[14284] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Reliance on Microsoft called risk to U.S. security

daemon@ATHENA.MIT.EDU (Ian Grigg)
Thu Sep 25 22:55:31 2003

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 25 Sep 2003 16:53:03 -0400
From: Ian Grigg <iang@systemics.com>
Reply-To: iang@systemics.com
To: cryptography@metzdowd.com

"R. A. Hettinga" wrote:
> 
> <http://channels.netscape.com/ns/news/story.jsp?id=200309241951000228064&dt=20030924195100&w=RTR&coview=>
> 
> Reliance on Microsoft called risk to U.S. security

> But the security experts said the issue of computer security
> had more to do with the ubiquity of Microsoft's software than
> any flaws in the software.

> "I wouldn't put all of the blame on Microsoft," Schneier said,
> "the problem is the monoculture."

On the face of it, this is being too kind and not
striking at the core of Microsoft's insecure OS.  For
example, viruses are almost totally a Microsoft game,
simply because most other systems aren't that vulnerable.

But, it is also possible to secure M$ OSs, so maybe there
is some merit to not putting "all the blame on Microsoft."

Either way, it can be tested.  There is one market where
M$ has not dominated, and that is the server platform.

I haven't looked for a while, but last I looked, the
#1,2,3 players were Linux, Microsoft, FreeBSD, and only
a percentage point or two separated them.  (I'm unsure
of the relative orders.  And this relates to testable
web server platforms, rather than all servers.)

So, in the market for server platform OSs, is there
any view as to which are more secure, and whether that
insecurity can be traced to the OS?  Or external factors
such as a culture of laziness in installing patches, or
derivative vulnerability from being part of the monoculture?

(I raise this as a research question, not expecting any
answers!)

iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post