Full Disclosure mailing list archives
Re: Microsoft Cries Wolf ( again )
From: Ron DuFresne <dufresne () winternet com>
Date: Sun, 13 Jul 2003 00:30:59 -0500 (CDT)
On Fri, 4 Jul 2003, Peter Busser wrote:
Hi!My impression is that until the vendors stepup up to the plate with a better commitment to responsible reselase of products, they will find that the research community continues to eye them with focused suspicion and outrght cynical spite.Well, why should vendors do that? In fact, if you look at Microsoft's profit, I would say it is rewarded for not doing this. Vendors simply supply the kind of products people want. Aparently people love insecure programs. So that is what they get. The only way to change that is either vote with your dollars and euros or to take the vendor to court and demand compensation for the damanges caused by badly designed or buggy software. Neither really happens, so what incentive is there for companies to change?
But, then just the week following my posting, Dell comes out stating they are stepping up to the call and committing to locking down the major OS shipped on their boxes: <quote> Subject: SANS NewsBites Vol. 5 Num. 27 Dell's announcement this morning that it has begun delivering a new hardened configuration of Windows 2000 is a defining moment in the ongoing quest to make security less expensive and more effective. Dell has proven that vendors can take the initial security configuration load off of users and that there are standards that vendors can use (from the Center for Internet Security -www.cisecurity.org) if they want to deliver safer systems. Users no longer have to settle for wide-open, unsafe configurations. It may soon be perceived as unwise to order a system configured unsafely when vendors are delivering safe configurations. If you want to buy systems from other vendors, it is now acceptable to require in your specifications that they deliver those systems configured safely. You'll find the Dell announcement at end of this issue. Alan ... --The Dell Announcement DELL OFFERS MORE SECURE DESKTOP AND NOTEBOOK COMPUTERS ROUND ROCK, Texas, July 9, 2003-Dell is helping customers better protect their information assets from unauthorized access, control or damage by giving them the option of a more secure or "hardened" configuration. The new security service, in which Dell activates more than 50 security settings on Microsoft Windows 2000, helps customers better secure their systems without adding time nor complexity to their system installations. This service, available on desktops and notebooks, helps public and private organizations meet a security benchmark established by the Center for Internet Security (CIS), whose mission is to help organizations around the world effectively manage risks related to information security. CIS is made up of leading companies, universities, auditing organizations and government agencies. "Dell is taking a leadership position in providing secure systems to its customers," said Clint Kreitner, president of CIS. "We hope other vendors will follow Dell's lead." Dell intends to develop a similar offering for Windows XP after the benchmark is released by CIS later this year. "Protecting data from dangers such as hackers and computer viruses is a challenge for today's organizations," said Tom Buchsbaum, sales vice president of Dell's federal sector. "Dell is committed to providing our customers with technology products that provide a high level of security, and our work with CIS builds on that commitment." For more information on Dell's security-enabled hardware and security services, visit www.dell.com/security. </quote> Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Microsoft Cries Wolf ( again ), (continued)
- Re: Microsoft Cries Wolf ( again ) Karl DeBisschop (Jul 01)
- Re: Microsoft Cries Wolf ( again ) Geoincidents (Jul 02)
- Re: Microsoft Cries Wolf ( again ) Justin Shin (Jul 02)
- Vote with your dollars (Was: Re: Microsoft Cries Wolf ( again )) Peter Busser (Jul 02)
- Re: Microsoft Cries Wolf ( again ) andrewg (Jul 02)
- Re: Microsoft Cries Wolf ( again ) Karl DeBisschop (Jul 01)
- Re: Microsoft Cries Wolf ( again ) Karl DeBisschop (Jul 01)
- Re: Microsoft Cries Wolf ( again ) Ron DuFresne (Jul 03)
- Re: Microsoft Cries Wolf ( again ) Peter Busser (Jul 04)
- Re: Microsoft Cries Wolf ( again ) morning_wood (Jul 04)
- Re: Microsoft Cries Wolf ( again ) Nick FitzGerald (Jul 04)
- Re: Microsoft Cries Wolf ( again ) Ron DuFresne (Jul 12)
- RE: Microsoft Cries Wolf ( again ) Scott (Jul 13)
- RE: Microsoft Cries Wolf ( again ) Ron DuFresne (Jul 13)
- RE: Microsoft Cries Wolf ( again ) Scott (Jul 13)
- Re: Microsoft Cries Wolf ( again ) Roy S. Rapoport (Jul 14)
- Re: Microsoft Cries Wolf ( again ) Mark Lowes (Jul 14)