Forwarded from: Jason Scott <jscottat_private> On Tue, 17 Dec 2002, InfoSec News wrote: > > Forwarded from: Mark A. Simos <MSimosat_private> > > Cc: myemailaccountat_private > > > > The attacks on Microsoft's security are getting repetitious and > > counter-productive. There are plenty of flaws in many open source > > products that could be listed and lambasted on a list such as this. Excellent, then. While we continue to point out the flaws and possibly intentional oversights in Microsoft's security, and how EVERY SINGLE E-MAIL BOURNE VIRUS can credit Microsoft's Products with working, let's aim our sights on Open Source, too. There's really room for everyone in security discussions; that's the nice nature of human conversation. However, the cool part about open sourced products is how pretty much everyone can look at the code, and maybe sugest a fix, or at least rip stuff out if they don't like what's going on. Not so with Microsoft products, were we have to hope daddy gets home from India or whereever you're trying to dominate next to throw a few patches our way. > > IMHO, the attacks have worked and should be put aside until it is > > obvious they are needed again. The company shutdown production for 2 > > months and forced every developer to review every line of code. That > > is a pretty serious commitment for a profit driven corporation. The > > versions of the software most directly affected have not even been > > released in production yet. It's only a serious commitment when it actually works. As of now, it's not worked. Excellent, fine, it's all in the pipeline and if we just wait patiently, the new secure stuff will be there, we promise, sorry about the attacks and the flaws before then. We've already seen some excellent approaches by Microsoft in the past year, i.e. "Don't trust anything signed by Microsoft" and "Well, anything before XP is completely insecure and so don't use it." I'm sure we can look forward to further cutting edge solutions like "Well, if you'd only signed up for our subscription service you would actually get patches for Outlook instead of thinking you bought a product and it should work, you silly gits." > > How would you motivate a large number of home-users to patch > > affected systems? RedHat et al currently still have the mixed > > blessing of not having a large install base of unmanaged home PCs. > > RedHat will face the exact same problem if/when it gains marketshare > > in that area. then what? do they remotely as redhat root account > > force people to patch? do they coax, cajole and try to sell patching > > to end users? Redhat will not entirely face the same problem, because everything Red Hat does could be augmented by third parties, i.e. someone can, under the Open Source system, produce a nice little business offering an automatic download service or what have you. Solutions, solutions. With Microsoft, well, we all better rest easy and hope you get everything working, because it's not like we can check out what's going on over at SuSE Microsoft or Mandrake Microsoft and make our lives a little easier. > > Full Disclosure: I work for the evil empire, get over it. Part of the downfall of life have been people who work for companies but don't want to reap the pain of working for the company, just the pleasure. I've had glorious "discussions" with telemarketers and store clerks along this line, and would welcome one with you. Keep astroturfing, suit. > > FYI, I mean nothing special about redhat specifically, they are just > > the most popular MS alternative in the US I'd suggest not using "MS Alternative" like there is one right now. If Linux was as scary as you've started making it out to be, you'd be suing everybody and everything. In fact, I think that's how 2003 is going to go. Full Disclosure: I use XP, as a front end to 6 networked FreeBSD boxes via samba, and they don't give that rabid dog write access. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 11:38:00 PST