Tim Mullen, 2003-04-07
A new poll finds that seventy-seven percent of security professionals believe Microsoft products are insecure. But a closer look at the survey tells a far more interesting story.
Colapse all |
Post comment
The Reality of Perception
2003-04-07
Anonymous (6 replies)
Anonymous (6 replies)
The Reality of Perception
2003-04-07
Bill Hey <bill.hey@nospam.dsia.com>
Bill Hey <bill.hey@nospam.dsia.com>
Unlikely.
Linux as part of it's *nix heritage has been designed with security from the outset, whereas Microsoft 3/9x/2k/XP were not.
They may however still suffer from the same frequency of "default" errors, or "user config" errors.
But like for like, on the balance of probability, you'd b...
[ more ] [ reply ]
Linux as part of it's *nix heritage has been designed with security from the outset, whereas Microsoft 3/9x/2k/XP were not.
They may however still suffer from the same frequency of "default" errors, or "user config" errors.
But like for like, on the balance of probability, you'd b...
[ more ] [ reply ]
The Reality of Perception
2003-04-07
Peter
Peter
I'm not certain I understand why Linux was brought up here (it doesn't appear in the parent article), but I doubt the poster has much historical experience on which to base this claim.
I've run Linux firewalls and servers for nearly a decade now, and the distribution of attacks has changed marked...
[ more ] [ reply ]
I've run Linux firewalls and servers for nearly a decade now, and the distribution of attacks has changed marked...
[ more ] [ reply ]
Sorry, that's crap
2003-04-08
Anonymous (1 replies)
Anonymous (1 replies)
Our MS boxes get attacked just as often as our Linux boxes. We aer a 80% linux shop and yet 80% of the security incidents we have involve MS code.
...
[ more ] [ reply ]
...
[ more ] [ reply ]
Sorry, that's crap - and so it that!
2003-04-17
Trevor
Trevor
please consider this - people who "attack" websites nowadays are really quite varied, they are 13 years old, 15 years old and sometimes, even 16. (small sarcasm)
many people, armchair hackers if you will, begin with some trivial searches to find a "hacking tool", then do some *very* brief readin...
[ more ] [ reply ]
many people, armchair hackers if you will, begin with some trivial searches to find a "hacking tool", then do some *very* brief readin...
[ more ] [ reply ]
The Reality of Perception
2003-04-07
AnonymousPeon (2 replies)
AnonymousPeon (2 replies)
Tim,
The reality is, not all of these security professionals have the final say when it comes to operating system deployment. Now, it's easy to make assumptions, as you've done quite liberally, and find supposed contradicitons in the survey data, but have you considered the case where a secur...
[ more ] [ reply ]
The reality is, not all of these security professionals have the final say when it comes to operating system deployment. Now, it's easy to make assumptions, as you've done quite liberally, and find supposed contradicitons in the survey data, but have you considered the case where a secur...
[ more ] [ reply ]
The Reality of Perception
2003-04-07
Anonymous
Anonymous
Your a dink. A perfect example of what Tim is talking about - dumb users who can't patch a box.
I installed the webdav patch without any problems, and I've compiled two current webdav exploits in linux and tested them against myself, without any problems - so just because you have trouble double-...
[ more ] [ reply ]
I installed the webdav patch without any problems, and I've compiled two current webdav exploits in linux and tested them against myself, without any problems - so just because you have trouble double-...
[ more ] [ reply ]
The Reality of Perception - heh
2003-04-07
Anonymous (1 replies)
Anonymous (1 replies)
"and it's not because admins failed to install the first two patches that actually failed to patch the problem, and the third, which undid all prior patching"
Peon,
"undid" all prior patching? Where the hell did you pick that one up from? I deployed the webdav patch on all 250 machines in my c...
[ more ] [ reply ]
Peon,
"undid" all prior patching? Where the hell did you pick that one up from? I deployed the webdav patch on all 250 machines in my c...
[ more ] [ reply ]
The Reality of Perception -
2003-04-08
AnonymousPeon (1 replies)
AnonymousPeon (1 replies)
From: http://www.theregister.co.uk/content/55/29857.html
"A patch for a serious flaw in Windows 2000, which prompted a major Microsoft alert earlier this week, is causing problems for a small percentage of users.
Applying the patch on top of earlier Win2K hot fixes can sometimes result in the...
[ more ] [ reply ]
"A patch for a serious flaw in Windows 2000, which prompted a major Microsoft alert earlier this week, is causing problems for a small percentage of users.
Applying the patch on top of earlier Win2K hot fixes can sometimes result in the...
[ more ] [ reply ]
The Reality of Perception -
2003-04-09
Anonymous (1 replies)
Anonymous (1 replies)
If you bother to read anything else other then TheRegister that are just a bunch of MS bashers, you would see that it was a very small percentage of people that had a problem with the patch. Not being an MS admin, you would have no clue about that. You simply read the media (if you call TheRegister ...
[ more ] [ reply ]
[ more ] [ reply ]
The Reality of Perception -
2003-04-09
AnonymousPeon (1 replies)
AnonymousPeon (1 replies)
yes, of course, try insulting me to prove your point. again, you fail. i have maintained Solaris boxes for 4 years, Linux servers for 6 years. No doubt i'm familiar with the patching process. Note that RedHat's update mechanism DOESN'T BREAK THINGS, this is a fundamental difference.
a small numb...
[ more ] [ reply ]
a small numb...
[ more ] [ reply ]
The Reality of Perception - You're getting me started now.
2003-04-11
Anonymous (1 replies)
Anonymous (1 replies)
blah blah blah... are you done?
Ok, here I go...
Again, another completely false and ridicules post from the Peon. Do a quick search on google... do you know how to do that? Here, let me do it for you: http://www.google.ca/search?hl=en&ie=UTF-8&oe=UTF-8&q=linux+
patch+breaks&meta=
Hmm... sor...
[ more ] [ reply ]
Ok, here I go...
Again, another completely false and ridicules post from the Peon. Do a quick search on google... do you know how to do that? Here, let me do it for you: http://www.google.ca/search?hl=en&ie=UTF-8&oe=UTF-8&q=linux+
patch+breaks&meta=
Hmm... sor...
[ more ] [ reply ]
The Reality of Perception - You're getting me started now.
2003-04-17
Anonymous
Anonymous
your search shows that linux updates break things, with all the alpha patches out there i don't doubt that that is very much true, his point was that redhat update doesnt break things, which is imho pretty true
the other point that you make is that less than 1 in 100 users were affected by the we...
[ more ] [ reply ]
the other point that you make is that less than 1 in 100 users were affected by the we...
[ more ] [ reply ]
The Reality of Perception
2003-04-07
ralf
ralf
Another reality remains, however: that Microsoft has historically placed user-friendliness ahead of -- not balanced with -- security. Until people perceive that this bias has changed (if it has in fact changed), there will be an assumption of insecurity in MS software.
Yes, users must be proacti...
[ more ] [ reply ]
Yes, users must be proacti...
[ more ] [ reply ]
The Reality of Perception
2003-04-07
Bill Hey <bill.hey@nospam.dsia.com> (1 replies)
Bill Hey <bill.hey@nospam.dsia.com> (1 replies)
Security has not been part of the Microsoft Windows nor application architecture in the past. This may or may not be changing, only time will separate the marketing from the reality.
Companies continue to deploy Microsoft solutions despite the risks because of the monopoly status.
Here's why:...
[ more ] [ reply ]
Companies continue to deploy Microsoft solutions despite the risks because of the monopoly status.
Here's why:...
[ more ] [ reply ]
The Reality of Perception
2003-04-08
Anonymous (1 replies)
Anonymous (1 replies)
It is just great to see Tim make all of you Linux slugs dance the way he does. Why are you all reading the MS column anyway?
You should take a few moments to educate yourself before you say things like "security has not been part of MS software in the past." Windows 2000 has been around for yea...
[ more ] [ reply ]
You should take a few moments to educate yourself before you say things like "security has not been part of MS software in the past." Windows 2000 has been around for yea...
[ more ] [ reply ]
The Reality of Perception
2003-04-09
anonybori
anonybori
So, what is secure about win2000? I don't get it?
And if so, why did all the win2000 boxes crash when I unleashed nessus on our network? And our linux and Solaris boxes had no real problems, on some of them Gnome crashed, but all major services kept running. (all machines, M$ and *NIX, had a standa...
[ more ] [ reply ]
And if so, why did all the win2000 boxes crash when I unleashed nessus on our network? And our linux and Solaris boxes had no real problems, on some of them Gnome crashed, but all major services kept running. (all machines, M$ and *NIX, had a standa...
[ more ] [ reply ]
The Reality of Perception
2003-04-07
Scott Sorrentino (1 replies)
Scott Sorrentino (1 replies)
Your references to Code Red and Nimda are fair; admins who still get bit by them deserve it for being slow (glacial)to apply patches.
However, I know *many* Windows admins who don't bother patching right away because Microsoft has a history of releasing patches that solve one problem and create...
[ more ] [ reply ]
However, I know *many* Windows admins who don't bother patching right away because Microsoft has a history of releasing patches that solve one problem and create...
[ more ] [ reply ]
Stupid unstable patches
2003-04-08
Anonymous
Anonymous
"However, I know *many* Windows admins who don't bother patching right away because Microsoft has a history of releasing patches that solve one problem and create others. Sometimes to the point that the OS becomes unusable. To fault these folks for not jumping immediately on the patch bandwagon is u...
[ more ] [ reply ]
[ more ] [ reply ]
The Reality of Perception
2003-04-07
Anonymous
Anonymous
Microsoft softwares ARE inherently insecure.
Not because they contain a lot of security holes, because they can not protect themselves against them with anything else than a patch. This means that Microsoft can not be protected at all against a security hole. All they can do is to try to remove t...
[ more ] [ reply ]
Not because they contain a lot of security holes, because they can not protect themselves against them with anything else than a patch. This means that Microsoft can not be protected at all against a security hole. All they can do is to try to remove t...
[ more ] [ reply ]
The Reality of Perception
2003-04-07
Penguinisto (1 replies)
Penguinisto (1 replies)
Err, side note: The Register covered this last week - http://www.theregister.co.uk/content/55/30072.html
Incidentally, Tim, as has been mentioned before, the big fat reason that Windows boxes get hit so hard (and that patches aren't installed on a timely basis) is that many times the patch break...
[ more ] [ reply ]
Incidentally, Tim, as has been mentioned before, the big fat reason that Windows boxes get hit so hard (and that patches aren't installed on a timely basis) is that many times the patch break...
[ more ] [ reply ]
The Reality of Perception
2003-04-08
Anonymous
Anonymous
I think The Register is what tim referred to as a rag. Anyone with a pulse and who can read knows that The Register is a horribly biased trash bin. They will jump all over even the slightest issue regarding MS whether it is really true or not, yet ignore the many horrible problems that continue to ...
[ more ] [ reply ]
[ more ] [ reply ]
The reality of your techs
2003-04-07
Andy Wood
Andy Wood
Mullen obviously likes to see his written word. If your admin team, or individual, can't keep the environment secure FIRE them. But oh, no....we can't do that can we? It's called a firewall people....for starters Lock down NetBIOS, UDP, SQL....everything but what is required. Patching is good ...
[ more ] [ reply ]
[ more ] [ reply ]
The Reality of Perception
2003-04-07
Anonymous (2 replies)
Anonymous (2 replies)
Working on a mixed Solaris, Linux, Microsoft shop, I must say that Microsoft is ages ahead of Sun or Linux (R.H.) as far as the notifications and ease of applying security and other patches.
There is no excuse for not having a secure Microsoft server. Irresponsible administrators blame Microsoft...
[ more ] [ reply ]
There is no excuse for not having a secure Microsoft server. Irresponsible administrators blame Microsoft...
[ more ] [ reply ]
The Reality of Perception
2003-04-08
Anonymous
Anonymous
...really? I get errata notices daily for my RH installations, and regular patch info arrives daily on Linux Today.
And here is where Linux and Free/OpenBSD outshines MS in the security department: If you can't seem to find a patch, you simply close the hole your own damned yourself - use the sup...
[ more ] [ reply ]
And here is where Linux and Free/OpenBSD outshines MS in the security department: If you can't seem to find a patch, you simply close the hole your own damned yourself - use the sup...
[ more ] [ reply ]
The Reality of Perception
2003-04-08
Anonymous (1 replies)
Anonymous (1 replies)
One point not mentioned here is that in general the Windows environment is kept in a well guarded environment. The servers are behind firewalls and proxys with virus checkers and other security tools. So YES, as a professional in a large blue chip I don't make much effort to secure Windows machines ...
[ more ] [ reply ]
[ more ] [ reply ]
The Reality of Perception
2003-04-08
Anonymous (1 replies)
Anonymous (1 replies)
Holy crap. This is one of the most pathetic articles I have ever read. From what I can tell, Symantec really has changed this site around.
What kind of tripe are you trying to spread here? You apparently have no idea of the reality of working in a large corporation. Just where exactly did you hea...
[ more ] [ reply ]
What kind of tripe are you trying to spread here? You apparently have no idea of the reality of working in a large corporation. Just where exactly did you hea...
[ more ] [ reply ]
The Reality of Perception
2003-04-09
Gary Fisher
Gary Fisher
If Symantec had anything to do with content on this site, your troll would not have made it here, would it? What *has* changed about this forum is that is used to be a place where professionals could come to see what other professionals' take on security issues was (this part has not changed) but n...
[ more ] [ reply ]
[ more ] [ reply ]
The Reality of Perception
2003-04-08
Anonymous
Anonymous
Hah, I just read your bio. You really are pathetic. At least you're not trying to hide the truth.
So, you're a security consultant for Micro-Crap, err, I mean -soft. Wow, that explains it. You're their security consultant, and you blame all the security problems of MS on the end users.
Must be...
[ more ] [ reply ]
So, you're a security consultant for Micro-Crap, err, I mean -soft. Wow, that explains it. You're their security consultant, and you blame all the security problems of MS on the end users.
Must be...
[ more ] [ reply ]
My look on things
2003-04-08
DC0 (1 replies)
DC0 (1 replies)
Now, in this post im not saying either nix or windows is more insecure than the other. I leave that up to the reader...
However, look at the majority of the people who run Linux, and several other flavors of *nix. Most are young college students or high school students who are trying to expand t...
[ more ] [ reply ]
However, look at the majority of the people who run Linux, and several other flavors of *nix. Most are young college students or high school students who are trying to expand t...
[ more ] [ reply ]
My look on things
2003-04-10
Anonymous
Anonymous
Last I checked most High school and college students hadn’t gotten past user stage in windows. As for the business world well most companies use a mix of both...especially most companies on the net. Hell Microsoft use Unix boxes to firewall their systems, and last time I checked Apache had a c...
[ more ] [ reply ]
[ more ] [ reply ]
It's easy Tim - listen up!
2003-04-08
Anonymous
Anonymous
I run Microsoft software that has been secured with every patch and fix available. However, there are still holes waiting to be found, and holes that will never be fixed at all! So even though I have done my part, MICROSOFT has not done thiers... Hence the high number of people concerned. The 't...
[ more ] [ reply ]
[ more ] [ reply ]
Windows 2000 Server -- with 3 months of free MSN access !
2003-04-08
Chris Caydes
Chris Caydes
Well, Mr. Mullen's columns are certainly those whose get the most comments posted... And that is why I like about them...
I would have to disagree with the above comment that stated that MS softwares cannot protect themselves against holes with anything else than a patch.
There are various secur...
[ more ] [ reply ]
I would have to disagree with the above comment that stated that MS softwares cannot protect themselves against holes with anything else than a patch.
There are various secur...
[ more ] [ reply ]
The Reality of Perception
2003-04-08
Wisconsin (1 replies)
Wisconsin (1 replies)
You have finally exposed the incompetant fools who continue to bash Microsoft. Let them try and support os2, or Mac's for a day, they will be begging for their Microsoft boxes back!!!...
[ more ] [ reply ]
[ more ] [ reply ]
The Reality of dumb people - "I see dumb people".
2003-04-09
Anonymous (8 replies)
Anonymous (8 replies)
I think everyone that uses UNIX/Linux are highschool/junior college boys who have never worked in the real world and have never seen a W2K active directory environment before. The security parameters are limitless, group policies, IPSec (which works at the IP layer), registry manipulation (I attache...
[ more ] [ reply ]
[ more ] [ reply ]
The Reality of dumb people - "I see dumb people".
2003-04-09
Anonymous
Anonymous
You think UNIX doesn't have those settings??
Just to name a few
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 0 # 0 for IPSEC
kernel.sysrq = 0
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.icmp_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_keep...
[ more ] [ reply ]
Just to name a few
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 0 # 0 for IPSEC
kernel.sysrq = 0
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.icmp_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_keep...
[ more ] [ reply ]
The Reality of dumb people - "I see dumb people".
2003-04-09
Your Mother
Your Mother
Wow, you are f'ing amazing. Too bad that most (9 out of 10) of your fellow MCSE's are worthless techs (Yes, techs, not admins) that don't have a clue and never will, therefore reducing your supposed secure operating system to a worthless pile of Intel shit. But thanks for posting....
[ more ] [ reply ]
[ more ] [ reply ]
The Reality of dumb people - "I see dumb people".
2003-04-09
Jeremiah Cornelius
Jeremiah Cornelius
Some of who use Unix professionally and as security engineers are not High School kiddies - I began using Unix on a DEC PDP-11 in 1979. You may have valid points about the state of 2000/2003 Server security - on fact I agree with this assesment. Your immaturity and ignorance in presentation do a d...
[ more ] [ reply ]
[ more ] [ reply ]
The Reality of dumb people - "I see dumb people".
2003-04-09
Anonybori (1 replies)
Anonybori (1 replies)
LOL, this shows your experience is limited to M$.
I started my career with M$ but I gor frustrated by it's retardness so I switched to UNIX.
Show me something M$ products can do and UNIX can't....
[ more ] [ reply ]
I started my career with M$ but I gor frustrated by it's retardness so I switched to UNIX.
Show me something M$ products can do and UNIX can't....
[ more ] [ reply ]
The Reality of dumb people - "I see dumb people".
2003-04-10
Anonymous (1 replies)
Anonymous (1 replies)
"Show me something M$ products can do and UNIX can't."
Released to the masses for use at home... I just had a support call, which the user thought her computer was making a weird sound, when it was the girl next door, cell phone. Now you want to give her a nix box? My god no!...
[ more ] [ reply ]
Released to the masses for use at home... I just had a support call, which the user thought her computer was making a weird sound, when it was the girl next door, cell phone. Now you want to give her a nix box? My god no!...
[ more ] [ reply ]
The Reality of dumb people - "I see dumb people".
2003-04-13
Anonymous
Anonymous
'"Show me something M$ products can do and UNIX can't."
Released to the masses for use at home... I just had a support call, which the user thought her computer was making a weird sound, when it was the girl next door, cell phone. Now you want to give her a nix box? My god no!'
Whoops. You for...
[ more ] [ reply ]
Released to the masses for use at home... I just had a support call, which the user thought her computer was making a weird sound, when it was the girl next door, cell phone. Now you want to give her a nix box? My god no!'
Whoops. You for...
[ more ] [ reply ]
The Reality of dumb people - "I see dumb people".
2003-04-10
Anonymous (1 replies)
Anonymous (1 replies)
This kills me - how many of these fixes would have stopped the LoveGate virus? SQL Slammer? MS$ releases buggy code. Even the patches are buggy. Admins should be taking more responsibility, but since the source is CLOSED, there is a line they cannot cross. Black box testing will only take you s...
[ more ] [ reply ]
[ more ] [ reply ]
The Reality of a dumb person - Read and learn something boys.
2003-04-10
Anonymous
Anonymous
See, you just proved my point - you are all children who know nothing of facts, because if you did, you wouldn't assume that buffer overflow's were something that purely affected MS products. If you take a good look at your own OS sometime, you'll see how bug-ridden it is. Let me get some stats for ...
[ more ] [ reply ]
[ more ] [ reply ]
Compensating for something, are we "Mr. Big Bux" ?
2003-04-14
Anonymous
Anonymous
The performace aspects alone should convince anyone who view a 70% performance penalty not to use windows.
Anyone serious about security isn't going to tolerate a closed-source environment from a company known to lie to its customers. so how about YOU get back to the kiddie stuff and leave the s...
[ more ] [ reply ]
Anyone serious about security isn't going to tolerate a closed-source environment from a company known to lie to its customers. so how about YOU get back to the kiddie stuff and leave the s...
[ more ] [ reply ]
The Reality of Perception - Hats off to Mullen!
2003-04-09
Anonymous
Anonymous
Tim,
I have nothing but the up most respect for you. You are taking a leadership role in battling these NIX juggornaughts who are firmly planted in their ways and refuse to budge or learn anything other then what they know. Unfortunately, much of the security industry is ruled by these form of li...
[ more ] [ reply ]
I have nothing but the up most respect for you. You are taking a leadership role in battling these NIX juggornaughts who are firmly planted in their ways and refuse to budge or learn anything other then what they know. Unfortunately, much of the security industry is ruled by these form of li...
[ more ] [ reply ]
dont blame MS-blame these stupid poeple
2003-04-10
ab_s0248@yahoo.com
ab_s0248@yahoo.com
i know all of the people that blame MS for security concern dont khonw anything about security.
they just want to say they have more knowledge than other poeple who using MS products.
they think just because they r using *nix,they r safe and secure.but it is a dream becasue i ma sure they dont kno...
[ more ] [ reply ]
they just want to say they have more knowledge than other poeple who using MS products.
they think just because they r using *nix,they r safe and secure.but it is a dream becasue i ma sure they dont kno...
[ more ] [ reply ]
Blame Microsoft for broken patches
2003-04-10
Anonymous
Anonymous
I can't install SP2 on my system because it breaks a lot of Mission critical apps...so how am I supposed to secure that? Servers not getting patched are not always the fault of lazy admins, more often then not it’s the fault of bad MS patches.
Oh I secure it the same way Microsoft dose with...
[ more ] [ reply ]
Oh I secure it the same way Microsoft dose with...
[ more ] [ reply ]
The Reality of Perception
2003-04-11
Anonymous
Anonymous
You just don't have a choice.
There is no cheap and secure alternative to Microsoft Windows (not in terms of the price of the software obviously, but rather in terms of the ressources required to install, configure and maintain it).
Indeed, given the probability of suffering a malicious attack...
[ more ] [ reply ]
There is no cheap and secure alternative to Microsoft Windows (not in terms of the price of the software obviously, but rather in terms of the ressources required to install, configure and maintain it).
Indeed, given the probability of suffering a malicious attack...
[ more ] [ reply ]
The reason linux is not as frequently attacked is that it is not as popular as Microsoft's product. The day linux and Windows get an equal market share, they will also get an equal 'market share' from the hackers....
[ more ] [ reply ]