> On Wednesday 05 December 2001 11:45 am, Mike Leone wrote: > > > Only correct for those who refuse to admit or are unaware of > > > inherent M$ vuneralbilities. "If you use NT/Win2K/WinXP, you most > > > > I admit to, and am aware of, MS's vulnerabilities, and also how to > > mitigate them; it's part of my job responsibilities. > > There is no way to mitigate inherent M$ vulnerabilities, > specially those that haven't surfaced or been admitted to yet, or > flat out dismissed by M$ as just 'issues'.
You can mitigate MS's vulnerabilities, in the same way you can mitigate Linux's vulnerabilities - patches and config changes. Consider a default Redhat install; what's the first advice given? "Turn off all unnecssary services [config changes], and don't run the version of wu-ftpd that comes with RH, since it has holes [patch it first]". Same advice they give for IIS - altho most fail to follow it, or don't know it. And the default setups for most Windoes OSes are pathetic - hide extensions, auto-execute VBScript, etc. The absolute FIRST thing you do is fix MS's bonehead default settings. It's kind of like the millions of idiots who click on unknown binary attachments that come unexpectedly in the email. No matter how many times you tell them not to - hell, here in Philly, the news stories on the *radio* said that; you don't even need to be technically competent to know what not to do, the frickin' mass media will tell you what not to do - they do it anyway. Note that "mitigate" does *not* mean remove, for either OS. And I will grant that, even after all of that, it is probably easier to crack a fully patched and properly configed Windows system than a similar Linux/Unix. > > Please don't be insulting or dismissive. > > Where's the insult in my remark? > > > Only correct for those who refuse to admit or are unaware of I am not "refusing" to admit anything. You're assuming I am being willfully ignorant and in denial - which is the insulting part, not the "unaware" part. > > No offense, Tom, but you seem to have this knee-jerk pavlovian > > response to certain subjects - accessing the Internet via MS > > products; NVidia's closed source binaries. A more calm response > > might be more effective on those topics. > > I've been on this and other lists for years, and only recently it > seems that some people on this list feel obliged to make ad hominem > comments, and not just towards me. Something I've never done. Fine, > if you don't like my opinion and or what I have to say or the way I > present, then post your opinion and have your say they way you like > to present it. Personal comments either amuse me, or fall on deaf > ears. No offense taken. There's a difference in choosing a philophical stand against using closed source binaries - that's your choice, after all - and giving out incorrect information about an OS, in an authoratative manner. I'm merely pointing out that your blanket dismissal is not completely correct, that's all. > Accessing the Net with any M$ OS and/or software is akin to doing > the same with Linux, running as root, with no firewall or sentry, and > permissions set to 'welcome to crackers'. Proof is in the puddin, as > M$ clients and servers are compromised on a daily basis ... whether > mitigated or not. And Linux boxes can be compromised, too - see Li0n and Ramen, amongst others. I will grant you that it's easier with certain MS OSes - the Win9x/WnMe series, because using them is equivalent to going online as root. No disagreement there. That is not the case with the NT based line (NT/2K/XP). And a properly secured and patched OS (whether MS or Linux/Unix) is essential. As I said, I personally consider even patched Windows to be less secure than patched Linux/Unix, but not nearly the gossamer shell that you make Windows out to be. No one's compromised my NT systems yet, nor the Netware, AIX or Linux boxes I admin; does that mean that the proof is in my pudding?
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
