RE: You'll never get fired for recommending IBM - sorry - Microsoft

[MHawkins () TULLIB COM]

Sir,

an unpatched MS machine with a firewall that had been purposely configured
to open 135 for legitimate reasons would have been infected by MSblast.

Therefore, your firewall is NOT "under the hood". Since Microsoft keeps huge
sections of their code to themselves, no firewall or any other product is
able to protect against all these vulnerabilities unless you shut down every
port. Yes, such products exist that shut down all ports but you are
effectively removing the fuel injection from the car along with the powered
windows and the air conditioning all because you know thiefs can break into
cars when those features are in use. So, in the same way, a computer with
all its ports shut down is a useless computer. A computer with some ports
shut is a hobbled computer.

If it were not for firewalls Microsoft would be out of business! (And quite
a few others too!)

Now, that's OK that Microsoft doesn't release their code. I have no problem
with that. But when that fact is combined with the enormous head count of
Microsoft OS running computers, now the concept of monoculture has some
worth.

It really has nothing to do with Microsoft. It has more to do with the
circumstances we now face in this particular situation.

i) explosive high speed Internet access growth
ii) little to no foreseeable regulation of Internet use
iii) extraordinarily large homogenous OS use
iv) huge amount of unpublished code in that single OS
v) increasingly sophisticated worm and virus authors
vi) worm and virus authors increasingly incented by monetary rewards

All these factors and more make OS diversification a serious consideration
in the security stance of any organization or individual.

Mike H





-----Original Message-----
From: Breno Jacinto [mailto:breno () gamebox net]
Sent: Tuesday, December 16, 2003 11:35 AM
To: Hawkins, Michael
Cc: firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] You'll never get fired for recommending IBM -
sorry - Microsoft


* MHawkins () TULLIB COM (MHawkins () TULLIB COM) wrote:
> Hi Marcus,
>
> Regarding monoculture, let me use a common analogy. My car is no more or
> less secure than any other car because it's a car among several
> manufacturers, with hundreds of car alarm manufacturers and products,
> services. Imagine a world for car thiefs where 99% of the cars are made by
> one manufacturer and car alarm manfacturers are only allowed to stick
their
> alarms in the passenger compartment. No security device is allowed under
the
> hood. There'd be more stolen cars per day than the public would be willing
> to accept. Things would change. The monopoly would be broken up.

   I used to think like this. But notice the sentence: 'No security device
is allowed under the
hood.'. If we go to computers, this is false. You can run the firewall
of your choice, as well as AV, and implement the security policy you want.
And thats the point where monoculture doesnt matter.

   Yes, M$ is lousy when it comes to security. They spent more money on
   cosmetics than on security. But imagine that Apple had the monopoly,
   and MacOS X was run by 99% of the world, wouldn't it be the same
   thing? If people dont care about security, ANY system will be
   insecure, even the paranoid OpenBSD. 

   The point for Blaster being such a success wasnt for Windows
   Monoculture. It was because people werent running any firewall to
   simply block 135 or worse, wasnt even *AWARE* port 135 was open in
   his computer. This is what has to be changed! Security is not tied to
   an specific OS, its tied to a decent policy and user education and
   proper use of security technologies. 

 
> Should we accept the same in the computer industry?
>
> Can anyone think of a monopoly of a manufacturer good like Microsoft has
> today?

  No this is no good. But it is exageration to say that because of this
  the Internet is insecure. It's bad 'coz M$ manipulates people, forcing
  an endless (free software is changing it) dependency game. But this is
  too off-topic :).

> Mike H

cheers,

// Breno Jacinto
// breno () freeunix com br
// Key fingerprint = A5C3 3B22 140D C973 6AC6  2D62 2318 B8FA 15F9 D3FC
// Never be afraid to try something new. Remember, amateurs built the
// ark; professionals built the Titanic. -- Anonymous
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards