If the comments I've read so far weren't so scary in their implications, they'd be funny.

Any 'Security Professional' worth his/her own s**t would tell you that you must have 'Defense in Depth'. If you forget or neglect any layer then you leave yourself vulnerable. You have to guard the network, OS, Application, AND the door. You have to secure the SYSTEM. That means EVERYTHING in the system.

The original article is correct in stating that the 'vulnerability' in Windows is not really a vulnerability.

The sad thing is that these types of discussions only detract from Information Security in general. Too many people will read the mainstream article and over react, or be distracted from something else more important.

I'm not in love with Microsoft's Security models, but let's face it, if you implement them PROPERLY, they they do in fact work. There are just as many (actually more given the variants) patches issued by the *NIX world as the Windows world, the Microsoft ones just get more play in the mainstream media because the installed base is so much larger and more gullible.

Don't be gullible!

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/144/18526#18526