Tim Mullen, 2003-10-13
The proposed cure for the Internet's security woes might help Microsoft competitors, but it would only make our security problems worse.
Colapse all |
Post comment
One part spot on, ocmplexity...
2003-10-13
Nicholas Weaver
Nicholas Weaver
One of the major points is not just that Microsoft has a monopoly monoculture, but that it uses its monopoly position to limit interoperability, with one of the primary tools being vastly and artificially increasing complexity.
It is this gross increase in complexity that causes much of the probl...
[ more ] [ reply ]
It is this gross increase in complexity that causes much of the probl...
[ more ] [ reply ]
Yet another bad article from our resident MS apologist
2003-10-13
Hay guys I'm lolling on THE INTERNET! (6 replies)
Hay guys I'm lolling on THE INTERNET! (6 replies)
"The same guy who insists on opening attachments in Outlook will open attachments in whatever newly-developed Just-Like-Outlook software they'll be using on Linux. The same guy who runs as Administrator will run as "root." The same guy who doesn't use IPSec won't use IPChains. And the same guy who d...
[ more ] [ reply ]
[ more ] [ reply ]
Yet another bad article from our resident MS apologist
2003-10-14
Anonymous (1 replies)
Anonymous (1 replies)
The "current crop", yes but not the future crop. The flaw in your logic is that there *is* a reason to believe this will change in the future just like the article says! If Linux owned 50% of the desktop market, EVERYTHING would change! Not realising this is a critical error of yours. ...
[ more ] [ reply ]
[ more ] [ reply ]
Yet another bad article from our resident MS apologist
2003-10-15
Anonymous (4 replies)
Anonymous (4 replies)
While I don't have a crystal ball to refute your claims about future crops of applications, let me point out this:
The way unix works is different. If you compromise a process on windows, you've rooted the box. If you compromise a process on unix - you don't have much.
True, launching exec...
[ more ] [ reply ]
The way unix works is different. If you compromise a process on windows, you've rooted the box. If you compromise a process on unix - you don't have much.
True, launching exec...
[ more ] [ reply ]
Yet another bad article from our resident MS apologist
2003-10-16
Anonymous
Anonymous
It's simply not true that compromising a process on Windows roots the box, unless the process is running as system or as administrator. Which is exactly the same as a unix process running as root.
Oh, and running an executable from an attachment. Outlook for Unix is surely going to save the att...
[ more ] [ reply ]
Oh, and running an executable from an attachment. Outlook for Unix is surely going to save the att...
[ more ] [ reply ]
Yet another bad article from our resident MS apologist
2003-10-16
Anonymous (1 replies)
Anonymous (1 replies)
"If you compromise a process on windows, you've rooted the box"
Huh? NT, 2K, XP has a unix-alike model: you get the permissions it was running as, same as on unix.
"True, launching executable attachments in windows isn't a fault per-se of windows, but opening an e-mail message, or visiting a w...
[ more ] [ reply ]
Huh? NT, 2K, XP has a unix-alike model: you get the permissions it was running as, same as on unix.
"True, launching executable attachments in windows isn't a fault per-se of windows, but opening an e-mail message, or visiting a w...
[ more ] [ reply ]
Yet another bad article from our resident MS apologist
2003-10-22
Anonymous
Anonymous
Am I missing something here or are we talking about corporate America? I thought this article dealt with the strangle hold the kludge called Windows has on "MISSION CRITICAL" environs. I do not believe that Joe (I game all day) Blow Windows boy falls under this classification. The fact of the matter...
[ more ] [ reply ]
[ more ] [ reply ]
Yet another bad article from our resident MS apologist
2003-10-16
Anonymous
Anonymous
Thats not true; compromise a process on a windows box, you run in the context of that process. Not usually administrator, unless that is what was chosen for the service. Same as unix. Look at X closely. . .
The supposed advantages in Unix stem from non-userfreindly front-ends. That'll change, "sp...
[ more ] [ reply ]
The supposed advantages in Unix stem from non-userfreindly front-ends. That'll change, "sp...
[ more ] [ reply ]
Yet another bad article from our resident MS apologist
2003-10-20
Anonymous
Anonymous
What the author is basicaly trying to point out without being blunt is look yeah there is linux, but how will it hold up once it has the scruitiny that microsoft has now. while it is gaining momentum, it still doesnt have nearly the amount of implementations of windows based systems. There are no ...
[ more ] [ reply ]
[ more ] [ reply ]
Yet another bad article from our resident MS apologist
2003-10-14
Anonymous
Anonymous
You forgot to tell us all how the CCIA paper is the last paper that you will read of Bruce Schneier's too. It should be obvious that if a well thought out, accurate column like Tim's drives you to personal censorship that an obvious sell out, got paid to write report from Bruce would have you doing...
[ more ] [ reply ]
[ more ] [ reply ]
Yet another bad article from our resident MS apologist
2003-10-14
Anonymous (1 replies)
Anonymous (1 replies)
I agree, the guy's so boring. Nothing insightful in any of his pieces. Nothing original. Always parroting what everyone else has ever said about a given subject. It's like he scours all other commentators takes on everything, bundles it up in his own package along with his own cutesy analogies, and ...
[ more ] [ reply ]
[ more ] [ reply ]
Yet another bad article from our resident MS apologist
2003-10-14
Anonymous
Anonymous
Hey genius- a little comprehension, please. Linux will indeed *become* as insecure by other bad apps, and other stupid people. Not seeing that shows that you have no concept of what happens in the real world. OpenBSD, the near-perfect product that it is, with its near-perfect security history, wou...
[ more ] [ reply ]
[ more ] [ reply ]
Yet another bad article from our resident MS apologist
2003-10-16
Anonymous
Anonymous
I think you miss the point entirely. Linux and all *X variants each have had and likely do have ooodles and ooodles of exploitable vulnerabilities just waiting there. Ya run Sendmail? BIND? Well, you know what I mean, then. Up until now, the perceived or actual difficulty in using, acquiring, or eve...
[ more ] [ reply ]
[ more ] [ reply ]
Truly, you can't be serious....
2003-10-16
Axe-2-Grind
Axe-2-Grind
The chances of you not reading another article by Tim is pretty slim. It is evident that you have an agenda of your own, and simply use Tim's articles as stimulus for your addiction.
First, as Tim is a Microsoft supporter, he does not have to be unbiased, however, on occasion IS unbiased. I rem...
[ more ] [ reply ]
First, as Tim is a Microsoft supporter, he does not have to be unbiased, however, on occasion IS unbiased. I rem...
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-13
Anonymous (2 replies)
Anonymous (2 replies)
Right on the money Tim! Couldn't have said it better myself. These same mono-culture-phobic chicken-littles would be silent as church mice if Linux controlled 90% of the PC market and NOT because we wouldn't have plenty of security issues to deal with...we would.
Let the marketplace play out. ...
[ more ] [ reply ]
Let the marketplace play out. ...
[ more ] [ reply ]
What free market?
2003-10-14
Anonymous (1 replies)
Anonymous (1 replies)
The problem is the software market isn't really free. Microsoft uses their monopoly position to prevent other options from being explored. Dell and several other companies, for example, have been intimidated by Microsoft out of offering other operating systems.
As long as Microsoft can use stro...
[ more ] [ reply ]
As long as Microsoft can use stro...
[ more ] [ reply ]
THANK YOU
2003-10-13
KGW (2 replies)
KGW (2 replies)
This is an angle I've been trying to convince others of since the report came out. From a medium to large corporate standpoint, introducing multiple operating systems and different packages of the same software for all your different OSes to all end users makes patch management and rollout a potenti...
[ more ] [ reply ]
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-13
Anonymous (2 replies)
Anonymous (2 replies)
Timmy,
As usual your full of shit.
"The same guy who insists on opening attachments in Outlook will open attachments in whatever newly-developed Just-Like-Outlook software they'll be using on Linux. The same guy who runs as Administrator will run as "root." The same guy who doesn't use IPSec w...
[ more ] [ reply ]
As usual your full of shit.
"The same guy who insists on opening attachments in Outlook will open attachments in whatever newly-developed Just-Like-Outlook software they'll be using on Linux. The same guy who runs as Administrator will run as "root." The same guy who doesn't use IPSec w...
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-14
Anonymous (1 replies)
Anonymous (1 replies)
IT is a valid point, and I agree. You fail to realize that Linux is also poorly written (byt the host of people who contribute) and is also very vulnerable. ...
[ more ] [ reply ]
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-13
Anonymous (1 replies)
Anonymous (1 replies)
I think the word you're looking for is nigh. Neigh is a sound that horses make....
[ more ] [ reply ]
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-13
Anonymous
Anonymous
"And I've got to tell you-- thinking about having government mandated operating systems scares the pants off of me."
Damn right!
Government mandated ANYTHING scares the pants off me. (BTW, I'm naked under these here pants!)
Computer security, health care (imagine a trip to the doctor crosse...
[ more ] [ reply ]
Damn right!
Government mandated ANYTHING scares the pants off me. (BTW, I'm naked under these here pants!)
Computer security, health care (imagine a trip to the doctor crosse...
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-13
Anonymous (2 replies)
Anonymous (2 replies)
You missed the point: for a given vulnerability, even if the "dumb user" doesn't change, you have *fewer affected machines*.
Why? Because they aren't all running the same exact platform, and aren't neccessarily vulnerable to the same exploits.
The point is that it doesn't matter what the OS is,...
[ more ] [ reply ]
Why? Because they aren't all running the same exact platform, and aren't neccessarily vulnerable to the same exploits.
The point is that it doesn't matter what the OS is,...
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-14
Anonymous (1 replies)
Anonymous (1 replies)
I wonder if you bothered reading the article. THERE WOULD NOT BE FEWER MACHINES IF THEY WERE 50 PERCENT OF THE BASE! Duh!!!...
[ more ] [ reply ]
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-16
Anonymous (1 replies)
Anonymous (1 replies)
50% < 90%
Which means that no single exploit could bring down more than 50% of all computers, where a single Windows exploit now can bring down 90%.
But to get real diversity, you need to get the biggest market share under 10% - and get the number of common OS up to 15 or so.
Which is why, ...
[ more ] [ reply ]
Which means that no single exploit could bring down more than 50% of all computers, where a single Windows exploit now can bring down 90%.
But to get real diversity, you need to get the biggest market share under 10% - and get the number of common OS up to 15 or so.
Which is why, ...
[ more ] [ reply ]
Great article: we need central planning
2003-10-14
Anonymous
Anonymous
This is a totally excellent article. Security has nothing to do with competition creating systems which are easier to fix. Definitely, the ability to choose systems where we control which components are active and can minimise our vulnerability footprint adds nothing.
What we need is a central ...
[ more ] [ reply ]
What we need is a central ...
[ more ] [ reply ]
What is author's suggestion?
2003-10-14
Anonymous (1 replies)
Anonymous (1 replies)
It's really easy to critisize anything, including this report. But I would expect some alternative suggestions from the author of the article if he doesn't like the suggestions in the report.
Of course, a "dumb Linux user" would patch his system as rarely as a "dumb Windows user". But the differenc...
[ more ] [ reply ]
Of course, a "dumb Linux user" would patch his system as rarely as a "dumb Windows user". But the differenc...
[ more ] [ reply ]
What is author's suggestion?
2003-10-14
Anonymous
Anonymous
Who's to say BOTH world's wouldn't come under attack at the same time? If MS owned 50% of the market and Linux had %50 then with any given worm/virus, half the world goes down. This is better? Also, now we have to maintain multiple environments, just to avoid mono-culture??? Mono-culture has its...
[ more ] [ reply ]
[ more ] [ reply ]
Jim Allchin's testimony to congress holds up CCIA conclsions
2003-10-14
ark0n
ark0n
One just has to look back at Jim Allchin's (VP of Winows OS division) testimony in which he states that if M$ where to open even some of Windows OS source code, it would be a danger to National Security. Even in the book "Hack Proffing Your Network" whose authors often are found in Security Focus,...
[ more ] [ reply ]
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-14
Anonymous (2 replies)
Anonymous (2 replies)
I would hope that the users who don't use IPSec would also not use IPChains, since they have nothing to do with each other. IPSec is an IP level encryption option, IPChains is an old, oudated firewall system. IPChains has been replaced by IPTables.
Other differences also exist: Except for Lindow...
[ more ] [ reply ]
Other differences also exist: Except for Lindow...
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-14
Anonymous (1 replies)
Anonymous (1 replies)
I just love posts like this, where you people bash others when you don't know what you are talking about. IPSec is a fully featured firewall- learn before you post Linus. While it is also a means of providing network level encryption, it is JUST LIKE IPChains in that respect. Back to school, Jr. ...
[ more ] [ reply ]
[ more ] [ reply ]
IPSec != Firewall
2003-10-14
Anonymous (3 replies)
Anonymous (3 replies)
Perhaps you should be doing your homework first. IPSec is not a firewall. Microsoft does have some firewalling abilities, but that is not IPSec. IPChains is also far from "full featured", and is dead and buried with the 2.2 Linux Kernel.
From the Wikipedia: "IPSec (abbreviation of IP security)...
[ more ] [ reply ]
From the Wikipedia: "IPSec (abbreviation of IP security)...
[ more ] [ reply ]
IPSec != Firewall
2003-10-15
Anonymous
Anonymous
I'll jump in here, and you clearly did not do your research when you said the other guy did not do his research when talking about the first guy not doing HIS research. And like you said, If you are going to berate someone for berating someone, get *your* facts right first. IPSec provides excellent...
[ more ] [ reply ]
[ more ] [ reply ]
IPSec ~= Firewall
2003-10-15
Did my research (2 replies)
Did my research (2 replies)
IPSec, the standard, is not a firewall. However, the Windows implementation of IPSec does provide firewall capability (albeit seemingly by accident), and can be used as a firewall. It's not an amazingly advanced firewall, but it can filter and block traffic according to protocol, port number, IP ad...
[ more ] [ reply ]
[ more ] [ reply ]
IPSec ~= Firewall
2003-10-20
Anonymous
Anonymous
while not a firewall in exact meaning, what it does do is create a secure connections or "tunnels" directly between the two pcs with strong encryption methods to ensure that it is indeed from that person on the other end. In essence it is a firewall between the two pcs, but only when a ipsec connec...
[ more ] [ reply ]
[ more ] [ reply ]
IPSec DOES = Firewall- You are all just tools!
2003-10-22
Anonymous
Anonymous
Seemingly by accident? Seemingly to someone who does not know any better you mean! If it was by accident, there would not be a "BLOCK" action, now would there mister "did my research"??? Microsoft's implementation was designed to include firewall capabilites. In and Out. I use it all the time, a...
[ more ] [ reply ]
[ more ] [ reply ]
IPSec vs. IPChains
2003-10-14
Anonymous (2 replies)
Anonymous (2 replies)
"I would hope that the users who don't use IPSec would also not use IPChains, since they have nothing to do with each other. IPSec is an IP level encryption option, IPChains is an old, oudated firewall system. IPChains has been replaced by IPTables."
I suspect Tim meant IP Security, which is part...
[ more ] [ reply ]
I suspect Tim meant IP Security, which is part...
[ more ] [ reply ]
IPSec vs. IPChains
2003-10-15
Anonymous
Anonymous
IP Security (under Advanced TCP/IP Settings > Options) allows you to setup your computer to use IPSec /encryption/.
The setting right below that, TCP/IP filtering does, guess what, /filtering/.
IPSec and TCP/IP Filtering are accessed through the same way, (at least in Windows 2000), but TCP/IP...
[ more ] [ reply ]
The setting right below that, TCP/IP filtering does, guess what, /filtering/.
IPSec and TCP/IP Filtering are accessed through the same way, (at least in Windows 2000), but TCP/IP...
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-14
ab_s
ab_s
i am agree with this topic.don't blame the microsoft whenever your windows operation system do not use any kind of built-in protection.when your web server is wide open against hackers for a wide range of open ports and you don't know that your OS support 2 built-in (in XP/2003 ICF is another option...
[ more ] [ reply ]
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-14
Chris Caydes (1 replies)
Chris Caydes (1 replies)
I believe what the report meant to say is that if Microsoft did not have such a monopoly status in the first place, then perhaps they would develop more secure and less complex software.
By breaking the monopoly, the CCIA hopes to create competition that will induce all competitors to make software...
[ more ] [ reply ]
By breaking the monopoly, the CCIA hopes to create competition that will induce all competitors to make software...
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-14
Anonymous
Anonymous
Every organization has to examine the issue and determine for itself whether the risks of a monolithic environment are acceptable. MS has it's security problems, but so do other platforms. The important point of the article is that putting all of your eggs in one basket is generally a bad idea; rega...
[ more ] [ reply ]
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-14
Anonymous
Anonymous
The basis of the report is not that Microsoft should be broken up or that competition should be created. The point was that corporations/governments/organizations/etc.. that rely to heavily on one technology get bitten. When the RPC/DCOM virus hit the net how many companies were impacted? How man...
[ more ] [ reply ]
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-14
Matthew Murphy (1 replies)
Matthew Murphy (1 replies)
If you take the solution that CCIA proposes out of the picture -- the facts are accurate. Microsoft is an abusive monopoly whose products are *ALWAYS* more insecure than competitors products for the same purposes.
The fact remains even the newest of Microsoft's code is based on antiquated tech...
[ more ] [ reply ]
The fact remains even the newest of Microsoft's code is based on antiquated tech...
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-15
Anonymous (1 replies)
Anonymous (1 replies)
So, I guess the solution is to disconnect from the internet and junk all networks, since "same old dumb user" is the real problem -- since no one will bother to train end users (won't mention training of technical support staff or infrastructure maintenance staff).
pundits.
...
[ more ] [ reply ]
pundits.
...
[ more ] [ reply ]
CCIA Report is Bad Medicine - openssl
2003-10-15
anonymous
anonymous
I don't know about the rest of you - but the OpenSSL exploit (http://www.cert.org/advisories/CA-2003-26.html) sure pointed out to me that we have widely disparate systems that are vulnerable to the same style of 'mass exposure'. I've got imbedded OpenSSL issues in what I'd previously thought of as ...
[ more ] [ reply ]
[ more ] [ reply ]
Mellen doesn't get it
2003-10-15
Anonymous (1 replies)
Anonymous (1 replies)
Mullen seems to have missed the point. MS products are insecure fundamentally because they are to complex (too many modules) which inherently have trust relationships with each other. And the interfaces between the modules are poorly documented and not well understood.
All in the name of "glitz...
[ more ] [ reply ]
All in the name of "glitz...
[ more ] [ reply ]
Mellen doesn't get it
2003-10-15
Anonymous (1 replies)
Anonymous (1 replies)
Poorly documented? You have no idea what you are talking about. The Windows API has FAR better reference and strucuture than your closed Linux wannabe. ...
[ more ] [ reply ]
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-15
DBrown
DBrown
I believe the causes of distrust with Microsoft stem from the inability to trust the 'fixes' that are distributed by Microsoft. Too often, it is necessary to do significant testing to determine whether the latest patch has truly resolved the declared bug and whether or not this is injected new prob...
[ more ] [ reply ]
[ more ] [ reply ]
Actually, Tim...
2003-10-15
Penguinisto (1 replies)
Penguinisto (1 replies)
You dropped in an awful lot of assumption here.
it all hinges on the word "suddenly", as in: "If 50% of the installed OS base in government and infrastructure was suddenly mandated to be, say, Linux..."
At the rate things are going, no mandate will be necessary ;)
Also, apps have evolved ...
[ more ] [ reply ]
it all hinges on the word "suddenly", as in: "If 50% of the installed OS base in government and infrastructure was suddenly mandated to be, say, Linux..."
At the rate things are going, no mandate will be necessary ;)
Also, apps have evolved ...
[ more ] [ reply ]
Actually, Tim...
2003-10-16
blacklight
blacklight
It would not be my preference in the long run to run a dual Linux/Windows installation: I would much prefer a dual Linux/BSD installation with Windows desktops assuming that users are adamant about running Microsoft Office rather than OpenOffice - As for anyone who is screaming for Outlook, forget i...
[ more ] [ reply ]
[ more ] [ reply ]
Attachments?
2003-10-15
Anonymous
Anonymous
"The same guy who insists on opening attachments in Outlook will open attachments in whatever newly-developed Just-Like-Outlook software they'll be using on Linux."
Yeah, they could *try* to "open" them, but that would require them to save it to disk, chmod them to executable, and then execute th...
[ more ] [ reply ]
Yeah, they could *try* to "open" them, but that would require them to save it to disk, chmod them to executable, and then execute th...
[ more ] [ reply ]
Conveniently glossed right over the whole point
2003-10-15
A no no miss (2 replies)
A no no miss (2 replies)
The thesis of the original paper was not "My OS is better than yours," it was that a computer monoculture is inherently more dangerous--no matter what OS everybody is running. This statement isn't conjecture or guesswork based on some hypothetical situation. This statement is an observation of past ...
[ more ] [ reply ]
[ more ] [ reply ]
Conveniently glossed right over the whole point
2003-10-15
Anonymous (1 replies)
Anonymous (1 replies)
Don't be so arrogant and pig-headed. Saying thing like "we can't argue with your point" simply shows that you are not capable of thinking for yourself. Your statements of monoculture security are a myth. This has been echoed by many prominent security people, Mullen included. Ranum have even publ...
[ more ] [ reply ]
[ more ] [ reply ]
That's all well and good
2003-10-17
Anonymous (1 replies)
Anonymous (1 replies)
But you can't seriously argue that if everybody is using the same webserver on the same OS to serve up webpages and an exploit is found there would be less potential damage than when the market is devided between two different webserver/OS combinations.
If you argue there would be twice as much o...
[ more ] [ reply ]
If you argue there would be twice as much o...
[ more ] [ reply ]
That's all well and good
2003-10-20
Anonymous
Anonymous
not to mention that with two equally competeing targets, attention would be devided between each one, making it a little less consentration on one single operating system since attention would be devided.
It often amazes me how the "zelots" as you put it really think people will just stop findi...
[ more ] [ reply ]
It often amazes me how the "zelots" as you put it really think people will just stop findi...
[ more ] [ reply ]
Not about economics
2003-10-15
Anonymous (1 replies)
Anonymous (1 replies)
It isn't about economics.It's about diversity. Every paper I read that bashes this report goes on about economics or forced requirements. It is about diversity and the need to allow fgurther innovation.
Please, think about what the authors said. The conclusions reached here aren't what I would ca...
[ more ] [ reply ]
Please, think about what the authors said. The conclusions reached here aren't what I would ca...
[ more ] [ reply ]
Not about economics
2003-10-15
Anonymous
Anonymous
Ug. Another ignorant "this article is about Windows vs. Linux" post. Yawn. the CCIA paper is *not* about diversity- it is about trying to bring government control over what operating systems we can use for the good of the membership of the CCIA. The premise is diversity, but the recommendations ...
[ more ] [ reply ]
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-15
Anonymous
Anonymous
Not exactly.
1)There's completely independent development efforts between the sundry UN*X OSes and the applications that run on them, yet the discovered vulnerability base is lower, period. I could say this about Linux distros and the apps therefor.
2)Security does not decrease in a heterogene...
[ more ] [ reply ]
1)There's completely independent development efforts between the sundry UN*X OSes and the applications that run on them, yet the discovered vulnerability base is lower, period. I could say this about Linux distros and the apps therefor.
2)Security does not decrease in a heterogene...
[ more ] [ reply ]
Not bad medicine, just bad....
2003-10-16
Anonymous
Anonymous
Firstly, Tim, Get a new pic... dude... come on.... haha
OK, this is going to address Tim's writeup, as well as a little bit of the paper....
Microsoft, say what you will, but we will use it till our grandkids kids are long gone. Why? Because they were a marketing genius, and now that everyon...
[ more ] [ reply ]
OK, this is going to address Tim's writeup, as well as a little bit of the paper....
Microsoft, say what you will, but we will use it till our grandkids kids are long gone. Why? Because they were a marketing genius, and now that everyon...
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-17
Outraged
Outraged
As a long time network and computer admin, I would have to say that there is no practical way, even if they were proposing to replace all these systems with Mac's, that anything like this is possible. Any anyway, not that I am sticking up for MS, I thought this was supposed to be a free market democ...
[ more ] [ reply ]
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-17
Anonymous
Anonymous
Consider the following completely hypothetical scenario. There are 10 different kinds of OS. They are all totally secure. One day, a zero-day vulnerability is discovered in one of the OSs, call it A, but all other OSs do not have this vulnerability. Furthermore, a worm appears that exploits that vul...
[ more ] [ reply ]
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-17
Paul Kosinski (1 replies)
Paul Kosinski (1 replies)
I take exception to the author's statement "Those who did not act on their Microsoft systems will not act on their Linux systems". When I apply a security patch a Linux system, I can know exactly what it is fixing, since I can get the source. When I apply a Windows patch, I can't know. Furthermor...
[ more ] [ reply ]
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-21
Anonymous
Anonymous
I don't think he is talking about you, Paul. He says "those who don't". Well, you do. It is a very valid point. If these people cannot figure out how to apply a patch to a microsoft box, which in most cases is simple as going to a web site (though WU is pretty lame) they will most certainly not ...
[ more ] [ reply ]
[ more ] [ reply ]
Tim Mullin is Bad Journalism
2003-10-18
SNMPGuru (1 replies)
SNMPGuru (1 replies)
This latest article from Tim Mullin, entitled "CCIA Report is Bad
Medicine" is a serious embarrassment to Security Focus. It offers no
insight that anyone smarter than a chipmunk has not already considered. In fact, I think I may now be dumber for having read it. The
article appears to be not...
[ more ] [ reply ]
Medicine" is a serious embarrassment to Security Focus. It offers no
insight that anyone smarter than a chipmunk has not already considered. In fact, I think I may now be dumber for having read it. The
article appears to be not...
[ more ] [ reply ]
Tim Mullin is Bad Journalism-Why?
2003-10-21
Anonymous
Anonymous
Posts like this are totally worthless. If you feel so strongly on the subject, then you should share your insight with those of us who come here in an effort to learn. Why do you feel this way? What are the counterpoints you have? Without some substance, you do not provide any real argument, and ...
[ more ] [ reply ]
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-23
Anonymous
Anonymous
Okay I think you reached the wrong conclusion. If Joe blow user opens an attachment in Linux he does not make the whole system susceptiple to a problem. If you would spend a little time to understand the differences between the permission set ups in MS and *nix then you might get what the people he...
[ more ] [ reply ]
[ more ] [ reply ]
Reader Comments
2003-10-23
R. Lambert
R. Lambert
Undoubtedly, to the dismay of the 'nix Zealot crowd on SecurityFocus, I believe that introducing another OS into the network is indeed a bad idea. Why? Suppose there are two or three major vulnerabilities that are exploited at or about the same time. Uh oh. Where do we start? How do we track it down...
[ more ] [ reply ]
[ more ] [ reply ]
CCIA Report is Bad Medicine
2003-10-24
Anonymous
Anonymous
"Windows is a risk to National Security" is a completely off base and unfounded statement...
Wrong.
It is a risk. Or have you forgotten that worms attacking government sites have been known to shutdown entire agencies.
And how about that stupid "0 entry" that crashed an entire Navy ship for...
[ more ] [ reply ]
Wrong.
It is a risk. Or have you forgotten that worms attacking government sites have been known to shutdown entire agencies.
And how about that stupid "0 entry" that crashed an entire Navy ship for...
[ more ] [ reply ]
[ more ] [ reply ]