Just because you don't see it as a Microsoft thing doesn't mean that it isn't. It is a M$ thing because M$ is not as proactively secure as the Linux community of developers and users. Shall we start comparing the records of Linux vs M$ security patches and time taken to announce them? Should we even consider the large disparity of the number of viruses created for each OS? And then let's compare how easy/difficult it would be for an average user to secure a RH box vs a M$ box. Any body can make a tool that turns off services and closes ports on a Linux box due to its open nature. The same ain't as easy for a M$ box. And RH ain't Linux. Sure, RH should be held responsible for stupid default configs by Gibson, but not all Linux or Unix vendors. The reason I'm taking Gibson's side (partially) is that M$ has a larger responsibility for the network security of its users since it has the majority of unknowledgeble home users. IMHO, M$ could be doing a lot more to make its OSs secure, but it chooses not to do so in order to keep market share (ex: .vbs in Outlook). This is irresponsible, and this kind of thinking lead to a temporary spate of DDOS attacks. But again, I say let M$ do as it pleases. I see it digging its own grave. John --- Dustin Puryear <[EMAIL PROTECTED]> wrote: <em>> Well, I don't see this as a Microsoft-thing. Like I <em>> said earlier, raw <em>> sockets have been available for a long time just <em>> about everywhere. And <em>> there is little doubt that, ignoring trojans, a base <em>> RH 6.2 or even RH 7 <em>> install is much more hackable than a base Windows NT <em>> or definately a <em>> Windows 9x box. So can't it be said that UNIX and <em>> Linux vendors should <em>> be held just as responsible? <em>> <em>> Regards, Dustin <em>> <em>> John Hebert wrote: <em>> <em>> > Dustin, <em>> > <em>> > IMHO, this is exactly why Steve Gibson is in a <em>> huff. <em>> > He's basically saying that M$ irresponsibility <em>> > concerning security in XP is going to cause a huge <em>> > increase in DDOS attacks. <em>> > <em>> > This is going to be seen as another point of <em>> > competition between OSs, because your typical home <em>> > user will be pretty upset when they find out their <em>> > machine has been hacked. This is not an <em>> apocalyptic <em>> > scenario, it will instead cause some good changes, <em>> in <em>> > that lots of people will start to learn about <em>> security <em>> > for the first time. I'm looking forward to seeing <em>> the <em>> > M$ propaganda campaign to convince the user it is <em>> his <em>> > fault. <em>> > <em>> > I say let M$ innovate. When the Internet starts to <em>> > come to a crawl, we will either make hackers into <em>> > terrorists or blame Microsoft. Either one is <em>> > interesting with far reaching implications. <em>> > <em>> > John <em>> > <em>> > <em>> > --- Dustin Puryear <[EMAIL PROTECTED]> wrote: <em>> > <em>> >>john beamon wrote: <em>> >> <em>> >> <em>> >>>I don't look to make Linux any "easier" for new <em>> >>> <em>> >>users. I look for new <em>> >> <em>> >>>users who will at least recognize problems and <em>> >>> <em>> >>devote a few minutes a <em>> >> <em>> >>>week to staying on top of their updates. <em>> >>> <em>> >> <em>> >>Well, here is a fundamental difference in opinion <em>> on <em>> >>what users should <em>> >>and should not need to do. I don't feel a computer <em>> >>should be like a car <em>> >>where users need extensive training to use them. <em>> >>Rather, a computer <em>> >>should be like a TV where it can be turned on and <em>> >>just work. <em>> >> <em>> >>Users will not "devote a few minutes a week" to <em>> >>installing updates. <em>> >>Hell, who has the time? Users should just do their <em>> >>jobs and use <em>> >>computers like they use any other work-related <em>> tool. <em>> >>Vendors and <em>> >>administrators have the responsibility of properly <em>> >>configuring and <em>> >>maintaining systems. <em>> >> <em>> >>As far as home users, vendors should properly <em>> >>configure their products <em>> >>with reasonable security. Home users may be <em>> required <em>> >>to do more <em>> >>maintenance work than a business user, but only a <em>> >>little more. It should <em>> >>not be a daily or weekly task to check a vendor's <em>> >>website, download <em>> >>patches, backup system, install patches, check <em>> >>patches, ad nauseum. <em>> >> <em>> >>Regards, Dustin <em>> >> <em>> >> <em>> >> <em>> >>>-j <em>> >>> <em>> >>>On Tue, 3 Jul 2001, Ricky Salmon wrote: <em>> >>> <em>> >>> <em>> >>> <em>> >>>>Date: Tue, 3 Jul 2001 09:31:33 -0500 <em>> >>>>From: Ricky Salmon <[EMAIL PROTECTED]> <em>> >>>>Reply-To: [EMAIL PROTECTED] <em>> >>>>To: [EMAIL PROTECTED] <em>> >>>>Subject: RE: [brluglist] Fw: Steve Gibson's <em>> >>>> <em>> >>July/2001 News from GRC.COM <em>> >> <em>> >>>> ... <em>> >>>> <em>> >>>>Well, to give M$ a little credit (duck), XP is <em>> >>>> <em>> >>supposed to have a fair <em>> >> <em>> >>>>amount of security by default. <em>> >>>> <em>> >>>>But, there's always that relationship between <em>> >>>> <em>> >>Security and Usability (is <em>> >> <em>> >>>>that a word?). I'm sure some <em>> >>>>developers/admins will love the fact that they <em>> >>>> <em>> >>finally get to use Raw <em>> >> <em>> >>>>Sockets, but that in turn decreases <em>> >>>>some amount of security. As people continue to <em>> >>>> <em>> >>add these new features, you <em>> >> <em>> >>>>can't always an "Idiot Proofing" mechanism that <em>> >>>> <em>> >>works well... It's a nice <em>> >> <em>> >>>>double edged sword... <em>> >>>> <em>> >>>>As for current windows machines, a million and <em>> one <em>> >>>> <em>> >>trojans already exist. <em>> >> <em>> >>>>So my question is, is it the responsibly of the <em>> >>>> <em>> >>Vendor to make sure the <em>> >> <em>> >>>>users know how to use a computer, or is it the <em>> >>>> <em>> >>responsibility of the user to <em>> >> <em>> >>>>know how to use a computer? <em>> >>>> <em>> >>>>As much as I love that certain vendor (sarcasm), <em>> >>>> <em>> >>their main focus is to put <em>> >> <em>> >>>>out more productive products with a fair amount <em>> of <em>> >>>> <em>> >>security. There aren't <em>> >> <em>> >>>>enough resources in the world to make sure that <em>> >>>> <em>> >>every Joe Blow isn't leaving <em>> >> <em>> >>>>themselves open... <em>> >>>> <em>> >>>>My 2 cents... <em>> >>>> <em>> >>>>Ricky <em>> >>>> <em>> >>>> <em>> >>>> <em>> >>>>-----Original Message----- <em>> >>>>From: [EMAIL PROTECTED] <em>> >>>> <em>> >>[mailto:[EMAIL PROTECTED] <em>> >> <em>> >>>>Behalf Of John Hebert <em>> >>>>Sent: Tuesday, July 03, 2001 9:02 AM <em>> >>>>To: [EMAIL PROTECTED] <em>> >>>>Subject: Re: [brluglist] Fw: Steve Gibson's <em>> >>>> <em>> >>July/2001 News from GRC.COM <em>> >> <em>> >>>>... <em>> >>>> <em>> >>>> <em>> >>>> <em>> >>>>--- Dustin Puryear <[EMAIL PROTECTED]> wrote: <em>> >>>> <em>> >>>> <em>> >>>>>Hmm. Is this about the raw socket deal with <em>> >>>>> <em>> >>Windows <em>> >> <em>> === message truncated === <p>__________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ ================================================ BRLUG - The Baton Rouge Linux User Group Visit http://www.brlug.net for more information. Send email to [EMAIL PROTECTED] to change your subscription information. ================================================ <!-- body="end" --> <hr noshade> <ul> <li><strong>Next message:</strong> Dustin Puryear: "Re: [brluglist] Fw: Steve Gibson's July/2001 News from GRC.COM ..." <li><strong>Previous message:</strong> Dustin Puryear: "[brluglist] [Fwd: Linux+ Certification Beta]" <li><strong>In reply to:</strong> Dustin Puryear: "Re: [brluglist] Fw: Steve Gibson's July/2001 News from GRC.COM ..." <li><strong>Next in thread:</strong> Dustin Puryear: "Re: [brluglist] Fw: Steve Gibson's July/2001 News from GRC.COM ..." <li><strong>Reply:</strong> Dustin Puryear: "Re: [brluglist] Fw: Steve Gibson's July/2001 News from GRC.COM ..." <li><strong>Messages sorted by:</strong> [ date ] [ thread ] [ subject ] [ author ] [ attachment ] </ul> <hr noshade>
<small> <em> This archive was generated by hypermail 2.1.2 : <em>Thu Sep 06 2001 - 11:10:54 CDT</em> </em> </small> </body> </html>
