James P. Saveker wrote:
Some personal thoughts,really? then are some ofhte flaws in win nt4 able to be exploit in 2k3? NOt a very good code review in my eyes.
Yes indeed it's no secret that Microsoft valued functionality over security for many years. I think that's how they are a market leader today. This model could not be sustained however, as with the advent of exponential internet growth security has undoubtedly become a major concern.
Microsoft has in there defence started the trustworthy computing scheme, which many would not hesitate to laugh at. However windows server 2003 does not by default load unnecessary services. Microsoft has developed "bits" client to downloaded patches requiring minimal user interaction depending on the configuration. In the enterprise they have improved SMS server to deploy patches across "bits". For smaller business they offer SUS for FREE. The code they produce is far more stringently tested in regard to security than perhaps it was before.
because it has been up to htis point marketing combined with FUD..which unfortunatly many buy into.
The key to increasing the windows security model is not just one thing, however with the advent of granular code patches will be smaller and cheaper to deploy requiring much less bandwidth than today. Longhorn will be a big jump for Microsoft and a major test of the trustworthy computing yada yada.
I do not understand why people knock Microsoft so much in regard to security today.
I regularly hear people talking about how many vulnerability's
Microsoft has and how poor this is. As everybody subscribing to this listhere we go..apples to oranges..you have to take thelinux kernel AND all the 3rd party packages and combine them to approach MS's vulnerablility numbers..nice try..:)
and similar zone-h, bugtraq etc will know Linux has many warnings posted
also.
Yet I rarely hear people talking about that and indeed how it is far
considering that linux is the #1 webserver paltform..hackers nail it all the time..though most tiems they are able to deface or own due to admin misconfiguring rather than code that is filled with bugs and holes.more difficult to keep linux distro's up to date. Windows has a far greater end user base than any other operating system. It would be a fair assumption to then say that perhaps virus writers and "hackers" are going to look for ways to exploit windows far more than other "end user" system in order to gain greater penetration. That is not to say that people do not look for sploits in web application servers running nix and other such systems in respect to the amount of nix servers on the net.
I don't mean to open an open "sauce" debate but merely say my bit and see others peoples views on the topic.
James Saveker
"The only thing which helps me maintain my slender grip on reality is the friendship I share with my collection of singing potatoes..."
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
