Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Its ...

Roy Culley wrote:
> <1907369.EeIYMBx43b@xxxxxxxxxxxxxxx>, Roy Schestowitz
> <newsgroups@xxxxxxxxxxxxxxx> writes:
>> __/ [ Roy Culley ] on Saturday 07 October 2006 23:57 \__

>>> Security is one of those funny things.  You can talk about being
>>> "more" secure, but there's no such thing.  A vulnerability is a
>>> vulnerability, and even one makes you just as insecure as anyone
>>> else.  Security is a binary condition, either you are or you
>>> aren't. - Funkenbusch 1 Oct 2006

>> *LOL* Security is a feature, not a trait.

I missed that original thread, and I'm sure the subject was done to
death, but just to contribute my opinion:

The truth about security is the complete opposite of Eric's
assertion. Security is not either true or false ... it is *always*
false, there is only a grey area which is part perception and part
impediment. IOW security is *never* 100% impenetrable, but it can be
either more or less efficient at hindering an attack, often
sufficiently long enough for manual intervention.

There most certainly *are* degrees of security, but those degrees are
subjective; relative to the skill of the hacker. So multiple, well
known, long-standing, easily exploitable vulnerabilities, is an
increased risk compared to fewer, obscure, quickly patched, highly
technical vulnerabilities.

>> Pay $50 per year to Microsoft in order to get Microsoft's product
>> /gain/ a _little_ more security.

This is another grey area.

On the one hand, should the OS developer charge for (what is
essentially) patches to fix security vulnerabilities in it's own
product?

OTOH, given that no software can ever be 100% secure, is it fair to
blame Microsoft for every exploit. Should they not be entitled to
fight those exploits on their own terms.

It comes down to a question of degrees again. If you are of the
opinion that many Windows exploits are trivial, the result of gross
negligence, and tantamount to Beta software released as final
candidates, then maybe your gripe is justifiable.

But that kind of thinking is purely subjective, particularly without
the benefit of the sources.

What *can* be ascertained as *fact*, is that there are (and have been)
a *hell* of a lot of exploits on the Windows platform, and those
exploits have created a multi-billion dollar industry which exists
purely to mitigate against those exploits. How much responsibility is
delegated to whom, is another question, that can probably never be
answered satisfactorily.

> The Erik quote in my .sig is there to show just what a MS apologist
> he is. It is an absurd statement

It is blatantly wrong; but then maybe I'm simply misinterpreting his
meaning.

> but he knows MS SW is incredibly bug ridden and full of security
> vulnerabilities. Hence to make MS look not so bad he makes such
> statements.

Like I said, I missed the original thread, but if he's using his
"binary condition" statement to enforce the idea that Linux security
is as big a problem as Windows security, then the statistics do not
bare out that assertion. It theoretically *could* become as big a
problem (no such thing as a sure thing), but IMHO if exploits rose to
that level, then by comparison Windows would have been completely
overrun by exploits by that time (a question of degrees).

> As for MS's onecare, that is just daylight robbery. I have little
> sympathy for the anti-virus companies as they have probably done
> more to prolong the dominance of the Windows crap. Now MS want to
> kill them off as they see a great earner from a product that
> attempts to cover the weaknesses of their, insecure by design, OS.

That is one interpretation, and it has crossed my mind more than once.

-- 
K.
http://slated.org - Slated, Rated & Blogged

.----
| Mastery of UNIX, like mastery of language, offers real freedom.
| The price of freedom is always dear, but there's no substitute.
| Personally, I'd rather pay for my freedom than live in a bitmapped,
| pop-up-happy dungeon like NT.
|
| -- Thomas Scoville, Performance Computing
`----

Fedora Core release 5 (Bordeaux) on sky, running kernel 2.6.16-1.2133_FC5
 03:25:39 up 112 days,  3:42,  3 users,  load average: 0.55, 0.38, 0.43

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index