[14292] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Reliance on Microsoft called risk to U.S. security

daemon@ATHENA.MIT.EDU (martin f krafft)
Fri Sep 26 16:35:53 2003

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 26 Sep 2003 14:56:11 +0200
From: martin f krafft <madduck@madduck.net>
To: cryptography@metzdowd.com
Mail-Followup-To: cryptography@metzdowd.com
In-Reply-To: <3F7355AF.B223A93C@systemics.com>


--6c2NcOVqGQ03X4Wi
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

also sprach Ian Grigg <iang@systemics.com> [2003.09.25.2253 +0200]:
> > "I wouldn't put all of the blame on Microsoft," Schneier said,
> > "the problem is the monoculture."
>=20
> On the face of it, this is being too kind and not striking at the
> core of Microsoft's insecure OS.  For example, viruses are almost
> totally a Microsoft game, simply because most other systems aren't
> that vulnerable.

Yes and no. First, I think that viruses will surface were e.g. Linux
to take top position, albeit they may have to employ totally new
paradigms to subvert the more advanced security architecture of
UNIX.

But I believe Schneier is right for the following reason: Microsoft
is a monopolist who, despite enjoying bad press for the past four
years, is managing to keep its sales going up each quarter. If you
are in business, what do you care for? The steep sales curve, or the
quality of your product?

As long as Microsoft has the monopoly on the desktop, as long as new
computers come with Windows per default, and as long as people stop
complaining and actually take action against the crap that Redmond
ships by switching to other systems in bulk, Microsoft has no reason
to invest any money in a code rework.

> So, in the market for server platform OSs, is there any view as to
> which are more secure, and whether that insecurity can be traced
> to the OS?

The defacement archive[1] has some statistics. But don't let
yourself be fooled as one should not forget that while Windows
usually comes with one web-, one mail-, one DNS server, there are
like 27 and up in each category for UNIX. So theoretically, when
comparing those categories, you need to include a factor of 27.

  1. http://defaced.alldas.org/

--=20
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
=20
invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!
=20
"women love us for our defects.
 if we have enough of them,
 they will forgive us everything,
 even our gigantic intellects."
                                                        -- oscar wilde

--6c2NcOVqGQ03X4Wi
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/dDdrIgvIgzMMSnURAuSrAJ9Azst/VMdPFTmAXBdEO00J2LXMAACgwhqK
4aMtdpODMJ9wzmYgMGcEhwM=
=ezHM
-----END PGP SIGNATURE-----

--6c2NcOVqGQ03X4Wi--

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post