On Thu, 15 Jan 2004, Mary Landesman wrote: > This anti-MS drivel is so tiresome.
I'm sorry you find the truth tiresome. Heck, Dan Greer got fired for speaking the truth -- that's pretty tiresome for him. I agree that security is not a product, it's a process. I agree that every product has its security problems. But by ignoring the HUGE security problems with Microsoft, we're doing everyone a disservice. By ignoring the vast differences in openness and responsiveness of open-source vendors to security problems compared to Microsoft's responsiveness, we're denying reality. The fact is that Windows is fundamentally insecure. To give just one example, encoding meta-data in filenames (eg: .exe means "executable") is a monstrous design mistake that has cost the economy billions by allowing virus propagation. That design mistake is impossible to fix without fundamentally changing Windows. It's in a completely different league from "bugs" like buffer and heap overflows. It's a "design flaw", not a "bug". While security is a process, not a product, you'll find that very often, insecurity of a product is something that no process can fix. -- David. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html