[thelist] New Critical Security Patch for Windows....

Shawn K. Quinn skquinn at xevious.kicks-ass.net
Thu Feb 12 05:48:12 CST 2004 

On Thursday 2004 February 12 05:07, Jeff Howden wrote:
> john,
>
> ><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> > From: John C Bullas
> >
> > Microsoft who art in Redmond.......
> >
> > Thank you for providing virus writers and hackers with
> > the exploits from day one be they security loopholes,
> > possible buffer overruns or missing canaries, that later
> > on enable you to remind us of your beneficence via
> > "windows Update"......
> ><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
>
> technology is built by humans and therefore imperfect.  to cast a
> stone at any particular vendor (in this case microsoft) is extremely
> boastful of your own abilities, no? 

Even if John is not capable of writing his own operating system, it's 
still likely he knows of others with a track record far superior to 
that of Windows. I would even feel safer running Red Hat Linux without 
a firewall than any version of Windows.

> further, it indicates just how  out of touch you are with security
> news online.  yes, there are a lot  of security holes in microsoft
> products and yes, microsofts products enjoy a rather dominant market
> share. however, the fact remains that alerts from most any
> non-vendor-specific security alert service you sign up to have
> microsoft products in the gross minority, the opposite of what you
> might be inclined to believe.

I would say this is of dubious relevance, when the exploits for them 
choke down entire networks and the fallout affects everyone, even those 
of us who have long since ceased trusting Microsoft. Also, Microsoft is 
not exactly known for brutal honesty when it comes to owing up to a bug 
in their software, in particular if it is security-related, and even if 
they acknowledge it the impact is ridiculously downplayed. Contrast 
this with, say, OpenBSD's same-day update owning up to the one remote 
hole in the default install after four years (and the exploitability of 
that hole was still in question).

> just something to  ponder before you blurt the usual, uninformed,
> anti-microsoft rhetoric you hear from self-proclaimed computer
> experts. 

Something else to ponder: Before Microsoft Windows was Internet-capable, 
there was talk about *the* Internet worm, as in the ONE Internet worm. 
These days, if you try to refer to *the* Internet worm, people will 
reply somethign like "Huh? Which one? You mean there's another one out 
there now?"

As far as your "uninformed" comment, I've been using computers for quite 
a long time. I taught myself BASIC and 6502 assembler language before I 
was out of elementary school, and have studied computer network 
security ever since getting my first dialup Internet account back in 
1996. I'm about as informed as they come. I think it's safe to say just 
about every unbiased computer security expert will describe Microsoft's 
security track record as "piss poor" with maybe a nominal improvement 
over the past few months. (And I would consider an MCSE or similar 
credential as prima facie evidence of a Microsoft bias.)

-- 
Shawn K. Quinn

More information about the thelist mailing list