The problem isn't what we know can happen - the problem is what you don't know can happen. Unfortuanately Microsoft (and they're not alone, most other OS's have the same problem, with the possible exception of OpenBSD) is not very proactive about security.
This link is a bit out of date, but it illustrates the problem (they stopped collecting data for this chart in mid-2001, so don't assume that the smaller numbers for 2001 mean that OS developers are getting better at this): http://online.securityfocus.com/sfonline/vulns/stats.shtml Also, don't assume that the smaller numbers for MacOS and BeOS mean that these OS's are secure. MacOS and BeOS are rarely used as Internet servers, and the smaller numbers for these OS's is more likely to be the result of fewer people trying to hack them rather than the result of better security. New exploits are discovered nearly twice a week for Windows and Linux! Keep in mind that these vulnerabilities didn't suddenly pop into being just before they were found by the good guys -- it's quite likely that many or even most were found buy the bad guys before they were found by the good guys. Given historical trends, there are probably hundreds of vulnerabilities in Windows and Linux that haven't been discovered by the good guys yet, and the chances are that many of them are already known by some of the bad guys. Put this all together, and you can see that a Windows or a Linux host sitting on the Internet without a firewall is just an exploit waiting to happen. Mike Burden Lynk Systems http://www.lynk.com (616)532-4985 [EMAIL PROTECTED] > -----Original Message----- > From: Marc Suxdorf [mailto:[EMAIL PROTECTED]] > Sent: Friday, August 16, 2002 4:06 AM > To: [EMAIL PROTECTED] > Subject: [gb-users] win2K security problems, the facts! > > > Hi everyone! > > I was just following the thread and your loud screams > concerning opening a client entirely to the Internet. > As a security "Junior" (in terms of knowledge <g>), I dare to > ask a simple question: > > What exactly and with what possibilities in terms of > definitely, likely, unlikely can happen to a Win2K machine > out of the box (all service packs, all security updates), > which is left unattended permanently connected to the Internet. > > Nowadays everyone is talking about Internet Security, all the > unbelievable great dangers out there, the hackers, the > crackers, the script kiddies, but I have never found a source > that lists the actual possibilities that can happen as well > as the likelihood of such things. > > Maybe you girls and guys could finally cast some light in > these mysteries (mysteries in my head at least..) > > Thanks a lot and have a nice weekend (go home early today) > > Marc > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archive of the last 1000 messages: > http://www.mail-archive.com/[email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
