RE: [inbox] Re: CyberInsecurity: The cost of Monopoly

["Curt Purdy" <purdy () tecman com>]

I wasn't refering to the SMB community, but IMHO even they will be choosing
simplicity (don't think I've ever used that term with Microsoft considering
their use of a registry as one example) over security that will someday bite
them in the butt. The paper was refering to the government and society in
general.  Even medium businesses and larger better get their head out.

One of my standard rec's after auditing Windows networks is to go to Netware
or UNIX on the server side and Linux on the client-side.  With Open Office
and Crossover, 90% of Windows can be eliminated while introducing a MUCH
more secure networking environment.

The following sentence from the work cannot be argued and it applies to
networks as well, "In the broadest sense, economic diversification is as
much the hallmark of free societies as monopoly is the hallmark of central
planning."  And we all better wake up and see that Microsoft is the "central
planner" here and Bill Gates is Big Brother.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity zar Richard Clarke


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Florian
Weimer
Sent: Sunday, September 28, 2003 3:21 AM
To: Curt Purdy
Cc: 'Rick Kingslan'; '*Hobbit*'; full-disclosure () lists netsys com
Subject: [inbox] Re: [Full-disclosure] CyberInsecurity: The cost of
Monopoly


On Sat, Sep 27, 2003 at 01:12:01PM -0500, Curt Purdy wrote:

> I think we have lost the point of the thread CyberInsecurity: The Cost of
> Monopoly which states your exact point that diversity is the most
important
> aspect of network protection.

I often hear such claims, but I'd rather see companies to allocate
adequate resources to deal with a uniform computing environment.
Currently, most companies with such an environment do not deploy *any*
countermeasures.  There was a wide range of options to counter the
recent malware waves, yet many organziations did nothing.

Diversity is good, sure, but unless you can afford the costs of a
workforce which is equally skilled on very diverse platforms, you just
make things worse.

Furthermore, some aspects of diversity are already creating huge
problems, e.g. mobile devices which are not configured according to
company guidelines, but are nevertheless connected to the company
network.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html