Full Disclosure mailing list archives

Re: Support the Sasser-author fund started

From: "scosol () scosol org" <scosol () scosol org>
Date: Sun, 16 May 2004 12:19:21 -0700

Seth Alan Woolley wrote:

On Sat, May 15, 2004 at 08:31:25PM -0400, Shane C. Hage wrote:

Why should Microsoft have more blame?

In my opinion, I believe that software companies, especially Microsoft, have
taken all of the appropriate steps to provide security within their
products.



Keep your head in the sand, then.  The design from the very beginning
was put together without security in mind.  Their OS revolutionized the
anti-virus industry.  There are numerous alternative operating systems
and cases where worms and viruses have been created for them (cf. the
Morris worm, slapper, etc), and most of the bandwidth in the world sits
on non-Microsoft software, mind you.


Isn't that more of a very gray area?

Yes, MS operating systems weren't really designed with security in minduntil (IMO) NT4, and then- that security wasn't really pushed to theconsumer until Win2k- but- that was *5 years ago* that it was.Win2k and WinXP aren't that different from OSX or most popular Linuxdistros from the "number of network servers enabled" perspective-The MS operating systems are the main source of problems for really only2 reasons:

1) their popularity makes them the most valuable targets
2) people don't update

All of us on this list know that if all consumers ran auto-updateproperly and had it install stuff automatically, these worms wouldbecome very rare occurences. (while admittedly creating an interestingnew set of problems)I don't really see what more MS can be expected to do, short of shovingauto-update down everyone's throats whether they like it or not (whichwill bring the tinfoil-hat crowd out in force)It is very seldom that a worm is out before the fix for the exploitedvulnerability- it's just a matter of diligence.


Also- your argument of "most of the bandwidth in the world sits

on non-Microsoft software" is IMO invalid- these machines that you speakof are not operated by consumers- people are paid to keep them updatedand secure.


--
AIM: IMFDUP
http://www.scosol.org/
RIP Red-Boy - 1998-2004 - "jupiter accepts your offer"

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Support the Sasser-author fund started, (continued)
- - - Re: Support the Sasser-author fund started Tobias Weisserth (May 13)
    - Re: Support the Sasser-author fund started Konstantin Gavrilenko (May 14)
    - Re: Support the Sasser-author fund started Tobias Weisserth (May 14)
    - Re: Support the Sasser-author fund started Georgi Guninski (May 15)
    - Re: Support the Sasser-author fund started Shane C. Hage (May 15)
    - Re: Support the Sasser-author fund started Mike Roetto (May 15)
    - Re: Support the Sasser-author fund started James Bliss (May 15)
    - Re: Support the Sasser-author fund started Ron DuFresne (May 16)
    - Re: Support the Sasser-author fund started fd (May 16)
    - Re: Support the Sasser-author fund started Seth Alan Woolley (May 16)
    - Re: Support the Sasser-author fund started scosol () scosol org (May 16)
    - Re: Support the Sasser-author fund started Georgi Guninski (May 16)
    - Re: Support the Sasser-author fund started scosol () scosol org (May 17)
    - RE: Support the Sasser-author fund started Bill Royds (May 16)
    - Re: Support the Sasser-author fund started Shane C. Hage (May 17)
    - Re: Support the Sasser-author fund started James Riden (May 17)
    - Re: Support the Sasser-author fund started Stormwalker (May 17)
    - Re: Support the Sasser-author fund started Valdis . Kletnieks (May 17)
    - Re: Support the Sasser-author fund started Nick FitzGerald (May 17)
    - Re: Support the Sasser-author fund started Valdis . Kletnieks (May 17)
    - Re: Support the Sasser-author fund started Nick FitzGerald (May 18)

(Thread continues...)