Full Disclosure mailing list archives
Re: CyberInsecurity: The cost of Monopoly
From: "Gregory A. Gilliss" <ggilliss () netpublishing com>
Date: Fri, 26 Sep 2003 23:09:14 -0700
I suspect we are starting a game of telephone ... It appears to me (and I'm going to be nice and *not* include the entire thread in the message ;-) that this started out with the citation of the CCIA paper regarding Dan Geer getting shown the door. The response (which was posted by Jon on behalf of Fabio) ends with the statement "These guys have done a GREAT WORK!" which appears to refer to the paper (Geer et al). Unfortunately that post was preceded by some rant and ramble that did not clearly support the final thought (namely "huzzah for Geer et al"). Taken individually, Fabio's points include: - Removing Microsoft's monopoly somehow also will remove AV companies - Microsoft doesn't give a rat's a** about security - Vulnerabilities can only be fixed before they become a business - Open source software has not been targeted by viruses - Open source rulez - Geer et al wrote a great report FWIW, my replies to the assertions (as I have enumerated them above): - false assertion - true assertion - ? - true (exploits, OTOH...) - agree - strongly agree With apologies to Fabio, I suspect that this may be an example of a non-native English speaker's post being misinterpreted. I truly doubt that the intent was to incite a discussion of Microsoft and/or virus writing. That was actually (and if Fabio reads this and disagrees I hope that he will correct me) just fodder for the final show of support for the report by Geer et al. For the record, I am withholding comment on Geer's separation and @Stake's position until and unless more facts come to light. I suspect several of the @Stake guys can read this and that they are free to participate in the discussion (...or maybe not). I stand by my prior post - the report stands on its own merits. G On or about 2003.09.26 23:07:14 +0000, Rick Kingslan (rkingsla () cox net) said:
Wow. Is this just troll bait (and I succumbed) or have you been watching too many re-runs of the "X-Files"? I'll not argue that the Windows operating systems are the target of the majority of virus', but that's typically what happens when a system is used by a known large group of people that might not be qualified to run a computer, much less secure it. And, regardless of what MS does - I doubt that they can force Mom and Dad to not screw up the security settings (though, the default out of the box sucks anyway). Do you think that virus writers will stop IF Windows ceases to be a target? Or, what seems to be your argument - if the Anti-Virus companies are eliminated, the virus writers are going to just go away, too? "Well, they're not trying to stop us anymore - I guess we should quit trying to wreak havoc and go back to being productive citizens again. Virus writing isn't fun anymore." Yeah - that's going to happen. As a response to open source, bravo. My hat is off to what has been accomplished. But, I'd like to see the same level of success as a secure platform (which, in the hands of someone with no clue how to run it - Linux is insecure, regardless of the out of the box config) when it commands a majority of the desktops. And, I don't care what the platform or OS - nothing is completely secure. Humans write code, humans make mistakes, ergo code has mistakes. Same goes for configuration settings. The 'bad guys' and 'bored kids' are going to target the largest base - and there will always be holes to compromise and exploit. Viruses have never been a threat to Open Source because the target is not yet juicy enough. And, just because I'm really curious, can you provide documentation and detail on the cited 'Microsoft Virus Support(TM)'? I've not heard of this - well, except through your posts. But, I'm open to be educated.
-- Gregory A. Gilliss, CISSP Telephone: 1 650 872 2420 Computer Engineering E-mail: greg () gilliss com Computer Security ICQ: 123710561 Software Development WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: CyberInsecurity: The cost of Monopoly, (continued)
- Re: CyberInsecurity: The cost of Monopoly Paul Schmehl (Sep 26)
- RE: CyberInsecurity: The cost of Monopoly Rick Kingslan (Sep 26)
- RE: CyberInsecurity: The cost of Monopoly Bruce Ediger (Sep 26)
- Re: CyberInsecurity: The cost of Monopoly Matthew Murphy (Sep 27)
- Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 27)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Curt Purdy (Sep 28)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Kristian Hermansen (Sep 28)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Gregory A. Gilliss (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Valdis . Kletnieks (Sep 30)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 29)
- Re: CyberInsecurity: The cost of Monopoly Gregory A. Gilliss (Sep 26)
- RE: CyberInsecurity: The cost of Monopoly Rick Kingslan (Sep 27)
- Re: CyberInsecurity: The cost of Monopoly Fabio Gomes de Souza (Sep 28)
- RE: CyberInsecurity: The cost of Monopoly Rick Kingslan (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Curt Purdy (Sep 27)
- Re: CyberInsecurity: The cost of Monopoly Florian Weimer (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Karl DeBisschop (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Paul Schmehl (Sep 28)