[NTLUG:Discuss] Re: US-CERT Cyber Security Bulletin SB04-245 -- Summary of SecurityItems from August 18 through August 31, 2004

Bryan J. Smith b.j.smith at ieee.org
Thu Sep 2 21:09:41 CDT 2004 

On Thu, 2004-09-02 at 21:45, Kevin Brannen wrote:
> However, :-) you can take almost any list like this and make either side 
> look good depending on how you slice, dice, and prioritize it.  My 
> preferred metric is how much time I have to spend to keep it secure and 
> to recover from security problems (cracks, viruses, adware, patches, 
> etc.).  Looking at it that way, I've spent way more time working on/with 
> MS OSs then with Linux (and Unix), and I'm a Linux/Unix admin and developer.

As long as you have to run a massive number of _standard_, _everyday_
applications as "Power User" or "Administrator" in Windows, then it will
_never_ be a fair comparison.

In the UNIX/Linux world, we track "priviledge escalation" as a security
hole.  Those statistics show up regularly in these studies.  I don't
know how many times when a "root exploit" comes around that the Windows
pundits among me go, "see, you can take control of a Linux system" not
realizing you must _already_ have an account on that system.

In the Windows world, it is considered a standard allowance for
application compatibility.  As such, they cannot be tracked because most
applications, many of Microsoft's own, require "priviledge escalation"
just to run!  And don't even get me started on the NT 5.1 (XP/2003)
kernel.

Let alone what is _going_ to happen with NT 6 (Longhorn), NT 7
(Blackcomb) and NT 7.1 -- history repeats itself.  .NET is quite useless
if Microsoft itself doesn't use it.**

-- Bryan J. Smith
   Original NT 3.1 Beta Tester
   First Time on Microsoft, But Not Second Time on Me

<tangent>
**P.S.  Anyone remember "Cairo"?  Doesn't "Longhorn" remind you of it
all over again?  My last 2 PC_Support posts on this (been commenting on
it for the last 18 months -- _everything_ has been _as_predicted_):  
http://lists.leap-cf.org/pipermail/pc_support/2004-August/005267.html  
http://lists.leap-cf.org/pipermail/pc_support/2004-September/005279.html
</tangent>


-- 
Compatibility and update matrix of Red Hat(R) distributions:  
http://www.vaporwarelabs.com/files/temp/RH-Distribution-FAQ-3.html 
http://www.vaporwarelabs.com/files/temp/RH-Distribution-FAQ-4.html 
------------------------------------------------------------------ 
Bryan J. Smith                                  b.j.smith at ieee.org

More information about the Discuss mailing list