Full Disclosure mailing list archives
Re: Support the Sasser-author fund started
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 18 May 2004 12:39:46 +1200
"Shane C. Hage" to Bill Royds:
I agree with most of your statements below.
Well, actually, he was wrong if you consider the NT family of OSes starting in about 1993-4 (true, OOTB they were configured to be "fully Win 3.x compatible" -- that is, with all security disabled/dumbed down -- but the underlying architecture design at least met most of the minimum criteria for C2...).
... However, with competing operating systems such as those you mentioned below plus OS/2 and Apple Macintosh in the 1980's, the business leaders and consumers chose Windows. I think people forget that Microsoft must have filled a gap that these other operating systems didn't. ...
They beat OS/2 on installation ease (_great_ OS, dog of an install, even on some IBM hardware) and Apple by running on "any old crud" (and therefore very cheap) hardware (and the market size then contributed further to the PC harder getting much cheaper, much faster than Apple would allow/could match) with its proprietary hardware/OS lock-in.
... How can we blame Microsoft for capitalizing on the need at the time?
"Need"? They sold completely insecurable products into large -- real large; I recall Ford being "poster boy" for _Win95_ fercrissakes -- markets to make sure they got market penetration, when (if they had any integrity or could have been at all objective about the product they'd either have pushed NT _or not even tried_ for the sale). Of course, some folk at Ford and many other large corporates that made the same mistake have a lot to answer for too...
When the Internet revolution started, there was no way to predict the magnitude that a malicious program could have across the world. ...
Bollox -- the Morris Worm had already showed us what could be achieved. Are we really so dense that we need weekly to monthly replays on a slightly different scale, and with slightly different attack vectors, before we can learn anything from such "attacks"? Or did the all-out greed fuelled by the contemporaneous dot-com bubble cloud some folks' judgement?
... Sure, Microsoft is playing catch-up with security. They are just filling the gap in their own products now.
The trouble with that approach is that there is just not enough spackle in the world for them to achieve that goal any time soon. So, what do they do? What they've always done -- continuing with "business as usual"; spin, spin, spin. Seems to have worked for you... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Support the Sasser-author fund started, (continued)
- Re: Support the Sasser-author fund started fd (May 16)
- Re: Support the Sasser-author fund started Seth Alan Woolley (May 16)
- Re: Support the Sasser-author fund started scosol () scosol org (May 16)
- Re: Support the Sasser-author fund started Georgi Guninski (May 16)
- Re: Support the Sasser-author fund started scosol () scosol org (May 17)
- RE: Support the Sasser-author fund started Bill Royds (May 16)
- Re: Support the Sasser-author fund started Shane C. Hage (May 17)
- Re: Support the Sasser-author fund started James Riden (May 17)
- Re: Support the Sasser-author fund started Stormwalker (May 17)
- Re: Support the Sasser-author fund started Valdis . Kletnieks (May 17)
- Re: Support the Sasser-author fund started Nick FitzGerald (May 17)
- Re: Support the Sasser-author fund started Valdis . Kletnieks (May 17)
- Re: Support the Sasser-author fund started Nick FitzGerald (May 18)
- Re: Support the Sasser-author fund started Alexander Schreiber (May 17)
- Re: Support the Sasser-author fund started Nick FitzGerald (May 18)
- Re: Support the Sasser-author fund started Alexander Schreiber (May 18)
- RE: Support the Sasser-author fund started Bill Royds (May 17)
- Re: Support the Sasser-author fund started Ondrej Krajicek (May 17)
- Re: Support the Sasser-author fund started Valdis . Kletnieks (May 17)
- Re: Support the Sasser-author fund started Ondrej Krajicek (May 17)
- Re: Support the Sasser-author fund started Valdis . Kletnieks (May 17)