Schneier: Bad news is good news, not so for security
,----[ Quote ]
| While the media bombards consumers with frightening stories, discussions
| about security are thwarted by the failure of language to separate
| the "feeling" and "reality" of security, says security guru Bruce Schneier.
|
| [...]
|
| Although the media's treatment of events could be held responsible for this
| confusion between perception and reality, there is another element at play --
| language, or rather, its failure to accommodate the difference between
| the "feeling" and "reality" of security.
|
| "In effect we have two very different concepts mapped on the same word. And
| this makes a lot of conversations about the feeling and reality of security
| hard to have because our language fails us," he said.
`----
http://www.builderau.com.au/news/soa/Schneir-Bad-news-is-good-news-not-so-for-security-/0,339028227,339285999,00.htm
http://tinyurl.com/2jztv4
Vista: only make believe you're secure because of Microsoft brainwash and
bogus 'findings' based on fake methods.
Related:
2008 kicks off with critical Vista/XP patch
,----[ Quote ]
| Microsoft's first set of security bulletins for 2008 may be slim, but will
| include a fix for a critical vulnerability in XP and Vista.
`----
http://www.itwire.com/content/view/15956/53/
Windows Vista Has Another New Critical Vulnerability
,----[ Quote ]
| One of the updates is considered critical for Windows Vista and XP users
| because the flaw it fixes could be used by attackers to install unauthorized
| software on a victim's computer.
`----
http://www.infoworld.com/article/08/01/03/Microsoft-prepares-two-Windows-security-updates_1.html
http://tinyurl.com/2ls6x4
Critical Vulnerability in Microsoft Metrics
,----[ Quote ]
| This is a small subset of all the vulnerabilities, because the
| vulnerabilities that are found through the QA process and the vulnerabilities
| that are found by the security folks they engage as contractors to perform
| penetration testing are fixed in service packs and major updates. For
| Microsoft this makes sense because these fixes get the benefit of a full test
| pass which is much more robust for a service pack or major release than it is
| for a security update.
`----
http://blog.mozilla.com/security/2007/11/30/critical-vulnerability-in-microsoft-metrics/
http://antitrust.slated.org/www.iowaconsumercase.org/011607/3000/PX03096.pdf
Skeletons in Microsoft’s Patch Day closet
,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions.
`----
http://blogs.zdnet.com/security/?p=316
Beware of undisclosed Microsoft patches
,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?
`----
http://blogs.zdnet.com/microsoft/?p=527
Microsoft is Counting Bugs Again
,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
|
| [...]
|
| The point: Don't count on security flaw counting. The real flaw is
| the counting.
`----
http://www.microsoft-watch.com/content/security/microsoft_is_counting_bugs_again.html?kc=MWRSS02129TX1K0000535
Microsoft is Stupid, Apple is Not
,----[ Quote ]
| If you take a look at the history of OS design by each company, it's pretty
| clear why this is so. Microsoft has historically made an unreliable, ugly,
| and highly insecure operating system based on its own spaghetti/Swiss cheese
| code. This is no secret to anyone who has followed the industry or even used
| Windows on a daily basis. If you are a Windows users you MUST have
| spyware/virus/malware prevention software or, sooner or later, your machine
| is going to get nailed.
|
| It isn't Microsoft bashing to say any of this, it's just the truth for
| Windows users each day of their computing lives.
`----
http://www.extremetech.com/article2/0,1697,2257007,00.asp
Why Linux is More Secure Than Windows
,----[ Gist ]
| Much better patch management tools...
|
| Much stronger default configuration...
|
| Modular Design...
|
| Better tools to protect against zero-day attacks...
|
| Open Source Architecture...
|
| Diverse Environment...
`----
http://freewebsoftwarereviews.blogspot.com/2007/12/why-linux-is-more-secure-than-windows.html
Linux Security: A Big Edge Over Windows
http://www.linuxinsider.com/rsstory/54742.html
The problems with Vista laid bare - What might have been
http://www.theinquirer.net/default.aspx?article=38419
Why Windows is less secure than Linux
http://blogs.zdnet.com/threatchaos/?p=311
Microsoft Windows: Insecure by Design
http://www.washingtonpost.com/ac2/wp-dyn/A34978-2003Aug23?language=printer
If Only We Knew Then What We Know Now About Windows XP
http://www.washingtonpost.com/wp-dyn/content/article/2006/09/23/AR2006092300510.html?nav=rss_technology
Why Windows is a security nightmare.
http://www.smh.com.au/articles/2004/05/21/1085120110704.html
The Structural Failures of Windows
http://www.theinquirer.net/default.aspx?article=15305
|
|
