Full Disclosure mailing list archives

RE: Microsoft wins Homeland Security Bid ( Reuters)

From: Ron DuFresne <dufresne () winternet com>
Date: Wed, 16 Jul 2003 15:20:01 -0500 (CDT)


        [SNIP]


I am by no means arguing that Microsoft systems are secure, but I would
like to point out that Windows 2000 and XP offer a myriad of security
enhancements that, given a COMPETENT installation by a KNOWLEDGEABLE system
administrator following DOCUMENTED practices for device hardening,
Microsoft products can actually provide a great deal of security (so long
as you can implement an effective patch management solution on top of your
host hardening procedures).  This progressive migration toward a more
secure operating platform is further evidenced by the "secure by design,
secure by default" shift in security philosophies centered around the
release of Windows 2003 Server.


And yet, we are seeing a reitteration of past problems again, cropping up
(e.g. the new RPC/DCOM problems and just recently the JET Database Engine
buffer overflows).  The commitment by M$ seems to remain more in the
"quick fix" focus then a "do it right" perspective.  And, as related
threads outline, the history here is not limited to just coding issues and
how they crop up in the areas over and over, but, in how they treat the
messenger when confronted with the findings of others about their
products.  And even this ignores their legal woes with the feds and
various states.  Sure, M$ can be seen as having taken a baby step or two
in order to limit their past attitude of tossing in a kitchen sink with
every new product, without regard to how it preforms in more then the
isolated/unconnected home environment, now, let's see then actually learn
to walk the walk as they talk the talk.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Microsoft wins Homeland Security Bid ( Reuters) Brad Bemis (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) northern snowfall (Jul 16)
- Re: Microsoft wins Homeland Security Bid ( Reuters) Valdis . Kletnieks (Jul 16)
- RE: Microsoft wins Homeland Security Bid ( Reuters) Jason Coombs (Jul 16)
  - Re: Microsoft wins Homeland Security Bid ( Reuters) yossarian (Jul 16)
    - Re: Microsoft wins Homeland Security Bid ( Reuters) northern snowfall (Jul 16)
    - Re: Microsoft wins Homeland Security Bid ( Reuters) Blue Boar (Jul 16)
    - Re: Microsoft wins Homeland Security Bid ( Reuters) northern snowfall (Jul 16)
    - Re: Microsoft wins Homeland Security Bid ( Reuters) Ross Dmochowski (Jul 16)
- RE: Microsoft wins Homeland Security Bid ( Reuters) Ron DuFresne (Jul 16)
- <Possible follow-ups>
- RE: Microsoft wins Homeland Security Bid ( Reuters) Jonathan Grotegut (Jul 16)
- RE: Microsoft wins Homeland Security Bid ( Reuters) Brad Bemis (Jul 16)
  - Re: Microsoft wins Homeland Security Bid ( Reuters) northern snowfall (Jul 16)
- RE: Microsoft wins Homeland Security Bid ( Reuters) Brad Bemis (Jul 16)
- RE: Microsoft wins Homeland Security Bid ( Reuters) Brad Bemis (Jul 16)
  - Re: Microsoft wins Homeland Security Bid ( Reuters) northern snowfall (Jul 16)
- RE: Microsoft wins Homeland Security Bid ( Reuters) Schmehl, Paul L (Jul 16)
- RE: Microsoft wins Homeland Security Bid ( Reuters) Brad Bemis (Jul 16)
  - Re: Microsoft wins Homeland Security Bid ( Reuters) northern snowfall (Jul 16)
    - RE: Microsoft wins Homeland Security Bid ( Reuters) Jason Coombs (Jul 16)

(Thread continues...)