Microsoft softwares ARE inherently insecure.

Not because they contain a lot of security holes, because they can not protect themselves against them with anything else than a patch. This means that Microsoft can not be protected at all against a security hole. All they can do is to try to remove the hole.

Under Unix, you can easily protect your application and data against an unpatched security hole. Bind is a good example of that.

Bind contains a lot of security holes and my installation is not patched at all from months. But I'm still secured because it runs as UID in a CHROOT'ed path and all files / directory are read-only for its user. Come and crack it if you wish : the best you will have is a read-only access to my DNS database. The biggest security hole you can imagine in Bind will not help you to compromise neither my DNS database nor any other service in the system.

This is the missing part in Windows : it can not protects you against a malicious program running locally. Unix (including Linux...) can.

And about using Microsoft even when knowing that, it's easy to understand: that's what we call a monopoly!

In many situation, it's difficult to move out of Microsoft's hands and the choice is not from the same people than those who answered the survey.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/152/19195#19195