[thelist] New Critical Security Patch for Windows....

Ken Schaefer ken at adOpenStatic.com
Thu Feb 12 19:25:12 CST 2004

From: "Shawn K. Quinn" <skquinn at xevious.kicks-ass.net>
Subject: Re: [thelist] New Critical Security Patch for Windows....

: > technology is built by humans and therefore imperfect.  to cast a
: > stone at any particular vendor (in this case microsoft) is extremely
: > boastful of your own abilities, no?
: Even if John is not capable of writing his own operating system,
: it's still likely he knows of others with a track record far superior to
: that of Windows. I would even feel safer running Red Hat Linux
: without a firewall than any version of Windows.

Then either you know Red Hat Linux better than you do Windows.
You are a fool.

Either can be used to run a perfectly acceptably secure and robust network.
Provided you have competant administrators.

: > further, it indicates just how  out of touch you are with security
: > news online.  yes, there are a lot  of security holes in microsoft
: > products and yes, microsofts products enjoy a rather dominant market
: > share. however, the fact remains that alerts from most any
: > non-vendor-specific security alert service you sign up to have
: > microsoft products in the gross minority, the opposite of what you
: > might be inclined to believe.
: I would say this is of dubious relevance, when the exploits for them
: choke down entire networks and the fallout affects everyone,
: even those of us who have long since ceased trusting Microsoft.

A larger number of machines are compromised, leading to problems with
networks. What's your point? It doesn't detract one iota from the point that
Jeff was making.

: Also, Microsoft is not exactly known for brutal honesty when it
: comes to owing up to a bug in their software, in particular if it is
: security-related, and even if they acknowledge it the impact is
: ridiculously downplayed.

Where do you get this load of rubbish from? Do you actually frequent *any*
of the major security forums? Your comments above indicate that you do not.
Perhaps you should spend more time here: www.securityfocus.org (for
starters) rather than mouthing off with statements that are simply

: Contrast this with, say, OpenBSD's same-day update owning up
: to the one remote hole in the default install after four years
: (and the exploitability of that hole was still in question).

Here you are comparing the speed with which one vendor may have provide one
The seriousness with which Microsoft takes vulnerbilities

They are different things. Let me assure you that Microsoft takes
vulnerabilities *very* seriously these days. Secondly, it often takes longer
for Microsoft to release patches becuase of the need to run regression
testing on a large number of platforms, running on very different hardware,
running any number of localised versions.

: As far as your "uninformed" comment, I've been using computers
: for quite a long time. I taught myself BASIC and 6502 assembler
: language before I was out of elementary school, and have studied
: computer network security ever since getting my first dialup
: Internet account back in 1996. I'm about as informed as they come. ...
: (And I would consider an MCSE or similar
: credential as prima facie evidence of a Microsoft bias.)

You see, if you went and said this in any serious security forum, you'd just
get laughed at. You compare yourself to Marc Maiffret, David LeBlanc, Mark
Russinovich or David Litchfield? HAHAHAHA

If you want, you can keep up the constant bitching, ranting and complaining.
However, I'll give you some advice for free. It just makes you look more
foolish in the eyes of those who actually do have a clue.


PS As an aside, I often find it amusing how it's those that don't run
enterprise infrastructures, who proudly wear their "I don't use Microsoft
products" shirts who feel the need to start these threads. It's not
Microsoft or Novell or Sun people who feel the need to write inflammatory
comments about other vendors. And just because you taught yourself BASIC
doesn't count for anything these days. I taught myself BASIC too, but I know
it counts for squat in my current role.

More information about the thelist mailing list