Duh - Microsoft: "Our products aren't engineered for security"

Duh - Microsoft: "Our products aren't engineered for security"

Post by Sinister Midge » Sun, 08 Sep 2002 02:42:04



On Fri, 06 Sep 2002 18:22:59 -0500, Matt spawned:

Quote:>> Enjoy.
>> HTH & GL...   ;-))
>> -------------------------------------- # ...Because the truth is that
>> open source doesn't cure cancer, doesn't lead to a global gift economy,
>> and doesn't produce perfect software on the first, second, or even
>> fifty-seventh try. Hell, I could put together a laundry list right now
>> of glaring flaws and shortcomings in Linux that I blame squarely on open
>> source development and developers. Jason Compton.

> We're waiting.

> Matt

All attempts mostly end in spouting multiple instances of the same, nearly
irrelevant minor bugs, mixed with a rare exploit that was patched long
before it was announced.

When that fails, generalities prevail. When cornered, the subject quickly
evolves away from the original in order to make other specious claims in
order to repeat the process.

A killfile, however, stops the process in its tracks. And it lowers the
level of obnoxious noise, too!

--
"Using Outlook Express is the m*equivalent of putting on spike
heels,  fishnets, and a bustier, walking down to the corner of Virus St and
Trojan Ave, and shouting 'Hello, Sailor!'."

 
 
 

Duh - Microsoft: "Our products aren't engineered for security"

Post by rapska » Sun, 08 Sep 2002 02:46:41


Error Log for Sat, 07 Sep 2002 10:38:37 +1200: segfault in module "Max
Burke" - dump details are as follows...

Quote:> This weeks 15 top security advisories for various *nix distro's.......
> http://www.linuxsecurity.com/advisories/index.html

> Enjoy.
> HTH & GL...   ;-))

Is your linux server patched yet?

--
rapskat -   8:45pm  up 13:21,  0 users,  load average: 0.04, 0.09, 0.08
78 processes: 75 sleeping, 2 running, 1 zombie, 0 stopped
CPU states:  3.8% user,  1.3% system,  0.0% nice,  5.5% idle
drop the hot to mail me

In Columbia, Pennsylvania, it is against the law for a pilot to tickle
a female flying student under her chin with a feather duster in order
to get her attention.

 
 
 

Duh - Microsoft: "Our products aren't engineered for security"

Post by cybea » Sun, 08 Sep 2002 04:35:34


Quote:>> This weeks 15 top security advisories for various *nix distro's.......
>> http://www.linuxsecurity.com/advisories/index.html

I love it, compare 15 patchable problems to an entire OS that is insecure.
Get it? because MS did not design the OS with security in mind, the WHOLE
OS is suspect. Patching a few know exploits will not fix an OS that was NOT
designed with security in mind. The whole OS needs to be re-engineered and
re-written from the ground up. No more basing one version on the last. I
don't think MS is up to it. I think it will require a culture change that I
just do not believe MS will be able to accomplish.
 
 
 

Duh - Microsoft: "Our products aren't engineered for security"

Post by mlw » Sun, 08 Sep 2002 05:02:05



> Unix wasn't designed with security in mind when it was first
> developed.  Unix was designed though. Along with that the KISS
> philosophy has made it relatively easy to add security to Unix later.

This is not true. Granted the amount of security and the depth of the security
requirements were unimaginable in the late 60s and early 70s, but UNIX was
designed with a security model, and the notion that one user must be protected
from another.

Windows was originally designed to sit on top of DOS. DOS never had the notion
of users and protection. Windows NT was copied from Mica, a portable VMS, and
was originally intended to be a portable OS/2. The NT code base has, in its
core, similar notions of security with those of UNIX.

The problem with 2k and XP are similar to those of "user friendly" distros of
Linux which attempt to circumvent "username/password" and "root/password."

Thus far, the Linux community has been able to slow the steam roller of
"usability" which attempts to hide the fact that "administrator" and "user" are
different.  Microsoft has no such dissent, they have completely ignored
security and allowed the core system of NT to be compromised.

Windows NT, at least theoretically, could be just as secure as UNIX, but
Microsoft has built so much infrastructure which ignores security that
virtually every Windows program will break.

Quote:

> It is not necessary to see MS's code to know that it is an
> unmaintainable humongous mess. The past record only shows it going
> from bad to worse.  Even MS realise that a total redesign is their
> only long term chance.  Will people continue to pay for their existing
> *every year for the next 5 years. I don't think so.

 
 
 

Duh - Microsoft: "Our products aren't engineered for security"

Post by Sinister Midge » Sun, 08 Sep 2002 05:09:20


On Fri, 06 Sep 2002 21:35:34 -0500, cybear spawned:

Quote:

>>> This weeks 15 top security advisories for various *nix distro's.......
>>> http://www.linuxsecurity.com/advisories/index.html

> I love it, compare 15 patchable problems to an entire OS that is insecure.
> Get it? because MS did not design the OS with security in mind, the WHOLE
> OS is suspect. Patching a few know exploits will not fix an OS that was
> NOT designed with security in mind. The whole OS needs to be re-engineered
> and re-written from the ground up. No more basing one version on the last.
> I don't think MS is up to it. I think it will require a culture change
> that I just do not believe MS will be able to accomplish.

What about Trustworthy Computing? Isn't that going to make things better?

Yeah, it'll take 10 years to get there (in Windoseze, that's 15+ years),
but they'll keep putting out patches until it's ready!

Won't they???

--
The reason I use Linux is because I've used Windows.

 
 
 

Duh - Microsoft: "Our products aren't engineered for security"

Post by Nucleo » Sun, 08 Sep 2002 05:14:56


<snip>

Quote:> David Mohring - X11R6:Network/Binary compatable back to 1986 X11 Clients

Cool links.  What was the general history of X?  I want to have something
to reply with when sheeple say that MS invented GUIs, and we ripped them
off, and then MS innovated further with Remote Desktop.

--
Nucleon, RLU #278930, <http://counter.li.org/>

Information wants to be free.

 
 
 

Duh - Microsoft: "Our products aren't engineered for security"

Post by cybea » Sun, 08 Sep 2002 05:20:01



> What about Trustworthy Computing? Isn't that going to make things better?

> Yeah, it'll take 10 years to get there (in Windoseze, that's 15+ years),
> but they'll keep putting out patches until it's ready!

> Won't they???

Tell me again how designing in the ability for someone to come into your
system and dissable things is secure.
 
 
 

Duh - Microsoft: "Our products aren't engineered for security"

Post by kickah » Sun, 08 Sep 2002 05:28:52



> On Fri, 06 Sep 2002 18:22:59 -0500, Matt spawned:

>>> Enjoy.
>>> HTH & GL...   ;-))
>>> -------------------------------------- # ...Because the truth is that
>>> open source doesn't cure cancer, doesn't lead to a global gift economy,
>>> and doesn't produce perfect software on the first, second, or even
>>> fifty-seventh try. Hell, I could put together a laundry list right now
>>> of glaring flaws and shortcomings in Linux that I blame squarely on open
>>> source development and developers. Jason Compton.

>> We're waiting.

>> Matt

> All attempts mostly end in spouting multiple instances of the same, nearly
> irrelevant minor bugs, mixed with a rare exploit that was patched long
> before it was announced.

> When that fails, generalities prevail. When cornered, the subject quickly
> evolves away from the original in order to make other specious claims in
> order to repeat the process.

> A killfile, however, stops the process in its tracks. And it lowers the
> level of obnoxious noise, too!

Damn good point, Sinister. However, I like to keep an eye on the win-morons,
just to make sure they stay... well, they won't ever be _honest_, but at
least we can keep them from running rampant over the newbies and the casual
readers, eh?
 
 
 

Duh - Microsoft: "Our products aren't engineered for security"

Post by Max Burk » Sun, 08 Sep 2002 05:42:00



Quote:>> Enjoy.
>> HTH & GL...   ;-))
>> -------------------------------------- # ...Because the truth is that
>> open source doesn't cure cancer, doesn't lead to a global gift
>> economy, and doesn't produce perfect software on the first, second,
>> or even fifty-seventh try. Hell, I could put together a laundry list
>> right now of glaring flaws and shortcomings in Linux that I blame
>> squarely on open source development and developers. Jason Compton.

> We're waiting.

http://www.linux-mag.com/online/compton_c01_01.html
http://www.linuxsecurity.com/advisories/index.html
--

Replace the obvious with paradise to email me.

See Found Images at :
http://homepages.paradise.net.nz/~mlvburke

 
 
 

Duh - Microsoft: "Our products aren't engineered for security"

Post by Stephen Edward » Sun, 08 Sep 2002 06:25:10



> Microsoft: 'Our products aren't engineered for security'
> CW360.com Sep 6 2002 4:16AM ET...
> http://c.moreover.com/click/here.pl?r46677969
> +
> +Friday 6 September 2002
> +Brian Valentine, senior vice-president in charge of Microsoft's
> +Windows development, has made a grim admission to the Microsoft
> +Windows Server .net developer conference in Seattle, USA.
> +
> +"I'm not proud," he told delegates yesterday (5 September). "We
> +really haven't done everything we could to protect our customers.
> +Our products just aren't engineered for security," admitted
> +Valentine, who since 1998 has headed Microsoft's Windows division.

The sad thing is, Windows NT v4.0 actually had some very nice
built-in security features. Where they screwed up was adding
things that were easily exploitable, like the registry, which
is really nothing more than a bastardized filesystem.

Of course, Unix operating systems were not originally designed
with security in mind at all. However, because Unix is basically
a child of C, it shares C's modularity, and therefore, it is
designed well for afterthoughts.
--
while (strcmp(Microsoft, "alive")) && (strcmp(thisuser, "a PC monkey")) {
strcopy(username, "01100001 01101110 01100001 01101101"); // Decode binary
strcat(username, " 01101111 01110010 01110000 01101000"); // to contact me.

Quote:} // % set HOST="extremezone.com"; cat whining | apathy > /dev/null; logout