RE: CyberInsecurity: The cost of Monopoly

["Rick Kingslan" <rkingsla () cox net>]

Wow.  Is this just troll bait (and I succumbed) or have you been watching
too many re-runs of the "X-Files"?

I'll not argue that the Windows operating systems are the target of the
majority of virus', but that's typically what happens when a system is used
by a known large group of people that might not be qualified to run a
computer, much less secure it.

And, regardless of what MS does - I doubt that they can force Mom and Dad to
not screw up the security settings (though, the default out of the box sucks
anyway).

Do you think that virus writers will stop IF Windows ceases to be a target?
Or, what seems to be your argument - if the Anti-Virus companies are
eliminated, the virus writers are going to just go away, too?  "Well,
they're not trying to stop us anymore - I guess we should quit trying to
wreak havoc and go back to being productive citizens again.  Virus writing
isn't fun anymore."

Yeah - that's going to happen.

As a response to open source, bravo.  My hat is off to what has been
accomplished.  But, I'd like to see the same level of success as a secure
platform (which, in the hands of someone with no clue how to run it - Linux
is insecure, regardless of the out of the box config) when it commands a
majority of the desktops.  And, I don't care what the platform or OS -
nothing is completely secure.  Humans write code, humans make mistakes, ergo
code has mistakes.  Same goes for configuration settings.

The 'bad guys' and 'bored kids' are going to target the largest base - and
there will always be holes to compromise and exploit.  Viruses have never
been a threat to Open Source because the target is not yet juicy enough.

And, just because I'm really curious, can you provide documentation and
detail on the cited 'Microsoft Virus Support(TM)'?  I've not heard of this -
well, except through your posts.  But, I'm open to be educated.

-rtk

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Fabio Gomes de
Souza
Sent: Friday, September 26, 2003 8:07 PM
To: Jonathan A. Zdziarski
Cc: full-disclosure () lists netsys com; bugtraq () securityfocus com
Subject: Re: [Full-disclosure] CyberInsecurity: The cost of Monopoly

Destroying the monopoly also lets the World get rid of (Anti)Virus
companies, since they are protected by Microsoft Virus Support(TM).

Viruses are a threat which has been intentionally neglected by Microsoft
since the AntiVirus thing became a business. A BIG business. Imagine if
Microsoft removed the Virus Support. Billions of dollars would stop being
moved from people's pockets to the software giants. Mega companies would
simply disappear from the Market. Hundreds of people would be unemployed.
Given the facts, Microsoft is simply UNABLE to fix such vulnerabilities.

Vulnerabilities in Microsoft systems can only be fixed before they become a
business. This rule has became worst after their antitrust trial.

Virues have never been a threat for Open Source systems, since they
(viruses) use vulnerabilities that get fixed by users *regardless* of some
company liking or not.

Diversification and Open Source is the solution for most security threats.

These guys have done a GREAT WORK!

Best regards,

Fábio Gomes de Souza
CEO
GS2 Tecnologia da Informação Ltda
Olinda, Brazil


Jonathan A. Zdziarski escreveu:
> This was released yesterday just incase nobody noticed.  
> http://www.ccianet.org/papers/cyberinsecurity.pdf
>
> Among the authors are Bruce Schnier, Dan Geer, and Charles Pfleeger. 
> Interesting read.
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html