[29023] in bugtraq
RE: Bypassing Personal Firewalls
daemon@ATHENA.MIT.EDU (John Howie)
Mon Feb 24 17:18:45 2003
Date: Mon, 24 Feb 2003 12:11:05 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Message-ID: <DAEF28A9E7214B46AE7C7C66861F630807B0E5@STKSRV1.securitytoolkit.com>
content-class: urn:content-classes:message
From: "John Howie" <JHowie@securitytoolkit.com>
To: =?iso-8859-1?Q?Torbj=F6rn_Hovmark?= <torbjorn.hovmark@abtrusion.com>,
<bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
Torbjörn,
> ... There are just too
> many holes in Windows for it to be feasible to plug them all. The focus
> ought to be on preventing the code execution in the first place, not on
> trying to contain it.
>
I think it unfair to paint Windows with such a broad brush, especially as most other OSes had just as many, if not more, security problems in the last year. The reality is that most vulnerabilities are in applications (and usually third-party ones, at that) that run on the OS, and not in the OS itself. Your point about preventing code execution is right on the mark. Most attacks can be prevented through user education and methodical, secure, application development.
Regards,
John
