Full Disclosure mailing list archives
RE: Re: Microsoft Coding / National Security Risk
From: "joe" <mvp () joeware net>
Date: Fri, 26 Mar 2004 13:23:55 -0500
I would hope the US government isn't using Windows in the way normal home users are. And in fact having personally spoken with several folks from the US Government and the US Military (US Army specifically which was interesting...) in charge of this stuff this week at a conference I can actually in fact say that they don't use Windows like normal home users. The machines are locked down. I also spoke with someone with the Norwegian NSA and can say they also don't run Windows machines like normal home users... Imagine that... You can have people who don't know how to run Windows, Linux, VMS, or ANY OS or RTS. Security is a function of the quality of the people responsible for securing the boxes more so than the OS/RTS on the box. Microsoft, imo, grew up in a time when added functionality was more critical to user's purchase decisions than security. People wanted things to work fully and completely out of the box and security was not something they were asking for nor willing to pay additional for development of. MS acceded to that and produced that product. Now that mindset has changed and MS is working towards the new mindset. Obviously if they don't, product demand would NATURALLY lessen for MS and whatever product was most secure (assuming that is what users really want) would gain market share and win. As much as people would not like to believe it, MS can not make a complete crap product and have people continue to purchase it. Market economics does not work that no matter how much leverage MS may or may not have. We can say all day that the lack of security is the fault of Microsoft but it really comes back to what people were spending money on. They weren't looking for security. Some were sure and those folks took what MS gave and locked it down because the ability to lock many things down has been there for a long while, just not heavily done. I have been hardening Windows machines since at least NT4 SP3. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of borg () hush com Sent: Wednesday, March 24, 2004 9:00 AM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Re: Microsoft Coding / National Security Risk
But if our government (USA) was smart (and I know they are) they wouldnt rely on Microsoft products to protect their data.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Microsoft Coding / National Security Risk, (continued)
- Re: Microsoft Coding / National Security Risk Luke Norman (Mar 24)
- RE: Microsoft Coding / National Security Risk joe (Mar 24)
- RE: Microsoft Coding / National Security Risk Frank Knobbe (Mar 24)
- RE: Microsoft Coding / National Security Risk joe (Mar 26)
- RE: Microsoft Coding / National Security Risk Frank Knobbe (Mar 24)
- Re: Microsoft Coding / National Security Risk John Sage (Mar 24)
- RE: Microsoft Coding / National Security Risk joe (Mar 26)
- Re: Microsoft Coding / National Security Risk Valdis . Kletnieks (Mar 26)
- RE: Microsoft Coding / National Security Risk joe (Mar 26)
- Re: Microsoft Coding / National Security Risk Valdis . Kletnieks (Mar 24)
- Re: Microsoft Coding / National Security Risk martin f krafft (Mar 24)
- Re: Microsoft Coding / National Security Risk borg (Mar 24)
- RE: Re: Microsoft Coding / National Security Risk joe (Mar 26)
- RE: Re: Microsoft Coding / National Security Risk madsaxon (Mar 26)
- Re: Re: Microsoft Coding / National Security Risk Szilveszter Adam (Mar 29)
- RE: Re: Microsoft Coding / National Security Risk joe (Mar 26)
- RE: Re: Microsoft Coding / National Security Risk Random Letters (Mar 24)
- RE: Re: Microsoft Coding / National Security Risk Steven Alexander (Mar 26)