Forwarded from: Brooks Isoldi <bjisoldiat_private> > Anyone subscribing to mailing lists like Bugtraq or the Secunia > Security Advisories knows that there are hundreds of new > vulnerabilities discovered every week in pretty much every > application and operating system around. I beg to differ. I think if you check how many remote-code execution exploits there have been for OpenBSD, you will be hard pressed to find more than a small handfull (one??). I also think that just because ALL software has had *SOME* bugs, doesn't mean we should be content with just any of them. So under your reasoning, a home security system which has systematically failed to protect the occupants of the home, systematically failed to alert the proper authorities in time and whose company has systematically failed to fix the problems, just letting their clients get robbed, raped and murdered for years because they don't *NEED* to fix the problems in order to keep making money; should continue to be used, even by customers who are in DESPERATE need of top-notch security, all because the companies security history is irrelevant because they are the biggest company and therefore the most targetted? Come on... When you buy a car...don't you take a look at the history of that line of cars? Have they been subject to faulty wiring, does it have a history of blowing up, etc. I will assume you are rational enough to not be razzled and dazzled by the glitz and glamour that car companies use to lure us in like sheep. Brooks -----Original Message----- From: owner-isnat_private [mailto:owner-isnat_private]On Behalf Of InfoSec News Sent: Friday, August 29, 2003 4:20 AM To: isnat_private Subject: RE: [ISN] Industry group wants DHS agency to review deal with Microsoft Forwarded from: Tony | AVIEN / EWS <tonyat_private> I agree with the point that it may be unwise to put ALL your eggs in one basket, but I disagree with the stance that Microsoft's security history should affect the decision. Anyone subscribing to mailing lists like Bugtraq or the Secunia Security Advisories knows that there are hundreds of new vulnerabilities discovered every week in pretty much every application and operating system around. The reason that Microsoft is targeted for worms and viruses in my opinion is not because their software is more vulnerable- it is because of their marketshare. The malicious coders of the world want to attack the most target-rich environment. If you are trying to infect as many computers as possible then aiming for the home user market, especially broadband users, provides a broader and easier target than writing a worm or virus that attacks Linux operating systems or Oracle databases. [...] Forwarded from: "Everist, Benjamin S. (NASWI)" <EveristBat_private> ISN Wrote: <snip> > ...I disagree with the stance that Microsoft's security history > should affect the decision. Any products security history should be considered when deciding to deploy that product, -especially- Microsoft's - as vulnerabilities in their product lines tend to have greater impact than others (precisely for the reasons you have stated). <snip> > The malicious coders of the world want to attack the most > target-rich environment. If you are trying to infect as many > computers as possible then aiming for the home user market, > especially broadband users, provides a broader and easier target > than writing a worm or virus that attacks Linux operating systems or > Oracle databases. I would think this was a strong argument to consider other than a MS platform, both for government and home users alike. > If the DHS were to go with alternate applications and platforms they > may very well still find themselves under the gun because of who > they are and what they represent. I believe you are correct that whatever platforms DHS deploys, they will come under fire, from security professionals, press, malicious attackers, etc. However from a security standpoint, an exclusive contract for MS platforms is a -bad- thing (and hence should be criticized). A homogenous network will only remove one layer of defense that could otherwise mitigate a plethora of risk. <snip> Thanks, Benjamin Everist - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Sep 02 2003 - 09:30:02 PDT