, 2002-04-15
Don't blame Microsoft. They gave you the patch; it's your responsibility to use it.
Expand all |
Post comment
The Buck Stops Where?
2002-04-15
Nighthawk (3 replies)
Nighthawk (3 replies)
The Buck Stops Where?
2002-04-15
MG (1 replies)
MG (1 replies)
The Buck Stops Where?
2002-04-16
Anonymous (1 replies)
Anonymous (1 replies)
Your God offer you nothing else than pure shit your still
happy with that! Don't blame others one to not like it!
"All softwares have security weakness"
"All softwares need patches"
...
Just try to compromise my Apache server, not patched
from 3 years and under its default config ! Good luck !
You will not. Apache is designed in a safe way and mine
runs in a safe OS and I compile it, so any return address
will be different.
Microsoft's philosophy FORBIDES quality at each level.
--A completely re-coded version in 5 years or less.
The result is a warranty to have the maximum amount of
conception bugs and coding bugs.
--Components trusts each others
In Unix, a programs is isolated and not trusted by any
others one than itself. If it fails, it fails alone and
can not damage any one else. In Windows, a single failure
will damage the entire system. You can not patch this :
its in the most basic concept of Windows. As long as each
parts trust each others, a single failure will destroy
the entire system. This is not pretty fail-safe... and
can not be removed neither from IIS nor Windows
--Windows can not restrict ritghts
In Unix, Apache do not have ROOT access. If you compromise
it, you become NoBody and can not so much. Also, CHROOT'
Apache and you will improve an already safe setting.
Did you try to remove Admin's rights in Windows ?
Did you try to CHROOT something in Windows ?
You can not : Windows can not restricts the few rights
it offer.
--Datas and commands are the same for Microsoft
When the same thing can be a data or a command, the
security drops. A system must accept to receive data, so
it must accept to receive commands. Receiving commands is
much more dangerous than Data.
All of that, and much more, is not a specific weakness in
IIS or Microsoft. Its a global security hole in all the
basis of Microsoft's products. As long as these fundamental
weakness will stay, no application can be considered as
secure.
All softwares have bugs, but those from Microsoft are in
a situation where you can be sure these bugs will be very
powerfull, in large quantity and quickly usable.
Softwares from any where else will have bugs too, but many
are in a situation reducing natively :
the number of bugs (the software gain experience with time)
the power of these bugs (reduced in many differents ways )
Critical security hole like those in Microsoft concepts
forbides any security after this step.
The second ridiculuous point is the patch itself.
Did you remember from 1rst may 2001 to 15 june 2001 ?
There was not 1, neither 2 but 3 new remote exec as admin
against IIS. Receiving A patch from Microsoft, testing it
in a laboratory and installing in production take at least
3 weeks per patch. But there is a new remote exec as admin
each 2 weeks. You are exposed to 150 %, meaning that you
are always exposed to at least 1 security hole (100%), but
half time, you are exposed to 2 (+50%). And this, over a
period of more than 2 months. Wow : Microsoft give you the
patch, so you are now the only reponsible... Wow : Your
SysAdmin are the problem, not my GOD, Microshit.
Really guy, use your mind a little bit more !
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/74/11889#11889