[NTLUG:Discuss] Re: US-CERT Cyber Security Bulletin SB04-245 -- Summary of SecurityItems
Kyle Davenport
Kyle_Davenport at compusa.com
Thu Sep 2 10:15:34 CDT 2004
*** Authentication Certificate ***
What a silly comparison - like the fruitiness of apples vs oranges.
A quick glance shows only 2 of 23 "windows" holes have no known exploit,
while 24 of 51 "unix" holes have no known exploit, which leads to
suspicions about the quality of the security analysis on the 2 platforms.
Worse, almost every windows' bug turns into a remote root exploit while
none of the unix bugs do (why doesn't that figure into their risk rating?!)
Nor would I include proprietary software in the "unix" list (more than half
there), since that distorts the FLOSS argument about security.
I know CERT plays Microsoft's game of not announcing exploits before MS has
had a chance to fix them (under threat of suit), too. Funny how many more
windows exploits are available from non-mainstream sources than are listed
there too.
Kyle
More information about the Discuss
mailing list