anonymous (2 replies)
Anonymous (2 replies)
>"But, to take a listing of vulnerabilities from CERT (not >a comprehensive list by any means!) and say that Linux is >a sign of insecurity because there are more Open Source >advisories is laughable."
Hasen't the Linux community been doing that to Microsoft for the last 10 years? One of your key...
[ more ] [ reply ]
Hasen't the Linux community been doing that to Microsoft for the last 10 years? One of your key...
[ more ] [ reply ]
Not FUD, rather Aberdeen cluelessness.
2002-12-09
Anonymous
Anonymous
I find you missing the point of the text _that_you_quote_ to be very interesting. All "Open Source" vulnerabilities are not Linux vulnerabilities (any more than all "Closed Source" vulnerabilities are Windows vulnerabilities).
Besides the fact that, if you quantify the individual vulnerabilities ...
[ more ] [ reply ]
Besides the fact that, if you quantify the individual vulnerabilities ...
[ more ] [ reply ]
Not FUD, rather Aberdeen cluelessness.
2002-12-10
DaveHowe
DaveHowe
I think you are missing the point here.
The issue isn't with the facts - there are more vunerabilities for open source software than for microsoft software - but in the shoddy framing of the question in the first place.
The report is comparing, as a simple count of error reports, the whole of micr...
[ more ] [ reply ]
The issue isn't with the facts - there are more vunerabilities for open source software than for microsoft software - but in the shoddy framing of the question in the first place.
The report is comparing, as a simple count of error reports, the whole of micr...
[ more ] [ reply ]
Does Research Support Dumping Linux?
2002-12-03
Anonymous (1 replies)
Anonymous (1 replies)
Code ownership with both open source and closed source
software, is the norm. There is a slighty difference from
my POV with the two though.. In the closed source model,
it still often lacks peer review (though many closed source
models also include code review before being pushed into
the ma...
[ more ] [ reply ]
software, is the norm. There is a slighty difference from
my POV with the two though.. In the closed source model,
it still often lacks peer review (though many closed source
models also include code review before being pushed into
the ma...
[ more ] [ reply ]
Does Research Support Dumping Linux?
2002-12-04
TL
TL
> so.. when some MS product crashes, and your own software
> _depends_ on being stable.. what do you do at that
> point in all honesty? You can't do anything except report
> it to MS who may decide that its a low priority bug..
I can't, can I? It *is* possible to debug MS software and
even OS...
[ more ] [ reply ]
> _depends_ on being stable.. what do you do at that
> point in all honesty? You can't do anything except report
> it to MS who may decide that its a low priority bug..
I can't, can I? It *is* possible to debug MS software and
even OS...
[ more ] [ reply ]
More secure, or just better at hiding bugs?
2002-12-04
Anonymous
Anonymous
The question I have when I see research like this is usually, "Is Windows really more secure, or is Microsoft just better at hiding bugs?" None of us have access to Microsoft's internal bug database, like we have access to the bug databases for open source projects. And none of us can search Micro...
[ more ] [ reply ]
[ more ] [ reply ]
All vendors and products suck equally...period
2002-12-04
DWreck
DWreck
If you slam open source vs. closed source or visa versa, you are NOT an IT Professional. It's as simple as that. No one should complain about these types of issues. Shut up and learn how to properly intsall, configure, and secure any and all systems/technologies your clients use.
...
[ more ] [ reply ]
...
[ more ] [ reply ]
Does Research Support Dumping Linux?
2002-12-04
Rob John
Rob John
Thanks for a even-handed and FAIR analysis. I agree the OS holy war of words serves no purpose than to prop up one's own ego. And you are exactly right with regards to the user's resposibilities and that security is primarily the result of knowledgeable and conscientous administrators. You can put ...
[ more ] [ reply ]
[ more ] [ reply ]
Does Research Support Dumping Linux?
2002-12-05
Veggie Meat
Veggie Meat
Am I the only one that notices that Aberdeen seems to be mentioned on every attempt at good publicity by Microsoft? Sure, Windows may be secure by Microsoft standards, but what isn't? *nix (Linux, Unix, all flavors of BSD, etc) is still the most secure operating system out there besides one which yo...
[ more ] [ reply ]
[ more ] [ reply ]
You Linux people amaze me... or anger me I think.
2002-12-05
Anonymous (6 replies)
Anonymous (6 replies)
I think a lot of you Linux people on the "windows sucks" bandwagon should wake up and take a look at the security improvements of windows 2000 enterprise server, in an active directory environment (btw, centrally managed, for the previous posters), and stop beating down every report you hear that Wi...
[ more ] [ reply ]
[ more ] [ reply ]
You Linux people amaze me... or anger me I think.
2002-12-05
Anonymous
Anonymous
Windows 2000 server is a big improvement. It's not secure 'out of the box', though, because of all the legacy stuff that's enabled by default.
IMHO, Microsoft should have made it secure by default, and then given the option to turn on the legacy OS support for people who really do need to intero...
[ more ] [ reply ]
IMHO, Microsoft should have made it secure by default, and then given the option to turn on the legacy OS support for people who really do need to intero...
[ more ] [ reply ]
You Linux people amaze me... or anger me I think.
2002-12-06
Anonymous (1 replies)
Anonymous (1 replies)
"I think a lot of you Linux people on the "windows sucks" bandwagon should wake up and take a look at the security improvements of windows 2000 enterprise server..." History teaches us that while every release of Windows is incredibly more stable and/or secure than the last, it's never been a produc...
[ more ] [ reply ]
[ more ] [ reply ]
You Linux people amaze me... or anger me I think.
2002-12-07
Anonymous (2 replies)
Anonymous (2 replies)
"Microsoft doesn't offer anything of value to them so they ignore it." - No. The problem is they have no idea what it offers. They don't give it a chance. Anything that can be done in Linux can be done in Windows, if you can, I would like you to prove otherwise.
Microsoft has never been an inovat...
[ more ] [ reply ]
Microsoft has never been an inovat...
[ more ] [ reply ]
You Linux people amaze me... or anger me I think.
2002-12-09
Anonymous (1 replies)
Anonymous (1 replies)
"Microsoft doesn't offer anything of value to them so they ignore it." - No. The problem is they have no idea what it offers. They don't give it a chance. Anything that can be done in Linux can be done in Windows, if you can, I would like you to prove otherwise.
Atualy you are right, Windows don'...
[ more ] [ reply ]
Atualy you are right, Windows don'...
[ more ] [ reply ]
You Linux people amaze me... or anger me I think.
2002-12-10
vunna@yahoo.com
vunna@yahoo.com
That is the most frightening post that I have ever read. I hope that you can type in the correct spelling of the UNIX commands better than you can communicate.
At least you make a valid point along with the article. Agreeing with the article should just be left at that. . .no more need for OS h...
[ more ] [ reply ]
At least you make a valid point along with the article. Agreeing with the article should just be left at that. . .no more need for OS h...
[ more ] [ reply ]
You Linux people amaze me... or anger me I think.
2002-12-10
Anonymous
Anonymous
[quote]Unlike most of you UNIX/Linux secluded sys admins, Windows admins who work in large corporations often need to manage multiple projects at once - they don't have the time to read a man page to run a command which would take 2 or 3 clicks in Windows, with the option of using the shell as a bac...
[ more ] [ reply ]
[ more ] [ reply ]
You Linux people amaze me... or anger me I think.
2002-12-06
Anonymous (1 replies)
Anonymous (1 replies)
> sorry, but if I am to call myself an IT professional, I would like to to mean that I actually need expertise to run whatever I specialize in. If it were not for windows coming along,
...you wouldn't be able to charge your customers exorbitant fees for cleaning up a M$-promulgated mess??? No ne...
[ more ] [ reply ]
...you wouldn't be able to charge your customers exorbitant fees for cleaning up a M$-promulgated mess??? No ne...
[ more ] [ reply ]
You Linux people amaze me... or anger me I think.
2002-12-10
Anonymous
Anonymous
Oh I forgot to mention.
I like many other people, aren't against MS that much because of their software. It's their ego, their lack of sticking to standards and having to dominate the world. If they had been in politics they would have reminded me of Hitler and that's why I hate MS. So again, thi...
[ more ] [ reply ]
I like many other people, aren't against MS that much because of their software. It's their ego, their lack of sticking to standards and having to dominate the world. If they had been in politics they would have reminded me of Hitler and that's why I hate MS. So again, thi...
[ more ] [ reply ]
It's nice to have ..
2002-12-07
Anonymous
Anonymous
.. a person like you telling "Linux people" like me how wrong we are. As I run Windows, Linux, Feebsd, Mac OS9, OS X, and netware in production enviroments, your limited views are very valuable. Your judgements of people who run Linux don't seem to be grounded in reality. As to your reference of a j...
[ more ] [ reply ]
[ more ] [ reply ]
You Linux people amaze me... or anger me I think.
2002-12-09
jsalter@-removethis-jrssystems.net (1 replies)
jsalter@-removethis-jrssystems.net (1 replies)
> I think a lot of you Linux people on the "windows sucks"
> bandwagon should wake up and take a look at the security
> improvements of windows 2000 enterprise server, in an
> active directory environment (btw, centrally managed, for
> the previous posters), and stop beating down every repor...
[ more ] [ reply ]
> bandwagon should wake up and take a look at the security
> improvements of windows 2000 enterprise server, in an
> active directory environment (btw, centrally managed, for
> the previous posters), and stop beating down every repor...
[ more ] [ reply ]
You Linux people amaze me... or anger me I think.
2002-12-11
Anonymous (1 replies)
Anonymous (1 replies)
"What improvements? MS products are still only as secure as you make them...": Uhm, isn't that the same with all Operating Systems? I never knew this was MS specific, boy, its a good thing we don't need to secure Linux or Mac's at all!
"It's easier to set all sorts of odd little permissions struc...
[ more ] [ reply ]
"It's easier to set all sorts of odd little permissions struc...
[ more ] [ reply ]
You Linux people amaze me... or anger me I think.
2002-12-12
Anonymous (1 replies)
Anonymous (1 replies)
"tangled spaghetti mess that requires a system reboot every time you do something": Are you making this comment based on Win95,98,NT? I haven't rebooted my W2K box in months... haven't needed to. I wonder where or where you get this stuff from, because its certainly not from experience. "
While I...
[ more ] [ reply ]
While I...
[ more ] [ reply ]
You Linux people amaze me... or anger me I think.
2002-12-12
Anonymous
Anonymous
Well, I'm not sure about Media Player since we don't install it in our organization, but as far as domain membership goes, granted, yes you do need a reboot. But what is the big deal about that? Adding a machine to your domain is something you do once, and its not a difficult task to automate the en...
[ more ] [ reply ]
[ more ] [ reply ]
Does Research Support Dumping Linux?
2002-12-06
Anonymous
Anonymous
If we're talking about security of Microsoft products, first we should read this:
http://www.hevanet.com/peace/microsoft.htm
And we shall start worrying about all aspects of 'Miscrosoft security'.
One of interesting conclusions in article mentioned above:
"A government that uses Microsof...
[ more ] [ reply ]
http://www.hevanet.com/peace/microsoft.htm
And we shall start worrying about all aspects of 'Miscrosoft security'.
One of interesting conclusions in article mentioned above:
"A government that uses Microsof...
[ more ] [ reply ]
Does Research Support Dumping Linux?
2002-12-06
Steve Robinson
Steve Robinson
All,
I just finished a rather extensive review of all the advisories from CERT for this year. (http://www.cert.org/advisories/). The totals I came up with are a little different. Unix came up with 8, Microsoft with 4, and Linux, the poster child, a whopping 3. I looked through each advisory, rea...
[ more ] [ reply ]
I just finished a rather extensive review of all the advisories from CERT for this year. (http://www.cert.org/advisories/). The totals I came up with are a little different. Unix came up with 8, Microsoft with 4, and Linux, the poster child, a whopping 3. I looked through each advisory, rea...
[ more ] [ reply ]
Does Research Support Dumping Linux?
2002-12-06
blacklight
blacklight
Is anyone trying to blur the lines by arguing that Linux is "just as bad as Windows"? It certainly would be to Microsoft's benefit if that argument about such bogus equivalency could be successfully made. I still remember that the Apache folks fixed a major vulnerability within three to four days of...
[ more ] [ reply ]
[ more ] [ reply ]
Does Research Support Dumping Linux?
2002-12-07
JacquesB
JacquesB
Sorry, but you have been abused by a FUD document sponsored by Microsoft. It's impossible to secure Windows because in its mosts basics components, Windows do not have what is needed for security. Unix have these security concepts, so can be secured. Security requires control. If you have control, y...
[ more ] [ reply ]
[ more ] [ reply ]
Does Research Support Dumping Linux?
2002-12-07
Anonymous (1 replies)
Anonymous (1 replies)
Microsoft doesn't care about security, its all a front. They just want to put out there the quickest code no matter what security vulnerabilities they know about, just to earn a quick buck. They're all fascists they want to consume every aspect of the market with their buggy OS. "There's No Security...
[ more ] [ reply ]
[ more ] [ reply ]
Does Research Support Dumping Linux?
2002-12-09
Anonymous (1 replies)
Anonymous (1 replies)
"If I added it up when I was running windows a few years ago before I ported to linux, I would have to say that I spent a good majority of my life rebooting the sucker."
LOL - Sooo that would have been, what, Windows 95, 98? Ungh. Have you never heard of "new versions"? You think things do not ch...
[ more ] [ reply ]
LOL - Sooo that would have been, what, Windows 95, 98? Ungh. Have you never heard of "new versions"? You think things do not ch...
[ more ] [ reply ]
Does Research Support Dumping Linux?
2002-12-11
Anonymous
Anonymous
"Unlike Linux, things improve over time. MS doesn't keep the same platform for 1000 years and brag about how secure it is, they innovate."
Er, Linx is slightly younger than NT. Further, Windows NT, 2000 and XP are all based on VMS - an OS that is around the same age as Unix. Wouldn't be better if...
[ more ] [ reply ]
Er, Linx is slightly younger than NT. Further, Windows NT, 2000 and XP are all based on VMS - an OS that is around the same age as Unix. Wouldn't be better if...
[ more ] [ reply ]
MULLEN IS PAID BY MICRO$OFT
2002-12-07
Anonymous Hero (1 replies)
Anonymous Hero (1 replies)
Dude's forever defending M$ while at the same time advocating open source, because his bread and butter is bought and paid for by installing and fixing M$ shodware on his client's (victims) corporate machines. Forget about Mullen, he's a thinly disguised M$ shill. As subtle as he likes to think he i...
[ more ] [ reply ]
[ more ] [ reply ]
MULLEN IS PAID BY MICRO$OFT
2002-12-10
blacklight
blacklight
I have to disagree with you with regard to Tim Mullen's integrity. I have followed his posts for months, and I haven't read a single article from him that would cause me to doubt his good faith. Yes, he is pro-Microsoft as I am pro-Open Source but his voice is of the few genuinely honest pro-Microso...
[ more ] [ reply ]
[ more ] [ reply ]
Does Research Support Dumping Linux?
2002-12-09
Sir Gumby
Sir Gumby
Really, it come down to this. Most of us will create a
report with that support their bias. Given that this is
the norm no matter who is the sponsor you will always see
this form of Bias in any report. How many times have we
seen an official Microsoft reports stating Unix out
performs Windows i...
[ more ] [ reply ]
report with that support their bias. Given that this is
the norm no matter who is the sponsor you will always see
this form of Bias in any report. How many times have we
seen an official Microsoft reports stating Unix out
performs Windows i...
[ more ] [ reply ]
Does Research bother looking at better alternatives?
2002-12-09
ecsd
ecsd
If Red Hat is a security nightmare out of the box, hey.
But it's fixable ...
Meanwhile, with 3-15 security notices about MS's black-boxware every week, who really thinks that's any better at all?
The answer: FreeBSD. The fact that FreeBSD doesn't enter these discussions routinely is a problem of ...
[ more ] [ reply ]
But it's fixable ...
Meanwhile, with 3-15 security notices about MS's black-boxware every week, who really thinks that's any better at all?
The answer: FreeBSD. The fact that FreeBSD doesn't enter these discussions routinely is a problem of ...
[ more ] [ reply ]
You're comments are based on a lack of understanding
2002-12-10
Anonymous (1 replies)
Anonymous (1 replies)
Well, I can't possibly address ALL of your irrelivent uneducated statements or lies, but I will try a few:
"...you wouldn't be able to charge your customers exorbitant fees for cleaning up a M$-promulgated mess" - Well, this is very much dependant on the administrator of the network in question. ...
[ more ] [ reply ]
"...you wouldn't be able to charge your customers exorbitant fees for cleaning up a M$-promulgated mess" - Well, this is very much dependant on the administrator of the network in question. ...
[ more ] [ reply ]
You're comments are based on a lack of understanding
2002-12-11
Anonymous
Anonymous
HUH?
Let's take a couple of these nuggets:
">> >>"Windows have no security mechanism for protecting you against an unknown security incident." > ">>Windows have no security mechanism for protecting you against an unknown security incident." >"Most MCSE's are retards, I'll admit. "<<
Hey, w...
[ more ] [ reply ]
Let's take a couple of these nuggets:
">> >>"Windows have no security mechanism for protecting you against an unknown security incident." > ">>Windows have no security mechanism for protecting you against an unknown security incident." >"Most MCSE's are retards, I'll admit. "<<
Hey, w...
[ more ] [ reply ]
Real professionals trust the source code ONLY
2002-12-11
Anonymous (1 replies)
Anonymous (1 replies)
Real professionals trust the source code ONLY
2002-12-11
Anonymous (2 replies)
Anonymous (2 replies)
What do you mean, "marketing". No, I evaluate and make my decision on wether I trust a product or not from my evaluation. What is with you guys and all of you're marketing issues, how else is MS going to convince people like you that their products are secure? You will never try new versions or make...
[ more ] [ reply ]
[ more ] [ reply ]
Real professionals trust the source code ONLY
2002-12-13
Anonymous
Anonymous
Saying "marketing" I mean information which only gives you a half of the truth, prositive facts about a product but never negative ones.
By evaluating a product you can say that, _PROBABLY_, it is secure while having a source code you can make SURE (if you have enough knowledge and experience, of...
[ more ] [ reply ]
By evaluating a product you can say that, _PROBABLY_, it is secure while having a source code you can make SURE (if you have enough knowledge and experience, of...
[ more ] [ reply ]
Encryption in Linux
2005-11-29
arash afshinfar
arash afshinfar
Public Key Encryption, Integrity Checks, and Digital Signatures
Encrypting data is the only sure way to secure data transmitted over a network. Encrypt data with a key, and the
receiver or receivers can later decrypt it. To fully protect data transmitted over a network, you should not only encrypt...
[ more ] [ reply ]
Encrypting data is the only sure way to secure data transmitted over a network. Encrypt data with a key, and the
receiver or receivers can later decrypt it. To fully protect data transmitted over a network, you should not only encrypt...
[ more ] [ reply ]
[ more ] [ reply ]