Re: [inbox] Re: CyberInsecurity: The cost of Monopoly

[Rodrigo Barbosa <rodrigob () suespammers org>]

On Mon, Sep 29, 2003 at 11:51:03PM -0500, Paul Schmehl wrote:
> > As some may recall, my original statement was an answer to someone that
> > was points that Unix is more secure then Windows (I agree up to this
> > point), and gave and example telling that there are still several codered
> > vulnerable machine around. This is the point I was commenting about. And
> > you do have to agree that is a machine, today, is still vulnerable to
> > Codered, it is mostly due to a fault of the administrator.
> I'm going to pick one small nit with you.  There is another possible guilty 
> party.  In some cases, at least in edu and medical centers (that's what I'm 
> familiar with) the *vendor* is at fault.  Some vendors will not certify 
> their scientific instruments with the latest Service Packs and patches, 
> leaving the admins no other choice but to find some other way to protect 
> the machine.  (Hell, we sometimes have trouble getting vendors of 
> *security* devices to support their products with the latest SPs and 
> patches.  (Which is another reason that I dislike putting security-related 
> software on Windows boxes, but sometimes you simply have no choice.)

I stand corrected.

I kind of remember something about a friend of mine (Win admin) installing
NT SP2 and it breaking MS-SQL server.

And yes, you are correct about vendors too.

So, simply put, we are doomed :)

- When the software gets a bugfix released, you can't install it because
of the vendor
- When you can install it regardless of the vendor, the net admin forgets
to install it
- When the net admin remembers to install it, the users mess up
- When the user don't mess up, the cleaning lady pulls the plug

Talk about trustworthy computing :)

[]s

-- 
Rodrigo Barbosa <rodrigob () suespammers org>
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

Attachment: _bin
Description: