All right Microsoft bashers... bring it on.....
I would suggest that Microsoft OS's, including XP (Which I have installed on
a computer on the Internet) are the most secure OS's one can buy for any
computer platform.
In reviewing the last 60 reported incidents on the Cert/CC Advisory site, 26
were related to Unix Os's, and 11 were related to Microsoft, including 5 of
this related to Lotus Notes vuneribilities, not MS OS vunerabilities.
Sure, a lot more people use Microsoft OS's.This is why it gets a lot of
press. Microsoft provides a mechanism in the OS to automatically upgrade or
install the latest security patches (This can be completely automated in
XP). But what about Linux.. you ask? Well, if I was to go back 2-5 years, I
will find a great many more Linux related vunerabilities. The reason is that
development of Linux is very slow. Fewer changes means fewer vunerabilities.
So what about Microsoft's failure in preventing read access to the source of
Windows? I recall a little known incident were SUN was compromised a few
years ago. A pair of hackers got into a Solaris server that contained the
Source for Solaris 6. Had they been programmers instead of script kiddies,
they could have easily written a back door into every Solaris 6
installation. They had even tried to find a programmer who could do it. The
server of course was configured with the default settings, which uses a
standard admin account. This sounds much scarier that some guy copying some
binaries that he could have gotten if he had applied to be a beta tester.
Marc said:
> Well, let's see...if Windows XP is released in its current form with full
> raw sockets, IP spoofing will be able to be done by any relatively bright
13
> year old with an understanding of Windows
What about Linux? Here is a linux spoofing script which runs native on
Linux. http://www.nmrc.org/files/unix/ip-exploit.txt.
It includes the source code. So what's the difference. It appears easier to
me to use the Linux version of IP spoofing. Linux is free, the source is
available, so why is unix based OS's not condsidered a major threat.
Hackers are now able to get past the prohibited "Raw sockets" built into
Windows 9X-2000 now. Raw sockets, as it will be implemented in XP, is
identical to the standard set in Unix 20 years ago.
What does this smell like? It smells like a bunch of Unix Geeks who are
self- rightous about their "superior" OS, and they don't want the 'little
people' granted _so_ much power they have had for so long - A regular
"Forgive them, Lord, for they know not what they do".
- DoS attacks will become
> routine - most websites will experience one
I do not know of an instance where an exploit of MS OS's participated in a
major DOS attack. As far as I know, the high profile DOS attacks came from
Unix boxes, mostly from from .edu's and .gov's. Why will there be more DOS
attacks?
Sone pundits of the Raw Sockets are suggesting that XP will be the computer
of choice in DOS attacks http://grc.com/dos/winxp.htm . I would side with
Microsoft in the claim that XP will be much harder to exploit than Unix,
despite its ability to wage a DOS attack.
- and what about the
> possibilities for online fraud?
What are the possibilities of off-line fraud? And what does fraud have to do
with OS. Most sites that are hacked are Unix servers. Microsoft has created
easy to use encrypted system built into the browser to do very secure
transactions. Of course, most sites that are hacked are one> unprofessional
sites that should not be in business anyway or two> they are running some
non-Microsoft middleware that is supposed to prevent this sort of thing, but
it happens anyway.
A local police force just broke up an
> online scam where goods offered for sale on eBay were never delivered but
> the money orders sent to pay for them were cashed - and most of the
aliased
> email addresses for the scam were accessed from a computer at a local high
> school.
This sounds like a firewall issue combined with a misconfigured mail server
that is set to relay mail. This is common, but unrelated to OS.
If I were a law enforcement officer, I'd be very scared about
> this...
If I was a cop, I would be much more scared about getting shot! There is far
more money being stolen or laundered off-line than could possibly be done
online.
I am surprised that you did not bash their anti-piracy registration system
for XP. This is the final showdown of Linux VS Windows. Since every techie
out there will most likely have to pay for their OS, just exactly how loyal
are they to free open source software. Particularly overseas, where software
piracy is a way of doing business, will they pay, or will they switch to the
"superior" open source OS.
Despite the intense bashing that goes on for MS, I am willing to bet most
everyone of them will be paying MS 100$ to use XP in the future. But I could
be wrong.
perhaps I am being harsh to poor Marc, but damn it, I am getting sick of
hearing about how horrible Microsoft is. 90% of my grief on a day to day
basis with computers comes from Non-Microsoft software. For now, I'll be
sticking with what works.
Nerd From Hell
"WorldSecure <Freightliner.com>" made the following
annotations on 07/13/01 09:10:37
------------------------------------------------------------------------------
[INFO] -- Content Manager:
The information contained in this communication is confidential and intended solely
for the use of the individual to whom it is addressed and others authorized to receive
it. If you are not the intended recipient, any disclosure, copying, distribution or
taking of any action in reliance on the contents of this information is prohibited. If
you have received this communication in error, please immediately notify the sender by
phone if possible or via email message.
==============================================================================
