RE: Bypassing Personal Firewalls

From: John Howie (JHowieat_private)
Date: Mon Feb 24 2003 - 12:11:05 PST

Next message: secureat_private: "[CLA-2003:570] Conectiva Linux Security Announcement - openssl"

Previous message: H D Moore: "[VulnWatch] Terminal Emulator Security Issues"
Maybe in reply to: xenophi1e: "Bypassing Personal Firewalls"
Next in thread: Darwin: "Re: Bypassing Personal Firewalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Torbjörn,

> ... There are just too
> many holes in Windows for it to be feasible to plug them all. The focus
> ought to be on preventing the code execution in the first place, not on
> trying to contain it.
> 

I think it unfair to paint Windows with such a broad brush, especially as most other OSes had just as many, if not more, security problems in the last year. The reality is that most vulnerabilities are in applications (and usually third-party ones, at that) that run on the OS, and not in the OS itself. Your point about preventing code execution is right on the mark. Most attacks can be prevented through user education and methodical, secure, application development.

Regards,

John

Next message: secureat_private: "[CLA-2003:570] Conectiva Linux Security Announcement - openssl"
Previous message: H D Moore: "[VulnWatch] Terminal Emulator Security Issues"
Maybe in reply to: xenophi1e: "Bypassing Personal Firewalls"
Next in thread: Darwin: "Re: Bypassing Personal Firewalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 24 2003 - 14:18:26 PST