Re: @Stake CTO fired for Microsoft comments

[Devdas Bhagat <devdas () dvb homelinux org>]

On 26/09/03 19:12 -0400, Claussen, Ken wrote:
<snip>
> found a way to keep Open Source software from working on the Windows
> Operating system? And the cracks on Windows security have little to do
MS VC++ EULA prohibits the developer from compiling GPLed applications
with that compiler.

> with the Operating system itself (there have been numerous Root level
> compromises of other operating system) and more to do with the skill of
> the administrator. How many Windows Servers have you worked with in a
Let me put it this way: Windows ships wide open to attack still. It
takes a considerable amount of knowhow to lock down a Windows system
properly. And Microsoft documentation which ships with the OS doesn't
address these issues at all.

IMHO, Unix and Unixlike systems are easier to secure for an
administrator.

> security context? I can say none of my servers (personal or work) have
> ever been compromised, and I have worked with hundreds. Let's tone down
> the rhetoric and get back to discussing security. I have seen people
Good point.

> fired for much less than outright bashing of the operating system your
> company is contracted to audit. I prefer the Pix for firewalling due to
> the OS being integrated into the security code. A general purpose OS is
So long as you don't turn the SMTP proxy on, its perfectly fine.

> always more likely to develop security vulnerabilities than a purpose
> built operating system. Instead of writing a report (which I have not
> read) criticizing Windows, would it not have been more productive to
/me goes to read the report before this generates into a /. like thread.

> write a report describing methods which can be used to properly secure
> the OS in a language the average home computer user could understand?
But this is dodging the question that that paper was not aimed at the
home user.

> Let's face it most of the backlash from these worms is caused by home
> users who are not the technology zealots that frequent lists such as
Driving a vehicle is a much simpler activity and needs the user to
demonstrate knowledge of that activity. Is it asking too much of users
to maintain some basic knowledge of their computer systems, like running
a updated virus definitions? I might even agree that configuring a
firewall might not be doable, but running an updated AV is a must. Its
not as if this fact is unknown, but users are too lazy to do that.

Security is a process that most people would rather not work on.

Security is as much a social problem as a technical one. The paper works
on the technical side, which we *can* fix. How to fix the social side is
an issue that is yet unsolved.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards