__/ [ BearItAll ] on Wednesday 02 May 2007 08:48 \__
> BC wrote:
>
>> On May 1, 12:44 pm, Doug Mentohl <doug_ment...@xxxxxxxxxxxxx> wrote:
>>> 'I have found the code quality, at least in terms of security, to be
>>> much better overall in Vista than Mac OS X 10.4. It is obvious from
>>> observing affected components in security patches that Microsoft's
>>> Security Development Lifecycle (SDL) has resulted in fewer
>>> vulnerabilities in newly-written code. I hope that more software vendors
>>> follow their lead in developing proactive software security development
>>> methodologies'
>>>
>>>
>
http://snipurl.com/1ixlchttp://www.computerworld.com/action/article.do?command=viewArticleBas...
>>
>> Yeah, right:
>>
>
http://www.betanews.com/article/Vista_Can_Be_Taken_Down_by_an_Animated_Cursor/1175201875
>>
>> -BC
>
> I wouldn't have believed that was still there. In Win98 if you ran your
> mouse in little circles it would after a few seconds over run the buffer
> and crash the system. It was particularly effective at startup time when
> the system was still busy setting everything up.
>
> But then the memory bug is still there too. Where the system takes a tiny
> amount of ram everytime any office is opened and then closed again, and
> never gives it back. More noticeable in 1M machines. These days of very
> large ram it isn't really noticable, which is presumably why MS are
> ignoring it. But that too is a vulnerability because it is a portion of ram
> that is neither owned by the system nor by any application. You can do a
> lot in 3k of ram.
The author of the article may be trying to stand out from the crowd in order
to find an audience.
The Myth of Apple's Insecurities
,----[ Quote ]
| Microsoft OSes began with no security. Windows 95 through ME had
| varying levels of front-end password-based security bolted on at
| some point, but it was hardly layered through the entire OS like
| UNIX. They weren't multi-user environments so interprocess security
| wasn't seen as an issue, and remote exploits were all over the place
| since they weren't built for network use.
|
| [...]
|
| As Henry Spencer said, "Those who don't understand UNIX are
| condemned to reinvent it, poorly."
`----
http://weblog.infoworld.com/venezia/archives/011187.html
Despite Vulnerabilities, Apple's Mac OS X Weathers The Security Storm
,----[ Quote ]
| I still think the Mac is safer than Windows. It has a reduced
| threat environment.
|
| [...]
|
| Marius van Oers, a virus research engineer at McAfee, posted a blog last
| week that showed there are more than 236,000 pieces of malware "in the
| wild." The vast majority are aimed at the Windows environment. Only about
| 700 are meant for the various Unix/Linux distributions, van Oers wrote. How
| many are for the Mac OS X platform? Seven or less, he said, calling
| the threat "pretty much non-existent at the moment."
`----
http://news.yahoo.com/s/cmp/20070331/tc_cmp/198701479;_ylt=A9G_RwQ7URBGdGkAoQAjtBAF
2006 Operating System Vulnerability Summary
,----[ Quote ]
| As far as "straight-out-of-box" conditions go, both Microsoft's
| Windows and Apple's OS X are ripe with remotely accessible
| vulnerabilities.
|
| [...]
|
| The UNIX and Linux variants present a much more robust
| exterior to the outside. Even when the pre-configured server
| binaries are enabled, each system generally maintained its
| integrity against remote attacks.
`----
http://www.omninerd.com/2007/03/26/articles/74
Linux vs. Windows: Which is Most Secure?
,----[ Quote ]
| True to UNIX.
| Qualitative score: Windows gets a D+ while Linux gets an A-.
| "Bummer of a birthmark"
| Qualitative score: Windows gets an F while Linux gets an A.
| User data confidentiality.
| Qualitative score: Windows gets a B- while Linux gets a B+.
| Patch practices
| Qualitative score: Windows gets an A- while Linux gets a B+.
`----
http://www.esecurityplanet.com/views/article.php/3665801
Linux Security: A Big Edge Over Windows
,----[ Quote ]
| Linux is better at locking down a computer than Windows. The Linux OS
| uses configuration settings and user permissions to a much more
| efficient degree than the Windows administrator account. To do
| this, non-enterprise users should seek help from third-party
| security suites that serve as configuration managers, James
| Bottomley, chief technology officer of SteelEye Technology said.
`----
http://www.linuxinsider.com/rsstory/54742.html
Security Report: Windows vs Linux
,----[Executive summary ]
| Finally, we also include a brief overview of relevant conceptual
| differences between Windows and Linux, to offer an insight into why
| Windows tends to be more vulnerable to attacks at both server and desktop,
| and why Linux is inherently more secure
`----
http://www.theregister.co.uk/security/security_report_windows_vs_linux/
The problems with Vista laid bare - What might have been
,----[ Quote ]
| ...the trick that XP misses is that you must compel all ordinary
| users to have restricted, non-admin accounts. You make it impossible
| - or at least really hard - for normal accounts to have super-user
| powers. Ordinary users can see their own files, but not each other's
| or the protected ones of the OS itself, and they can't touch anything
| that might cause problems.
|
| [...]
|
| It's never going to happen now - it's too late for Vista, and after
| this, there will probably never be such a big change in Windows again,
| until it's replaced with something new.
|
| But here's a fun thought. What if Microsoft were held legally
| responsible for all those vulnerable, insecure Windows
| installations out there?
`----
http://www.theinquirer.net/default.aspx?article=38419
Why Windows is less secure than Linux
,----[ Quote ]
| Windows is inherently harder to secure than Linux. There I said
| it. The simple truth.
|
| Many millions of words have been written and said on this topic.
| I have a couple of pictures.
`----
http://blogs.zdnet.com/threatchaos/?p=311
Linux more secure than Windows, national survey shows
,----[ Quote ]
| In its first annual Security Issues Survey for the debut of the Software
| Security Summit conference in La Jolla, California, BZ Research polled
| 6,344 software development managers about the security of different popular
| enterprise operating environments and Linux and open source consistently
| topped Microsoft Windows, according to respondents.
`----
http://www.xomba.com/linux_more_secure_than_windows_national_survey_shows
Microsoft Windows: Insecure by Design
http://www.washingtonpost.com/ac2/wp-dyn/A34978-2003Aug23?language=printer
If Only We Knew Then What We Know Now About Windows XP
,----[ Quote ]
| You can think of Windows XP as a house with a second floor built of
| spackle, wood filler and duct tape.
`----
http://www.washingtonpost.com/wp-dyn/content/article/2006/09/23/AR2006092300510.html?nav=rss_technology
Why Windows is a security nightmare.
http://www.smh.com.au/articles/2004/05/21/1085120110704.html
The Structural Failures of Windows
http://www.theinquirer.net/default.aspx?article=15305
The feds weigh in on Windows security
,----[ Quote ]
| "The benefits of this move are enormous: Common, secure configurations
| can help slow botnet spreading, can radically reduce delays in patching,
| can stop many attacks directly, and organizations that have made the
| move report that it actually saves money rather than costs money,"
| Paller wrote.
`----
http://news.zdnet.com/2100-1009_22-6172158.html
Windows animated cursor flaw--150 sites infected
,----[ Quote ]
| There's a new Microsoft Windows vulnerability being exploited
| across the Internet on over 150 Web sites. The vulnerability is
| caused by an unspecified error in the way Windows 2000, XP, and
| Vista handles animated cursors.
`----
http://news.zdnet.com/2100-1009_22-6172440.html
Microsoft Patches Not One, But Three Vista Holes
,----[ Quote ]
| Microsoft today released an update for the recently popular 'animated
| cursor' vulnerability. The update was originally scheduled for April
| 10th, but due to recent exploits, was rushed out today. The update
| wasn't just for this one vulnerability though, in Vista, it addressed two
| others, and in all covered seven vulnerabilities in Vista, XP and
| 2000.
`----
http://itsvista.com/2007/04/microsoft-patches-not-one-but-three-vista-holes/
Insecure when run on Vista, thanks to symbolic links
,----[ Quote ]
| I was surprised to learn a few weeks ago that Vista added symlink support
| to Windows. Whereas I found people rejoicing at the new feature, I
| anticipate with dread a number of vulnerability announcements in
| products that worked fine under XP but are now insecure in the
| presence of symlinks in the file system.
`----
http://www.cerias.purdue.edu/weblogs/pmeunier/general/post-85/
Why is Microsoft hell-bent on ruining its reputation?
,----[ Quote ]
| Microsoft had multiple chances to release a patch for the ANI
| (Animated Cursor) Exploit in the months of January, February,
| and March but failed to release any patches for the vulnerability
| that was originally disclosed privately to Microsoft on December
| 20, 2006. Now we're getting an emergency patch today, one week
| before the regular patch cycle, and Microsoft seems to think
| that this is a success story on its "quick" response to this
| zero-day exploit.
`----
http://blogs.zdnet.com/Ou/?p=460
Hackers offer subscription, support for their malware
,----[ Quote ]
| And many exploit providers simply wait for Microsoft's monthly
| patches, which they then reverse engineer to develop new exploit
| code against the disclosed vulnerabilities, Ollmann said.
|
| "All you've got to do is just subscribe to them on a monthly
| basis," Ollmann said. "The going rate is about $20."
`----
http://www.computerworld.com.au/index.php/id;838771320;fp;16;fpid;0
Experts say Microsoft should consider change in patching process
,----[ Quote ]
| Several security experts criticized Microsoft this week for not
| releasing a fix earlier for the Windows ANI flaw, calling for the
| company to reassess the way it handles critical patches.
`----
http://www.scmagazine.com/us/news/article/649115/experts-say-microsoft-consider-change-patching-process/
http://tinyurl.com/2felu2
6 Patches on Critical Update for Windows XP: KB925902
,----[ Quote ]
| It wasn't just for this one vulnerability for XP, it addressed five
| more, and in all it covers seven vulnerability for 2000, XP SP2,
| Server 2003, and Vista.
`----
http://donalyza.wordpress.com/2007/04/04/6-patches-for-critical-update-for-windows-xp-kb925902/
http://tinyurl.com/yt7y95
--
~~ Best regards
Roy S. Schestowitz | "In hell, treason is the work of angels"
http://Schestowitz.com | GNU/Linux ¦ PGP-Key: 0x74572E8E
Mem: 514480k total, 480868k used, 33612k free, 5236k buffers
http://iuron.com - next generation of search paradigms
|
|
