Full Disclosure mailing list archives
Counseling not to use Windows (was Re:Anonymoussurfing my ass\!)
From: full-disclosure () lists netsys com (David F. Skoll)
Date: Mon, 15 Jul 2002 18:39:27 -0400 (EDT)
On Mon, 15 Jul 2002, Schmehl, Paul L wrote:
Well, that's very good. How about .exe?If they're attachments, they bounce at the mail gateway.
Me, too. But that's a band-aid fix. Miserable design decisions on Microsoft's part have made e-mail responsible for spreading malicious executable content. In 1980, e-mail was plain text and totally safe. There is simply *no excuse* for having to scan e-mail at gateways -- it should *never* have been a problem in the first place.
Yes, it is. How much work is it to set all this up?Very easy. A few points and clicks in the admin's interface deploys the policy to the whole domain.
OK. Didn't know that. [snip]
I think you're taking anecdotal evidence to condemn Windows unnecessarily.
Please see http://www.roaringpenguin.com/graphs.php3 Cracked Windows boxes are so much of a problem that they've become background noise on the Internet.
Just because Code Red ran around the world in short order doesn't *necessarily* mean the OS is flawed. It could mean the *philosophy* is flawed or the training is flawed or the admins are flawed. Remember, Unix admins have 30 years of experience under their belts telling them what is good security practice and what is not. Windows admins have 10? Maybe?
That's not really an excuse. UNIX was never really designed with security in mind, and in fact until recently, UNIX boxes were pretty insecure. (And many commercial UNIXes still are.) The difference is that most UNIX faults were implementation errors which could be fixed without radically altering the OS (at least from the user's perspective.) Many Windows problems can't be fixed without changing the fundamental nature of the system. [snip]
You have to remember that, for a business to switch from MS to *nix takes not only a huge shift in thinking on the part of management and users but also *wholesale* changes in the IT staff.
Or wholesale retraining. It's not easy. That's why it's a long-term strategic goal and not a short-term answer to security problems. -- David.
Current thread:
- Counseling not to use Windows (was Re:Anonymoussurfing my ass\!) Schmehl, Paul L (Jul 15)
- Counseling not to use Windows (was Re:Anonymoussurfing my ass\!) David F. Skoll (Jul 15)
- Korean Spam [Was: Counseling not to use Windows (was Re:Anonymoussurfing my ass\!)] Roland Postle (Jul 15)
- Counseling not to use Windows (was Re:Anonymoussurfing my ass\!) David F. Skoll (Jul 15)