Full Disclosure mailing list archives
RE: [inbox] Re: CyberInsecurity: The cost ofMonopoly
From: Steve Wray <steve.wray () paradise net nz>
Date: Tue, 30 Sep 2003 21:07:35 +1200
From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Frank Knobbe On Mon, 2003-09-29 at 17:24, Rodrigo Barbosa wrote:
[snip]
In both cases, Windows and Unix, the role of the admin is important. But take the admin out of picture for the moment and just compare Unix to Windows from an architectural point of view. Let's even overlook those default setups (like IIS wide open, or a dozen daemons that don't need to be running). Just from an architectural point of view, I claim Windows is more vulnerable just due to the immense complexity.
One other thing that makes the windows architecture more vulnerable to admin slackness is the lack of ability to do effective, bulk, en masse administration of systems running a windowing operating system. Its like bondage computing; you are chained to the console (or something that may as well be the console); you have to wave your hands at each machine in turn and click the mouse here and there, that sort of thing. Like training a dog... Sure, there are unix admins out there who feel that they have to log into each machine in turn and manually type out the commands one by one and they may get lazy and just give up, or get distracted and forget one or two, or make typos, but, and its a big butt too; In Unix-style OS's this is not encouraged by the architecture. In Windowing operating systems its virtually a requirement unless you are a true guru. Unix style OS's typically have configuration of important security related features, like eg firewalling, in text files. Unix style OS's also provide a plethora of tools for manipulating text files in scripts. I wish I knew how to use cygwin's sed, grep et al to manipulate the windows registry... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Schmehl, Paul L (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Frank Knobbe (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Paul Schmehl (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 30)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Curt Purdy (Sep 30)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Frank Knobbe (Sep 29)
- Re: [inbox] Re: CyberInsecurity: The cost of Monopoly Rodrigo Barbosa (Sep 29)
- RE: [inbox] Re: CyberInsecurity: The cost ofMonopoly Steve Wray (Sep 30)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Paul Schmehl (Sep 29)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Ron DuFresne (Sep 30)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Dan Stromberg (Sep 30)
- <Possible follow-ups>
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Schmehl, Paul L (Sep 30)