[thelist] FYI - Plug this MS Application Hole

[Boris Mann]

On Thursday, September 4, 2003, at 09:18 AM, Sarah wrote:

> Here's a question for those of you with a better understanding of 
> security issues than I have. Do you think that Microsoft products have 
> so many security problems because they develop sub-par products

Microsoft does not intentionally set out to create products with 
security problems. Why they do have them is something that perhaps even 
MS can't answer.

> or because the various flavours of Windows are the most commonly used 
> OS, and therefore come under more attack by "crackers"?

This is the one point that likely can't be argued about -- because of 
the prevalence of Windows, there will be more attacks.

> Or, is it possible that other software "distributors" (for lack of a 
> better word), such as Apple or Linux, *need* to put in the extra 
> effort to make their products more secure, simply in order to gain any 
> kind of significant market share vs. Microsoft?

Whether it's extra effort or more secure-by-default products, it's all 
the same in the end, isn't it? Should it be part of analysis when 
selecting a platform? Probably, but in the vast majority of cases, this 
is not how a platform is selected for deployment.

People can easily come up with anecdotal evidence on either side: "I've 
used platform XXX for 5 years and never had a problem".

> (I hope this doesn't start a flame war, I am just looking for some 
> informed opinions on this subject.)

This definitely is a flame war discussion. I'm not sure that a 
meaningful discussion about this can be had on theList. Hopefully 
nothing I've stated will fan the flames.