Claude, But this discussion is simply about a misstatement of facts. I have read, interpreted and reported the facts correctly. I would thank you to not confuse or change the issue at hand.
Mike Michael F. Pitsch [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Claude Almansi (BW) Sent: Tuesday, May 23, 2006 12:25 PM To: The Digital Divide Network discussion group Subject: Re: [DDN] Microsoft: Open source 'not reliable or dependable' Executive Director wrote: > " That said, I do wish Microsoft luck in releasing anything soon, and > I certainly hope that whatever they release doesn't permit the > continued plague of flaws and vulnerabilities that the general > population of the world has become familiar with. " > > This opinion of course ignores the fact that that there are more > vulnerabilities in Linux/Unix than in Windows. > > "The US Government has reported that fewer vulnerabilities were found > in Windows than in Linux/Unix operating systems in 2005." > http://news.zdnet.co.uk/0,39020330,39245873,00.htm Thanks for the very interesting article, Mike. Quoting from it: > "In the Windows vs Unix debate, the number of vulnerabilities is less relevant than the amount that are turned into successful attacks. We see far more successful attacks against Windows, because it's the most common environment," Greg Day, security analyst at McAfee, told ZDNet UK. "As Linux becomes more common, we'll see more attacks against it," Day added. McAfee recommended firms look more at the probability of attack, rather than whether an attack is possible. < The info about the speed with which vulnerabilities are respectively patched for Windows and for Linux/Unix is also revealing > > Opinions need to be supported to have any value. When you set personal > bias aside, facts are a simple google away. > > (...) > Mmm, I'd change that into "... facts are a simple google *and a careful reading of what you googled* away. Besides - but there I'll let the tech-competent people confirm or infirm what follows - one problem with Windows, if I understood correctly, is that software applications shoot roots in the system deeper than they do with Unix/Linux. Hence the big number of security alerts about Explorer, Outlook Express, but even about Word, like this one for instance: > Microsoft Security Advisory (919637) Vulnerability in Word Could Allow Remote Code Execution Published: May 22, 2006 <http://www.microsoft.com/technet/security/advisory/919637.mspx> (...) What causes the vulnerability? When a user opens a specially crafted Word file using a malformed object pointer, it may corrupt system memory in such a way that an attacker could execute arbitrary code. (...)< The patch will only be released on June 13. Maybe if Microsoft was a mite more thorough in checking software before releasing it as "stable" version, and a mite faster in providing patches, they wouldn't have to be > concerned that this new report of a vulnerability in Word was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.< So, warning users when the vulnerability has already been not only discovered, but exploited, is what puts users at risk, according to Microsoft.. Best Claude Claude Almansi Castione, Switzerland www.adisi.ch _______________________________________________ DIGITALDIVIDE mailing list DIGITALDIVIDE@mailman.edc.org http://mailman.edc.org/mailman/listinfo/digitaldivide To unsubscribe, send a message to [EMAIL PROTECTED] with the word UNSUBSCRIBE in the body of the message. _______________________________________________ DIGITALDIVIDE mailing list DIGITALDIVIDE@mailman.edc.org http://mailman.edc.org/mailman/listinfo/digitaldivide To unsubscribe, send a message to [EMAIL PROTECTED] with the word UNSUBSCRIBE in the body of the message.
