, 2003-04-07
A new poll finds that seventy-seven percent of security professionals believe Microsoft products are insecure. But a closer look at the survey tells a far more interesting story.
Expand all |
Post comment
The Reality of Perception
2003-04-07
Anonymous (6 replies)
Anonymous (6 replies)
The Reality of Perception
2003-04-07
Bill Hey <bill.hey@nospam.dsia.com> (1 replies)
Bill Hey <bill.hey@nospam.dsia.com> (1 replies)
The Reality of dumb people - "I see dumb people".
2003-04-09
Anonymous (8 replies)
Anonymous (8 replies)
The Reality of dumb people - "I see dumb people".
2003-04-09
Anonybori (1 replies)
Anonybori (1 replies)
The reality is, not all of these security professionals have the final say when it comes to operating system deployment. Now, it's easy to make assumptions, as you've done quite liberally, and find supposed contradicitons in the survey data, but have you considered the case where a security professional is put inside an organization's infrastructure and simply told by management to "make us secure"?
Patch management is a very small part of this equation. Take the latest IIS exploit via WebDAV. We haven't seen the last attack vector on this issue, and it's not because admins failed to install the first two patches that actually failed to patch the problem, and the third, which undid all prior patching, it's because the product is inherently broken. It's poor code. Period.
I can't choose what my clients run, some applications are MS-dependant, and we work with that, it's called defense in depth, but we need that because there are weak links in the security chain. Microsoft just makes weakening that chain much easier.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/152/19184#19184