Secure Coding mailing list archives
RE: Origins of Security Problems
From: "Alun Jones" <alun () texis com>
Date: Mon, 21 Jun 2004 12:50:02 +0100
[EMAIL PROTECTED] <> wrote on Saturday, June 19, 2004 4:49 AM:
There is nothing to _prevent_ an untrained administrator from granting that privilege to all users (I have seen worse), but there is a damping effect provided by the fact that behavior _defaults_ to constraining those users.
I think you missed my point completely. A little over ten years ago, the same "damping effect" was provided in TCP/IP as you say is present for DECNet. That is the sum total of my point. The only difference is popularity. As with so many other security comparisons, the technology has very little difference, it is merely the quality of system administrators that sets the systems apart. There are complaints over the monoculture of Microsoft, but if the users and administrators of existing unsecured Microsoft systems were to jump to other operating systems, they would a) choose the easiest, most open systems, and b) leave them just as unsecured as they were before. That's not to say that some operating systems don't have technological boundaries that make it easier to remain secured. But it is to say that _unless_ those technological boundaries exist, moving an admin or a user from one operating system to another will not improve their security situation in a meaningful manner. There is something to be said for using the less popular platforms, of course - viruses and worms tend to be written for maximum damage, to infect maximum numbers of systems, and can only achieve that by attacking the most popular platforms. For all that it is bug-ridden and full of security holes, a Windows for Workgroups 3.1x system put on the Internet today would probably remain unhacked for months or even years. Alun. ~~~~
Current thread:
- Origins of Security Problems Mark Rockman (Jun 15)
- RE: Origins of Security Problems Michael S Hines (Jun 16)
- RE: Origins of Security Problems ljknews (Jun 17)
- Message not available
- Re: Origins of Security Problems ljknews (Jun 18)
- RE: Origins of Security Problems Alun Jones (Jun 20)
- RE: Origins of Security Problems ljknews (Jun 20)
- RE: Origins of Security Problems Alun Jones (Jun 21)
- RE: Origins of Security Problems ljknews (Jun 17)
- RE: Origins of Security Problems Michael S Hines (Jun 16)
- <Possible follow-ups>
- Origins of Security Problems Mark Rockman (Jun 17)
- Re: Origins of Security Problems Crispin Cowan (Jun 18)