Let me add to this that if it weren't for the insecurity of x86
architecture, Windows/OpenBSD wouldn't have to spend time developing
fixes and security schemes for buffer overflows and stack smashing
attacks. The NX flag (on AMD64 archs) tries to alleviate this
problem, but i believe there are ways around this.
On Fri, 28 Jan 2005 11:05:26 -0600, Andrew Baudouin <[EMAIL PROTECTED]> wrote:
> The fundamental difference between OpenBSD and the rest of the world
> is that they spend the bulk of their time auditing code for security
> holes rather than implementing new features and making available the
> latest/greatest software packages. This is why SMP wasn't implemented
> until 2004. I do not know the history of Debian Linux and their
> security policies, but I do know that their "stable" distribution is
> many versions behind the latest and greatest on just about every
> software package.
>
> Outlook has never required root ("Administrator") to work. NTFS is
> based from the ground up on permissions. Windows NT 4.0 and above
> tracked processes by PID and allowed the ability to re-"nice", etc.
>
> I have already said this numerous times, but the reason that Microsoft
> is insecure as it is is because of the previous attitudes within the
> corporation of "provide the most features, the most user-friendliness,
> and do it as fast as possible, we'll fix bugs later."
>
>
> On Fri, 28 Jan 2005 04:49:16 -0600, Will Hill <[EMAIL PROTECTED]> wrote:
> > Is it the hardware or the way it's used? What fundamental differences are
> > there between the Microsoft way and OpenBSD or Debian? Has Microsoft
> > implemented basic precautions such as PIDs tracked by the kernel, users, and
> > root accounts? The last time I checked, processes could still hide, Outlook
> > and other processes had to run as root to work and file permissions were
> > based on some kind of table system rather than inherent in the file system.
> > It's possible Microsoft has leapt over these old problems, but I doubt they
> > can ever do as well as they should and still give Holywood DRM.
> >
> > On Wednesday 26 January 2005 10:21 pm, Andrew Baudouin wrote:
> > > They have made leaps and strides when it comes to security recently.
> > > ... if the x86 architecture were not as insecure as it is, Windows
> > > wouldn't
> > > look half as bad, but the blame can certainly be evenly placed on both
> > > sides of the equation.
> >
> > _______________________________________________
> > General mailing list
> > [email protected]
> > http://brlug.net/mailman/listinfo/general_brlug.net
> >
>
