Claude,
But this discussion is simply about a misstatement of facts. 
I have read, interpreted and reported the facts correctly.
I would thank you to not confuse or change the issue at hand.

Mike

 Michael F. Pitsch
[EMAIL PROTECTED]

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Claude Almansi
(BW)
Sent: Tuesday, May 23, 2006 12:25 PM
To: The Digital Divide Network discussion group
Subject: Re: [DDN] Microsoft: Open source 'not reliable or dependable'

Executive Director wrote:
> " That said, I do wish Microsoft luck in releasing anything soon, and 
> I certainly hope that whatever they release doesn't permit the 
> continued plague of flaws and vulnerabilities that the general 
> population of the world has become familiar with. "
> 
> This opinion of course ignores the fact that that there are more 
> vulnerabilities in Linux/Unix than in Windows.
> 
> "The US Government has reported that fewer vulnerabilities were found 
> in Windows than in Linux/Unix operating systems in 2005."
> http://news.zdnet.co.uk/0,39020330,39245873,00.htm

Thanks for the very interesting article, Mike. Quoting from it:

 > "In the Windows vs Unix debate, the number of vulnerabilities is less
relevant than the amount that are turned into successful attacks. We see far
more successful attacks against Windows, because it's the most common
environment," Greg Day, security analyst at McAfee, told ZDNet UK.

"As Linux becomes more common, we'll see more attacks against it," Day
added.

McAfee recommended firms look more at the probability of attack, rather than
whether an attack is possible. <

The info about the speed with which vulnerabilities are respectively patched
for Windows and for Linux/Unix is also revealing

> 
> Opinions need to be supported to have any value. When you set personal 
> bias aside, facts are a simple google away.
> 
> (...)
> 

Mmm, I'd change that into "... facts are a simple google *and a careful
reading of what you googled* away.

Besides - but there I'll let the tech-competent people confirm or infirm
  what follows - one problem with Windows, if I understood correctly, is
that software applications shoot roots in the system deeper than they do
with Unix/Linux. Hence the big number of security alerts about Explorer,
Outlook Express, but even about Word, like this one for instance:

 > Microsoft Security Advisory (919637)
Vulnerability in Word Could Allow Remote Code Execution
Published: May 22, 2006
<http://www.microsoft.com/technet/security/advisory/919637.mspx>

(...) What causes the vulnerability?
When a user opens a specially crafted Word file using a malformed object
pointer, it may corrupt system memory in such a way that an attacker could
execute arbitrary code. (...)<

The patch will only be released on June 13. Maybe if Microsoft was a mite
more thorough in checking software before releasing it as "stable" 
version, and a mite faster in providing patches, they wouldn't have to be

 > concerned that this new report of a vulnerability in Word was not
disclosed responsibly, potentially putting computer users at risk. We
continue to encourage responsible disclosure of vulnerabilities. We believe
the commonly accepted practice of reporting vulnerabilities directly to a
vendor serves everyone's best interests. This practice helps to ensure that
customers receive comprehensive, high-quality updates for security
vulnerabilities without exposure to malicious attackers while the update is
being developed.<

So, warning users when the vulnerability has already been not only
discovered, but exploited, is what puts users at risk, according to
Microsoft..


Best

Claude

Claude Almansi
Castione, Switzerland
www.adisi.ch






_______________________________________________
DIGITALDIVIDE mailing list
DIGITALDIVIDE@mailman.edc.org
http://mailman.edc.org/mailman/listinfo/digitaldivide
To unsubscribe, send a message to [EMAIL PROTECTED] with
the word UNSUBSCRIBE in the body of the message.


_______________________________________________
DIGITALDIVIDE mailing list
DIGITALDIVIDE@mailman.edc.org
http://mailman.edc.org/mailman/listinfo/digitaldivide
To unsubscribe, send a message to [EMAIL PROTECTED] with the word UNSUBSCRIBE 
in the body of the message.

Reply via email to