Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [inbox] Knocking Microsoft

From: "Curt Purdy" <purdy () tecman com>
Date: Fri, 27 Feb 2004 17:55:54 -0600
James Saveker wrote:

<snip>

Microsoft has in there defence started the trustworthy 
computing scheme,
which many would not hesitate to laugh at.  However windows 
server 2003 does
not by default load unnecessary services.  


So MS is doing what UNIX did from the start 20 years ago.  As for
"trustworthy computing", their first product, 2K3 server is just as
vulnerable to the two worst vulnerabilies in history, the RPC Dcom and ASN.1
vulns.

<snip>

The code they produce is far more stringently tested in 
regard to security
than perhaps it was before.


Their registry based spagheti code still contains core code from the early
NT days. Even if the new code they write now is more secure, it's like
building a brick wall on quicksand.  The only solution is a complete
re-write from ground up and I don't believe even MS has the resources for
that now.  That is the reason I don't allow any XP on my networks and am
slowly replacing as many of my W2K desktops with SuSe Linux as I can.  My
servers are already majority UNIX and Netware.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

<<attachment: winmail.dat>>

Previous By Date Next
Previous By Thread Next

Current thread: