~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From: "Shawn K. Quinn" <skquinn at xevious.kicks-ass.net> Subject: Re: [thelist] New Critical Security Patch for Windows.... : > technology is built by humans and therefore imperfect. to cast a : > stone at any particular vendor (in this case microsoft) is extremely : > boastful of your own abilities, no? : : Even if John is not capable of writing his own operating system, : it's still likely he knows of others with a track record far superior to : that of Windows. I would even feel safer running Red Hat Linux : without a firewall than any version of Windows. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Then either you know Red Hat Linux better than you do Windows. -or- You are a fool. Either can be used to run a perfectly acceptably secure and robust network. Provided you have competant administrators. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ : > further, it indicates just how out of touch you are with security : > news online. yes, there are a lot of security holes in microsoft : > products and yes, microsofts products enjoy a rather dominant market : > share. however, the fact remains that alerts from most any : > non-vendor-specific security alert service you sign up to have : > microsoft products in the gross minority, the opposite of what you : > might be inclined to believe. : : I would say this is of dubious relevance, when the exploits for them : choke down entire networks and the fallout affects everyone, : even those of us who have long since ceased trusting Microsoft. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A larger number of machines are compromised, leading to problems with networks. What's your point? It doesn't detract one iota from the point that Jeff was making. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ : Also, Microsoft is not exactly known for brutal honesty when it : comes to owing up to a bug in their software, in particular if it is : security-related, and even if they acknowledge it the impact is : ridiculously downplayed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Where do you get this load of rubbish from? Do you actually frequent *any* of the major security forums? Your comments above indicate that you do not. Perhaps you should spend more time here: www.securityfocus.org (for starters) rather than mouthing off with statements that are simply ridiculous. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ : Contrast this with, say, OpenBSD's same-day update owning up : to the one remote hole in the default install after four years : (and the exploitability of that hole was still in question). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Here you are comparing the speed with which one vendor may have provide one update with The seriousness with which Microsoft takes vulnerbilities They are different things. Let me assure you that Microsoft takes vulnerabilities *very* seriously these days. Secondly, it often takes longer for Microsoft to release patches becuase of the need to run regression testing on a large number of platforms, running on very different hardware, running any number of localised versions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ : As far as your "uninformed" comment, I've been using computers : for quite a long time. I taught myself BASIC and 6502 assembler : language before I was out of elementary school, and have studied : computer network security ever since getting my first dialup : Internet account back in 1996. I'm about as informed as they come. ... : (And I would consider an MCSE or similar : credential as prima facie evidence of a Microsoft bias.) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You see, if you went and said this in any serious security forum, you'd just get laughed at. You compare yourself to Marc Maiffret, David LeBlanc, Mark Russinovich or David Litchfield? HAHAHAHA If you want, you can keep up the constant bitching, ranting and complaining. However, I'll give you some advice for free. It just makes you look more foolish in the eyes of those who actually do have a clue. Cheers Ken PS As an aside, I often find it amusing how it's those that don't run enterprise infrastructures, who proudly wear their "I don't use Microsoft products" shirts who feel the need to start these threads. It's not Microsoft or Novell or Sun people who feel the need to write inflammatory comments about other vendors. And just because you taught yourself BASIC doesn't count for anything these days. I taught myself BASIC too, but I know it counts for squat in my current role.