Re: CRIME Perspective on Criticisms leveled at Microsoft

From: Toby (toby@private)
Date: Thu Apr 11 2002 - 16:53:32 PDT

Next message: Wil Cooley: "Re: CRIME RE: Report: Al Qaeda e-mail warns of attack"

Previous message: Andy Schroder: "CRIME"
In reply to: Crispin Cowan: "Re: CRIME Perspective on Criticisms leveled at Microsoft"
Next in thread: Steve Beattie: "Re: CRIME Perspective on Criticisms leveled at Microsoft"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm going to point out something that Crispin has been too polite
(appropriately so) to state- When I load Immunix, it is to a very
reasonable degree, secure. And I can very easily complete the process.
The one thing they could make easier is the creation of subdomain 
configurations.
There is a reason why I recommend it to my customers as an excellent
distribution and why Counterpane among others is using it as the basis
for their log collection appliances- It is an excellent platform for
those who are too busy or lazy to keep up with all the constant patching
that is generally needed. You are protected against the majority of
buffer overflows and if a daemon is cracked, if you've got subdomain
running it won't do them much good.

Security can be done well. The .NET version of IIS starts down the right
approach of not installing anything but the most basic functions as
default.

Toby

Crispin Cowan writes:

> That's all true, but beside the point. Barry Shulak asked whether 
> Microsoft products were as bad as the jeers at the CRIME meeting 
> suggested, and why. I have argued that they are every bit as bad, and worse.
> 
> It is true that security is complex, and that most organizations cannot 
> afford the operational costs of high security. What is hidden is that 
> most organizations are paying through the nose for either the added 
> expense of trying to secure Microsoft's broken systems, or for the added 
> expense of just being vulnerable. There are alternatives if one takes 
> off the "Microsoft only" blinders. You can buy and use many 
> non-Microsoft products (based on Linux and *BSD) that are a vast 
> improvement over Microsoft for price, performance, security, and 
> occasionally even ease of use, and definitely ease of use *securely*.
> 
> >The simple fact is, the markets are deciding what is important. And that
> >has some security people upset. But in my experience, the free-market is
> >much better at deciding the fate of than centrally controlled
> >organizations. 
> >
> Where did anyone suggest a centralized authority replace the free 
> market? This is all just information to help our tiny little segment of 
> the market make a better informed decision :)
> 
> Crispin
> 
> -- 
> Crispin Cowan, Ph.D.
> Chief Scientist, WireX Communications, Inc. http://wirex.com
> Security Hardened Linux Distribution:       http://immunix.org
> Available for purchase: http://wirex.com/Products/Immunix/purchase.html
> 
>

Next message: Wil Cooley: "Re: CRIME RE: Report: Al Qaeda e-mail warns of attack"
Previous message: Andy Schroder: "CRIME"
In reply to: Crispin Cowan: "Re: CRIME Perspective on Criticisms leveled at Microsoft"
Next in thread: Steve Beattie: "Re: CRIME Perspective on Criticisms leveled at Microsoft"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:40:16 PDT