Full Disclosure mailing list archives
RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause
From: "David F. Skoll" <dfs () roaringpenguin com>
Date: Sun, 18 Jan 2004 22:35:08 -0500 (EST)
On Sun, 18 Jan 2004, Wes Noonan wrote:
rp-pppoe is an old, stable product that hasn't changed in 2+ years and is shipped by all major Linux distributions. People wanting support can obtain it from their Linux distro vendor. (Unlike Microsoft: When Microsoft end-of-lifes a product, you're out of luck.)
I always get a kick out of this. MS (and everyone else) EOL's stuff because better and in many cases more secure solutions are out there. Rather than moving to them though, people complain first about how wrong it is to expect them to move then second about how insecure the product is (though the order sometimes changes).
rp-pppoe is EOL'd as far as support from me goes. It's not EOL'd for people to use. It implements a dead-simple protocol using dead-simple code; there's not really anything more that can (or should) be done with it.
Yeah, I know. Funny who the sponsor of those studies is, really...
Sure, no real difference from the ones pushing Linux as lower cost though now, is it?
I suppose.
I can assure you that "Joe the admin" won't hack the Linux kernel. :-) I've met lots of sysadmins, and they have enough to do without modifying Linux.
And yet to effectively harden Linux in many cases that is exactly what Joe the admin has to do (modify Linux).
Uh, no. Where do you get that from? If you think editing configuration files and changing settings is "modifying Linux", then I can equally claim you have to "modify Windows" to harden it.
The point is badly-taken, because administrators don't modify the source to production systems (any more than a Windows admin would patch the Windows kernel with binary patches of his own.)
Really? I know plenty of Linux admins that do that (recompile) to customize the product. In fact, many of them point to this as a reason for choosing Linux over Windows.
Recompiling is not modifying.
Let's suppose that Microsoft didn't make Windows any more secure. Would you recommend to your clients to look at alternative systems? Would you think seriously about switching yourself? If yes: Congratulations! If no: you're like most of the other respondents on this list, and (sadly) like most people I encounter.
Once again, you are looking at it solely from the security perspective. While that is fine and dandy, there are other perspectives that factor into the decision. That is probably why most of the other respondents on this list and most people you encounter think that way. That is why everyone I have run across does.
So you're proving my point. ;-) What possible incentive could Microsoft have to improve its security, if you (and others) answer my question the way you do? (I'd actually appreciate a "Yes" or "No" answer rather than a paragraph.)
Furthermore, the free software we give away is a terrific marketing tool for our commercial software. Our software is installed on the e-mail gateways of huge multinationals; there's no way we could have penetrated those markets with traditional commercial software. However, once our free software is in, people start taking our commercial software (which is based on the free software) a lot more seriously.
Oddly, this sounds an awful lot like Microsoft's Internet Explorer policy and Office policy before that. Of course, that couldn't be because Microsoft is an evil monopoly ;-)
Except we give out source code and permission to modify it and have it audited for security (even for our commercial software.) We also don't have the means to bundle software on PC's to kickstart our market share. We can only do that through high quality software.
The methods they used to take it are what raise such passion and ire in some quarters. For example, do you think that Microsoft used legitimate business tactics to take the browser market from Netscape?
Yes, I happen to think they did. I'm sure at this point you will tell me how wrong I am though.
Of course I think you're wrong. They essentially dumped IE on the market in order to kill Netscape. But that's OK. Linux is doing to MS what MS did to Netscape, except through ethical means rather than dumping.
Really? I would wager that profit should be the first priority, but that's just me... and most of the business community. The goal isn't to be secure. The goal is to make money. Everything else is a secondary effect. Slowly, technology professionals are starting to learn that business acumen though.
I'll rephrase it: Today, insecurity is one of the most important threats to a business's profit. Regards, David. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause, (continued)
- Re: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Wes Noonan (Jan 18)
- Re: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Jeremiah Cornelius (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Wes Noonan (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Wes Noonan (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Wes Noonan (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Wes Noonan (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Wes Noonan (Jan 18)
- Re: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Jim Race (Jan 18)
- Re: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Bill Royds (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Mike Marshall (Jan 18)
- Re: Symantec AntiVirus and AOL Joshua Levitsky (Jan 18)
- Re: Re: January 15 is Personal Firewall Day, help the cause Martin Mačok (Jan 19)
- Re: Re: January 15 is Personal Firewall Day, help the cause Valdis . Kletnieks (Jan 19)
- Re: Re: January 15 is Personal Firewall Day, help the cause Michal Zalewski (Jan 19)
- Re: Re: January 15 is Personal Firewall Day, help the cause Valdis . Kletnieks (Jan 19)