Re: Top10 Blowing Chunks :>

[Wolfgang Kandek <wkandek () qualys com>]

Dan, I agree. If you have the technical skill you can select and maintain
any platform that is a less likely target of mainstream attackers, as long
as in still attends to your business needs. On the Microsoft side that
would be Windows 2000 I believe, maybe in 2 years Windows XP.

On the other hand, if you have that technical capability you could evaluate
running on another OS altogether, be it Mac OS X, Chromebooks or Linux.
Actually I do not understand why large organizations (governments) do not
have their own version of an operating system. How many people can it take
to audit and maintain a version of Linux, for example? The only effort I
know of along these lines is/was in Brazil.

For normal IT organizations I think is technically and commercially easier
to support the business and increase security by being on the latest
versions of OS and applications. Then use any remaining technical resources
to introduce variations (EMET, additional sandboxing) and invest into early
detection.


-
Wolfgang


On Wed, Sep 18, 2013 at 6:23 AM, <dan () geer org> wrote:

> Wolfgang, Once upon a time it was shown that the most attacked
> versions of software tended to be one revision off of current,
> leading to the strategy that you should keep up or stay well behind
> (like a herd animal either staying in the center of the herd or
> hiding in the bush but *never* being in the trailing edge of the
> herd as that's where the predators were).  Coupled with the observed
> propensity of so many software houses to have upgrades that add
> all-but-gratuitous features, it seemed almost preferable to take
> the hide-in-the-bush strategy if you had any technical skill at
> all.
>
> Expand on this in whatever direction you can, if you like.
>
> --dan
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave