It's ALWAYS broken :) There's no all-the-time secure code. Not because of programming mistakes, not because of miscompilations - but because of that simple fact : the situation is always changing. And there's no program for all the purposes. I'm still using FreeBSD Branch 4, but there's a fifth branch, some Linuxes are improved greatly.... But all the time I'm setting up a server I'm making it based on FreeBSD v4. Why? The old-debugged code is the best! Every feature is a hole and breach. It's not a reason to stop adding the features, but it's a good reason to point our attention to the question : do we practically NEED the feature we want to add? Look at 'em all. And try to answer that question for all of them. Then you'll see, that at least 60% of features are more theoretically than practically useful. Especially in Windows OS. Try to use Windows NT 4 Server, if you really need a WINDOWS-server. Is there something wrong with it? No. It's just old, but not bad. Or use FreeBSD/OpenBSD for your server - are they worse than Linux? On a contrary... The key security hole is located not in code, not in hardware - it's in end-user mind. They often prefer more simple-administrable things rather than more complex but secure ones... Until we'll that problem - we'll always be in potential danger. The example you've mentioned - a BlackBox - is the rare good example of code creation art. I'm using it too - and it's much more useful than another unstable ones... By the way - my example for the same kind of software is OpenBSD - look at it. It's pretty good in secure way. Yes, they're adding a features. But most times only ones we really need.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/341/32177#32177