Full Disclosure mailing list archives
Re: Who's to blame for malicious code?
From: Ron DuFresne <dufresne () winternet com>
Date: Wed, 21 Jan 2004 09:30:13 -0600 (CST)
[SNIP]
Would you blame OpenBSD if a user got hacked because he hadn't bothered to patch? I'm not arguing that Microsoft has done the right thing or even that their OS is secure. (It isn't, and I refuse to use it as a server unless forced to. I prefer to use FreeBSD whenever possible.) I'm arguing that you can't blame Microsoft for malicious code that takes advantage of weaknesses for which they have already issued patches, sometimes 12 months in advance of an outbreak. *That* is a problem directly attributable to users. What you're trying to argue is that, if OS vendors would simply do the right thing from the start, users would be protected despite their lack of patching, and I am saying that is preposterous. *No* OS is so secure that you can simply leave it on the Internet, never patch it, and still be secure.
Wasn't it you that made the argument during the msblaster episode that patching was a dead horse, that most env's of significatnly sized userbase were understaffed for the NUMEROUS patches that faced windows admins at the time and cuurrently? <perhaps I'm thinking it was you and in fact it was someone else> Either the arguement was false then and windows admins were and remain just plain lazy, or the argument was/is true and there's a problem within the core OS offered up from redmond... Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Who's to blame for malicious code? Schmehl, Paul L (Jan 20)
- Re: Who's to blame for malicious code? Tobias Weisserth (Jan 20)
- Re: Who's to blame for malicious code? Paul Schmehl (Jan 20)
- RE: Who's to blame for malicious code? Steve Wray (Jan 21)
- Re: Who's to blame for malicious code? Ron DuFresne (Jan 21)
- Re: Who's to blame for malicious code? Tobias Weisserth (Jan 21)
- Re: Who's to blame for malicious code? Paul Schmehl (Jan 20)
- <Possible follow-ups>
- Who's to blame for malicious code? Schmehl, Paul L (Jan 20)
- RE: Who's to blame for malicious code? Brent Colflesh (Jan 20)
- RE: Who's to blame for malicious code? Schmehl, Paul L (Jan 21)
- RE: Who's to blame for malicious code? Tobias Weisserth (Jan 21)
- Re: Who's to blame for malicious code? Vlad Galu (Jan 21)
- RE: Who's to blame for malicious code? Ron DuFresne (Jan 21)
- RE: Who's to blame for malicious code? Schmehl, Paul L (Jan 21)
- RE: Who's to blame for malicious code? Tobias Weisserth (Jan 21)
- Re: Who's to blame for malicious code? Tobias Weisserth (Jan 20)