Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause

From: "Wes Noonan" <mailinglists () wjnconsulting com>
Date: Sun, 18 Jan 2004 21:53:50 -0600
Uh, no.  Where do you get that from?



From a good chunk of the Linux admins I know.

 

If you think editing configuration files and changing settings is
"modifying
Linux", then I can equally claim you have to "modify Windows" to harden
it.


Sure. I've never said or implied otherwise. 
 

Recompiling is not modifying.


What is it then? If I need to recompile the kernel to support something new,
lets say a new version of ipTables, am I not modifying things?
 

So you're proving my point. ;-)  What possible incentive could Microsoft
have to improve its security, if you (and others) answer my question
the way you do?  (I'd actually appreciate a "Yes" or "No" answer rather
than a paragraph.)


Because unlike you seem to portray it, there isn't some mutual exclusion.
One doesn't need to ignore security to choose other things. Likewise one
doesn't need to ignore other things when choosing security.

As for the incentive though, customer satisfaction is certainly a healthy
one. Do you not do things because it satisfies your customers?

As for a yes or a no, it unfortunately isn't that simple a question or
response. The best I can offer is a firm "it depends".
 

Except we give out source code and permission to modify it and have it
audited for security (even for our commercial software.)


Sure, but this is just another "commercial software bad, open source good"
point. As previously mentioned, I don't want to waste time arguing those.
It's pointless IMO for reasons I previously cited.

Also, I don't want to argue *your* product. I merely used it as an example.
  

Of course I think you're wrong.  They essentially dumped IE on the market
in order to kill Netscape.

But that's OK.  Linux is doing to MS what MS did to Netscape, except
through
ethical means rather than dumping.


Bah. There is little to no difference. The claims of "ethical" go back to
another religious war. As others have requested, and as I have mentioned,
I'm not going to continue with a religious debate over operating systems. My
point, as Mike Marshall also mentioned, has been made.
 

I'll rephrase it:  Today, insecurity is one of the most important threats
to a business's profit.


Sure, which is why Microsoft and pretty much everyone else is working on
insecurity issues.

Thanks for the lively discussion. I'm going to end it from my end at least
though. Take it easy.

Wes Noonan
mailinglists () wjnconsulting com
http://www.wjnconsulting.com 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: