I tire of reading the posts about the "media and government are blind to the facts", Windows bashing. It's really getting old. And most of it is even untrue. Does anyone know why the first worm was created on Unix? It was honey. The most widely available system out there. Does anyone know why now the majority of viruses are deployed for Windows 32 bit platforms? Because it's honey. The most widely available system out there. It's now easier to write them for Windows because more and more people are becoming familiar with the product and its inner workings.

Lets also talk about patching after the initial installation of an OS. I can recall doing this on Redhat and Solaris both. I guess that's a band-aid scenario there, as well? Howcome nobody mentions that in these articles? How convenient.

Instabilities in Windows? I have Windows Servers that have better uptimes than nix boxes running production. I'd be willing to guess that most of you saying Windows 2000/2003 is unstable haven't really used the product. Because you've sat at the console, done an installation and installed a few next-next-next programs doesn't make you an expert.

The fact of the matter is, any monkey with half a brain can install an OS and get it working. This is even the case with Solaris and Redhat (While I will say RH is much easier to install).

It takes a whole different kind of monkey to prep the server for production, fine tune and implement effective security policies. I don't mean just with the software. Educating your users and bringing them to understand the dangers of irresponsible computer use is an important step in ensuring the integrity of your network. The fact of the matter in this story is the network was improperly secured, and probably due to a lack of documentation and communication between the staff members responsible.

The same thing could have happened on a nix infrastructure left vulnerable to attacks. Lazy sysadmin'ing and not applying patches doesn't just affect Windows. It affects EVERY OS out there.

So stop using Microsoft as a scapegoat and start doing your job properly!

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/6767/21759#21759