On Sat, 26 Dec 1998, Brian Steele wrote:
> >How is this relevent?
>
> Let me try again - how about this quote from LAN Times' Aug 98 test on
> NT Firewalls: "Contrary to commonly held opinions, Windows NT is now
> (at last) a reasonably secure computing platform, and installing and
Care to define "reasonably secure"? That's enough of a moving target to
make the entire quote useless. The last NT security specialist I heard
speak said NT isn't there yet, the networking code still needs a lot of
work and isn't a "reasonably secure computing platform." He also said
Win2k wouldn't quite be there either. Obviously there are several
opinions, just because everyone doesn't share yours doesn't make them wrong.
> configuring a firewall on NT is often more simple than on its Unix
> brethren. Unix firewalls, BECAUSE OF THE OS'S OPEN ARCHITECTURE AND
> LONG LEGACY OF SECURITY HOLES (my caps), are not really any more
> secure, either. "
This is, of course, pure bullshit. Some Unix *implementations* are insecure,
but the OS' open architecture has sprouted several very secure B1 and B2
systems. Obviously then this argument is pure drivel. In fact, the very
fact that you can remove insecure applications such as the window manager
from a machine that doesn't need it is a decided advantage. *That's* an
architecture issue, sendmail isn't. There are a lot of architectural
differences between modern Unix systems and NT, I've yet to see one
that's in NT's favor that isn't in at least one implementation of a Unix
or Unix-alike system.
Perhaps you'd like to point out a real Unix *OS* hole based on the
architecture, rather than an application hole to support this assertion?
With the exception of ACLs, which secure (and some insecure) Unix varients
have, and the possible "super user" issue, which both NT and Unix share
(and is taken care of in compartmented/MLS Unixes but not in any NT
implementations), I can't see a major architectural issue that screams for a
change, care to enlighten me?
LAN Times, the firewall reviewers who bought you "Best Firewall GUI", oh
yes, now *they're* authoritative - Not.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
