This is a multi-part message in MIME format.
------=_NextPart_000_002A_01C38958.74C4FCA0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Well it's happened. Someone has filed suit against Microsoft for =
failing to design an operating system that is impenetrable.
I'm not an attorney but I'll venture a guess that the suit has a =
snowball's chance in hell of being successful. After all we who use =
windows software don't actually own it, we merely lease it. Before we =
have access to the software we have to accept an agreement releasing =
Microsoft from any problems. =20
But it got me to thinking, which then fired up my curiosity. So I =
checked out Microsoft's financials. For the year ended June 30, 2003 =
Microsoft earned after taxes $9.993 billion. The year that ended in =
June 30, 2002 they earned $7.829 billion. If they had taken the =
increase in earnings between the two years and split it in half ($1.082 =
billion dollars). Took and hired about 15,000 talented hackers (working =
40 to 50 hours a week just looking for Windows weak spots) for salary =
and benefits equal to $70,000/year and spent the other half of the =
income increase on housing and equipping those hackers. They could have =
probably discovered and plugged all those leaks in their software =
packages that enable viruses to play havoc with the internet system. =20
Unfortunately I haven't figured out how Microsoft could contain those =
few employees who found a weak spot and then released that information =
to outside hackers and virus developers. =20
Ramblings from a person perpetually disappointed in Microsoft's quality.
Jim
------=_NextPart_000_002A_01C38958.74C4FCA0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1226" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D4>
<DIV><FONT face=3DArial size=3D4>Well it's happened. Someone has =
filed suit=20
against Microsoft for failing to design an operating system that is=20
impenetrable.</FONT></DIV>
<DIV><FONT face=3DArial size=3D4></FONT> </DIV>
<DIV><FONT face=3DArial size=3D4>I'm not an attorney but I'll venture a =
guess that=20
the suit has a snowball's chance in hell of being successful. =
After all we=20
who use windows software don't actually own it, we merely lease =
it. Before=20
we have access to the software we have to accept an agreement releasing=20
Microsoft from any problems. </FONT></DIV>
<DIV><FONT face=3DArial size=3D4></FONT> </DIV>
<DIV><FONT face=3DArial size=3D4>But it got me to thinking, which then =
fired up my=20
curiosity. So I checked out Microsoft's financials. For the =
year=20
ended June 30, 2003 Microsoft earned after taxes $9.993 billion. =
The year=20
that ended in June 30, 2002 they earned $7.829 billion. If they =
had taken=20
the increase in earnings between the two years and split it in half =
($1.082=20
billion dollars). Took and hired about 15,000 talented hackers =
(working 40=20
to 50 hours a week just looking for Windows weak spots) for salary and =
benefits=20
equal to $70,000/year and spent the other half of the income increase on =
housing=20
and equipping those hackers. They could have probably discovered =
and=20
plugged all those leaks in their software packages that enable viruses =
to play=20
havoc with the internet system. </FONT></DIV>
<DIV><FONT face=3DArial size=3D4></FONT> </DIV>
<DIV><FONT face=3DArial size=3D4>Unfortunately I haven't figured out how =
Microsoft=20
could contain those few employees who found a weak spot and then =
released that=20
information to outside hackers and virus developers. </FONT></DIV>
<DIV><FONT face=3DArial size=3D4></FONT> </DIV>
<DIV><FONT face=3DArial size=3D4>Ramblings from a person perpetually =
disappointed in=20
Microsoft's quality.</FONT></DIV>
<DIV><FONT face=3DArial size=3D4></FONT> </DIV>
<DIV><FONT face=3DArial =
size=3D4>Jim</FONT></DIV></FONT></DIV></BODY></HTML>
------=_NextPart_000_002A_01C38958.74C4FCA0--
<[email protected]> wrote in message news:[email protected]...
> "Leon" <[email protected]> wrote:
>
> >"Jim" <[email protected]> wrote in message
> >news:[email protected]...
> >Well it's happened. Someone has filed suit against Microsoft for failing
to
> >design an operating system that is impenetrable.
>
> How about an OS that isn't wide open ootb?
What, like Linux?
Oh, wait, that's got the same problem.
My *ONE* Linux box has been infected once. All my windows boxes, together,
have been infected a total of ONCE.
--randy
It will likely fail ... the US has the finest justice system money can buy.
--
www.e-woodshop.net
Last update: 9/21/03
"Scott Lurndal" wrote in message
> "Leon" <[email protected]> writes:
> >
> >"Jim" <[email protected]> wrote in message
> >news:[email protected]...
> >>Well it's happened. Someone has filed suit against Microsoft for
failing to
> >>design an operating system that is impenetrable.
> >
> >>I'm not an attorney but I'll venture a guess that the suit has a
snowball's
> >>chance in hell of being successful.
> >
> >Let's hope it has no chance of winning... If they do win against
Microsoft,
> >car manufacturers will have a tough time also... You know, all those
other
> >cars that run into your car and damage it.
>
> Your analogy is correct, but your conclusion isn't. Automobile
manufacturers
> are sued, and recall their product, fairly often due to intrinsic defects.
>
> Microsoft code contains intrinsic defects (lack of separation of
privilege,
> allows executable content in email, buffer overflows in system software,
> autorun macros in word documents, logic errors in software (executing
email
> content without user intervention)
> which enable the propogation of virii and worms.
>
> It's not so certain that the lawsuit will fail.
Leon wrote:
> A tow truck can still just as easily take a car away with out setting off
> the alarm..
There are alarm systems that would prevent this, proximity sensor, motion/tilt
detectors. etc., but unless the car is in your driveway who pays attention to
auto alarms anymore?
--
Jack Novak
Buffalo, NY - USA
While there's truth to the premise that hackers attack MS because it's
in such widespread use, there are additional problems inherant in the
OS that are probablly known to MS but not corrected/handled because
they choose to focus on "features" rather than a robust foundation.
To continue with your analogy, MS OS's are like a house with several
windows left open. IOW, the nature of the lock, if any is irrelevant
cause the window's wide open inviting all would be hackers welcome
entry.
Renata
On Mon, 06 Oct 2003 16:03:13 GMT, "Leon"
<[email protected]> wrote:
> Regardless of the quality of the lockset, if it were used in 95% of all
>doors as Windows is used in 95% of all OS's, they too would be quite
>vunderable. If Apple had say 25% of the market, it too would be having
>problems with hackers also. The problem with the Microsoft OP is that most
>all computers run on it and all the hackers get more mileage from learning
>to hack an OS that is on 95% of their targets.
>And, going back to the superior lock train of thought, just like the MS OS,
>burglars and hackers will find another way to enter the house. Through a
>window or a soft exterior wall.
>
>I would be willing to bet that even if MS did try to build a better mouse
>trap, it would only be a short time before it was hacked also. If this were
>a reasonable doable task, all the after market firewalls and virus programs
>would work perfectly with out having to be constantly updated also.
>
>
"K.-Benoit Evans" <[email protected]>
>
> Saying that MS stuff works fine until it is hacked or infected is a
> copout. If you bought a purported state-of-the-art lockset for your
> front door and your house was broken into by thieves or murderers
> because the lock had a design defect that allowed it to be opened simply
> by sticking a toothpick in the keyhole, I suspect you would try to hold
> the lockmaker responsible.
Regardless of the quality of the lockset, if it were used in 95% of all
doors as Windows is used in 95% of all OS's, they too would be quite
vunderable. If Apple had say 25% of the market, it too would be having
problems with hackers also. The problem with the Microsoft OP is that most
all computers run on it and all the hackers get more mileage from learning
to hack an OS that is on 95% of their targets.
And, going back to the superior lock train of thought, just like the MS OS,
burglars and hackers will find another way to enter the house. Through a
window or a soft exterior wall.
That kind of insecurity is expected in the
> lock on a three dollar diary. It is intolerable on a top-of-the-line
> entry door lock.
>
> Until consumer and legislative pressure is brought to bear on
> Micro$loth, they will continue to rush product to market, hope for the
> best and then publish a patch when a problem arises.
I would be willing to bet that even if MS did try to build a better mouse
trap, it would only be a short time before it was hacked also. If this were
a reasonable doable task, all the after market firewalls and virus programs
would work perfectly with out having to be constantly updated also.
That too... ;~)
About 10 years ago, I witnessed a repo man in action in out neighborhood..
I heard a car alarm go off 1 street over and about 30 seconds later the
sound of skidding tires... A tow truck came around the corner pulling a car
with its alarm going off and rear wheels locked up and skidding. The tow
truck dropped the car in the middle of the street, turned around and picked
up the rear end of the car and left. I was the only one that noticed....
"Nova" <[email protected]> wrote in message
news:[email protected]...
> Leon wrote:
>
> > A tow truck can still just as easily take a car away with out setting
off
> > the alarm..
>
> There are alarm systems that would prevent this, proximity sensor,
motion/tilt
> detectors. etc., but unless the car is in your driveway who pays attention
to
> auto alarms anymore?
>
> --
> Jack Novak
> Buffalo, NY - USA
>
>
So, when is the K.-Benoit Evans operating system supposed to come out? Have
you set a price yet? It's impervious to anything, right? Should be great,
just install and start using. No worries about security, that has all been
taken care of.
"K.-Benoit Evans" <[email protected]> wrote in message
news:[email protected]...
"Mark & Juanita" <[email protected]> > >
>
> Leon,
>
> I think a closer analogy would be if auto manufacturers continued
> to manufacture cars with very weak, easily jimmied locks and very easily
> hotwired ignitions. Continued manufacture of such products and applying
> band-aids instead of robust fixes would most certainly get the auto
> mfg's sued, if not by consumers, then by insurance companies covering
> claims for stolen vehicles.
>
> I realize that breaking into cars is not impossible, but the
> casual thief is more or less deterred, even more so with the addition of
> an alarm system to the vehicle.
A tow truck can still just as easily take a car away with out setting off
the alarm..
I totally agree.
"Leon" <[email protected]> wrote in message
news:[email protected]...
>
> Well perhaps not, but I am on DSL and have been for 4 or so years and my
> computer is on 15 hours a day. I have never been down for more than 5
> minutes because of anything that I have down loaded, opened, or read.
While
> many bash Microsoft because they may or may not have taken enough
> precautions to take care of their own security, the end user is always
> ultimately responsible for his own security. Personally I can easily live
> with the risks and use the 3rd party software to cover the holes that
> Microsoft missed but I value more the flexibility and ease of use that
> Microsoft offers over the competition.
>
>
"Scott Lurndal" <[email protected]> wrote in message >
> Your analogy is correct, but your conclusion isn't. Automobile
manufacturers
> are sued, and recall their product, fairly often due to intrinsic defects.
>
> Microsoft code contains intrinsic defects (lack of separation of
privilege,
> allows executable content in email, buffer overflows in system software,
> autorun macros in word documents, logic errors in software (executing
email
> content without user intervention)
> which enable the propogation of virii and worms.
IMHO Microsoft's OS works fine until it is infected or hacked, much like a
car is fine until some one runs into it.
"Fred the Red Shirt" <[email protected]
>
> Remember when the 'Join the Crew' email virus was an urban legend and
> sysadmins had to periodicallly remind their users that you cannot get
> a virus just by reading email? MS changed that, and not for the better.
Well perhaps not, but I am on DSL and have been for 4 or so years and my
computer is on 15 hours a day. I have never been down for more than 5
minutes because of anything that I have down loaded, opened, or read. While
many bash Microsoft because they may or may not have taken enough
precautions to take care of their own security, the end user is always
ultimately responsible for his own security. Personally I can easily live
with the risks and use the 3rd party software to cover the holes that
Microsoft missed but I value more the flexibility and ease of use that
Microsoft offers over the competition.
In article <[email protected]>, "Jim" <[email protected]> wrote:
>This is a multi-part message in MIME format.
>
>------=_NextPart_000_002A_01C38958.74C4FCA0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: quoted-printable
Please don't post HTML to newsgroups.
See http://www.houghi.org
--
Regards,
Doug Miller (alphageek-at-milmac-dot-com)
"Jim" <[email protected]> wrote in message
news:[email protected]...
Well it's happened. Someone has filed suit against Microsoft for failing to
design an operating system that is impenetrable.
I'm not an attorney but I'll venture a guess that the suit has a snowball's
chance in hell of being successful.
Let's hope it has no chance of winning... If they do win against Microsoft,
car manufacturers will have a tough time also... You know, all those other
cars that run into your car and damage it.
"Leon" <[email protected]> writes:
>
>"Jim" <[email protected]> wrote in message
>news:[email protected]...
>>Well it's happened. Someone has filed suit against Microsoft for failing to
>>design an operating system that is impenetrable.
>
>>I'm not an attorney but I'll venture a guess that the suit has a snowball's
>>chance in hell of being successful.
>
>Let's hope it has no chance of winning... If they do win against Microsoft,
>car manufacturers will have a tough time also... You know, all those other
>cars that run into your car and damage it.
Your analogy is correct, but your conclusion isn't. Automobile manufacturers
are sued, and recall their product, fairly often due to intrinsic defects.
Microsoft code contains intrinsic defects (lack of separation of privilege,
allows executable content in email, buffer overflows in system software,
autorun macros in word documents, logic errors in software (executing email
content without user intervention)
which enable the propogation of virii and worms.
It's not so certain that the lawsuit will fail.
scott
>
>
[email protected] (Scott Lurndal) wrote in
news:[email protected]:
> "Leon" <[email protected]> writes:
>>
>>"Jim" <[email protected]> wrote in message
>>news:[email protected]...
>>>Well it's happened. Someone has filed suit against Microsoft for
>>>failing to design an operating system that is impenetrable.
>>
>>>I'm not an attorney but I'll venture a guess that the suit has a
>>>snowball's chance in hell of being successful.
>>
>>Let's hope it has no chance of winning... If they do win against
>>Microsoft, car manufacturers will have a tough time also... You know,
>>all those other cars that run into your car and damage it.
>
> Your analogy is correct, but your conclusion isn't. Automobile
> manufacturers are sued, and recall their product, fairly often due to
> intrinsic defects.
>
Not exactly the same thing though. Auto manufacturers sell their product.
Microsoft licenses their's. Those licensing agreements are designed to
insulate them from liability and they have been quite successful in that
regard.
> Microsoft code contains intrinsic defects (lack of separation of
> privilege, allows executable content in email, buffer overflows in
> system software, autorun macros in word documents, logic errors in
> software (executing email content without user intervention)
> which enable the propogation of virii and worms.
>
> It's not so certain that the lawsuit will fail.
Certain.. No.. Unlikely.. Quite Unless there can be a class established.
As it is at the moment this is an individual suit. There is little chance
that this individual has the financial resources to mount a successful
suit, let alone demonstable damages sufficient to make it worth the
effort. IF a class could be certified and IF it were large enough, then
the potential damages could be signicant enough to hire and sustain an
adequate challenge.. And that's all supposing that you could even make
the case that they (Microsoft) not the virus writers are liable. In the
event of EVERY major virus attack or vulnerability of a microsoft product
there has been a patch that was publicly available prior to the event. In
most cases the patch was available for weeks or even months but users and
sysadmins failed to patch their systems.
That's alot of ifs. I'd put my money on the evil empire on this one.
>
> scott
>
>>
>>
Doug Winterburn spaketh...
> Here's an interesting article on the shortcomings of Windows security:
It's because all the virus/worm/trojan writers are Linux users trying to
discredit Microsoft.
The reason it is even an issue is that most Windows users have not been
educated about securing their OS. Linux users are more computer savvy as a
rule and keep the security holes patched. It isn't about which has the most
bugs, they are about the same.
--
McQualude
In article <[email protected]>,
[email protected] says...
>
> "Scott Lurndal" <[email protected]> wrote in message >
> > Your analogy is correct, but your conclusion isn't. Automobile
> manufacturers
> > are sued, and recall their product, fairly often due to intrinsic defects.
> >
> > Microsoft code contains intrinsic defects (lack of separation of
> privilege,
> > allows executable content in email, buffer overflows in system software,
> > autorun macros in word documents, logic errors in software (executing
> email
> > content without user intervention)
> > which enable the propogation of virii and worms.
>
> IMHO Microsoft's OS works fine until it is infected or hacked, much like a
> car is fine until some one runs into it.
>
Leon,
I think a closer analogy would be if auto manufacturers continued
to manufacture cars with very weak, easily jimmied locks and very easily
hotwired ignitions. Continued manufacture of such products and applying
band-aids instead of robust fixes would most certainly get the auto
mfg's sued, if not by consumers, then by insurance companies covering
claims for stolen vehicles.
I realize that breaking into cars is not impossible, but the
casual thief is more or less deterred, even more so with the addition of
an alarm system to the vehicle.
Mark & Juanita writes:
> think a closer analogy would be if auto manufacturers continued
>to manufacture cars with very weak, easily jimmied locks and very easily
>hotwired ignitions. Continued manufacture of such products and applying
>band-aids instead of robust fixes would most certainly get the auto
>mfg's sued, if not by consumers, then by insurance companies covering
>claims for stolen vehicles.
Seems like all the big improvements now require the thief carry one more tool,
and take 30-45 seconds longer to open vehicles. When I was a kid, it was
possible to pop the lock and hotwire any vehicle in 60 seconds, often less. So
now, it MIGHT take two minutes. Check car theft figures.
>I realize that breaking into cars is not impossible, but the
>casual thief is more or less deterred, even more so with the addition of
>an alarm system to the vehicle.
A car alarm is extra added equipment that costs more. And if anyone suggests I
buy one, I'll lay a rock upside his head. It takes only a brush to get it
going, and if the car gets brushed, and ignored (and you see people studiously
ignoring car alarms in every large parking lot these days), you're greeted by a
dead battery, which is really a whole lot of fun in today's vehicles where
everything from the door locks to the trunk lids are electrically operated.
Charlie Self
"The income tax has made liars out of more Americans than golf."
Will Rogers
On Sat, 04 Oct 2003 08:41:38 +0000, Charlie Self wrote:
> Mark & Juanita writes:
>
>> think a closer analogy would be if auto manufacturers continued
>>to manufacture cars with very weak, easily jimmied locks and very easily
>>hotwired ignitions. Continued manufacture of such products and applying
>>band-aids instead of robust fixes would most certainly get the auto
>>mfg's sued, if not by consumers, then by insurance companies covering
>>claims for stolen vehicles.
>
> Seems like all the big improvements now require the thief carry one more tool,
> and take 30-45 seconds longer to open vehicles. When I was a kid, it was
> possible to pop the lock and hotwire any vehicle in 60 seconds, often less. So
> now, it MIGHT take two minutes. Check car theft figures.
I don't know if cars with the "smart" keys can be hotwired or not. When
my '83 pickup was stolen, the cops speculated that the perps probably
hauled it away with a tow truck out of my driveway.
-Doug
In article <[email protected]>,
[email protected] says...
> On Sat, 04 Oct 2003 08:41:38 +0000, Charlie Self wrote:
>
> > Mark & Juanita writes:
> >
> >> think a closer analogy would be if auto manufacturers continued
> >>to manufacture cars with very weak, easily jimmied locks and very easily
> >>hotwired ignitions. Continued manufacture of such products and applying
> >>band-aids instead of robust fixes would most certainly get the auto
> >>mfg's sued, if not by consumers, then by insurance companies covering
> >>claims for stolen vehicles.
> >
> > Seems like all the big improvements now require the thief carry one more tool,
> > and take 30-45 seconds longer to open vehicles. When I was a kid, it was
> > possible to pop the lock and hotwire any vehicle in 60 seconds, often less. So
> > now, it MIGHT take two minutes. Check car theft figures.
>
> I don't know if cars with the "smart" keys can be hotwired or not. When
> my '83 pickup was stolen, the cops speculated that the perps probably
> hauled it away with a tow truck out of my driveway.
>
... and Leon ignored it when the truck re-arranged the load on his
street. ;-)
> -Doug
>
"Mark & Juanita" <[email protected]>
>
> ... and Leon ignored it when the truck re-arranged the load on his
> street. ;-)
LOL,,,,, I did approach them and ask for a business card that did match the
truck logo...
Leon responds:
>> ... and Leon ignored it when the truck re-arranged the load on his
>> street. ;-)
>
>
>
>LOL,,,,, I did approach them and ask for a business card that did match the
>truck logo...
>
Hey, hang in there. Ya never know. Just got an e-mail that indicates to me that
Bill Gates is giving away $245 for each time I e-mail the attached goofiness.
Something to do with merging with AOL to take over the Internet, a lawyer says
he has to pay, and on and on. People claiming to have gotten checks for 10K and
more. Amazing. I'd love to see a graphic of the cancelled checks.
This thing has white whiskers it's so old, but people still bite.
Charlie Self
"The income tax has made liars out of more Americans than golf."
Will Rogers
In article <[email protected]>, Nova <[email protected]> wrote:
>Leon wrote:
>
>> A tow truck can still just as easily take a car away with out setting off
>> the alarm..
>
>There are alarm systems that would prevent this, proximity sensor, motion/tilt
>detectors. etc., but unless the car is in your driveway who pays attention to
>auto alarms anymore?
>
And it may be best to ignore it in your driveway, too. Here in Indy this
spring, a young man went outside to investigate when his car alarm went off
around 6am and found two guys trying to steal the custom wheels off of his
car. He confronted them, and one of them shot him to death. It's just a car.
It's not worth risking your life for your stuff.
--
Regards,
Doug Miller (alphageek-at-milmac-dot-com)
"Leon" <[email protected]> wrote in message news:<[email protected]>...
> "Scott Lurndal" <[email protected]> wrote in message >
> > Your analogy is correct, but your conclusion isn't. Automobile
> manufacturers
> > are sued, and recall their product, fairly often due to intrinsic defects.
> >
> > Microsoft code contains intrinsic defects (lack of separation of
> privilege,
> > allows executable content in email, buffer overflows in system software,
> > autorun macros in word documents, logic errors in software (executing
> email
> > content without user intervention)
> > which enable the propogation of virii and worms.
>
> IMHO Microsoft's OS works fine until it is infected or hacked, much like a
> car is fine until some one runs into it.
Cars are not equipped so that any stranger who happens to see the car can
take control away from the driver. Much MS software is so equipped.
There was a time when cars did not have doors, or locks on the doors,
and didn't used keyed- starting systems so that anyone could hop into
the car and drive away. It has been a long time since anyone made cars
like that and if anyone did, they would be considered negligent.
The email software that predated Microsoft's discovery of the internet was
similarly secure and Microsoft came along and made theirs insecure.
I don't expect the lawsuit to get anywhere but that does not excuse MS
for writing and selling software which was wide open to abuse, flaunted
the RFCs etc.
Remember when the 'Join the Crew' email virus was an urban legend and
sysadmins had to periodicallly remind their users that you cannot get
a virus just by reading email? MS changed that, and not for the better.
--
FF
McQualude <[email protected]> wrote in message news:<[email protected]>...
> Doug Winterburn spaketh...
>
> > Here's an interesting article on the shortcomings of Windows security:
>
> It's because all the virus/worm/trojan writers are Linux users trying to
> discredit Microsoft.
>
> The reason it is even an issue is that most Windows users have not been
> educated about securing their OS. Linux users are more computer savvy as a
> rule and keep the security holes patched. It isn't about which has the most
> bugs, they are about the same.
Can you name a LInux-based email client with which it is _ever_ possible
to download a virus by reading email?
How about one that will auto-instal the virus on your computer as soon as
it arrives even if you are not reading email?
The abuse potential of those 'features' was blindingly obvious from the
outset which is why NO ONE ever wrote them into their email clients
before MS did.
--
FF
I am not a MSFT detractor by any means ... mainly because I come from a
computer background before they came on the scene and remember what it was
like in a corporate environment when IBM was the only player in town, but am
increasingly frustrated with their tactics.
It has become a full time, and costly, job keeping up with security issues,
mostly due to the exploiting of their increasingly shoddy coding practices.
Let's just say they don't go out of their way to make it easy, especially
considering some of the recent tpc/ip stack issues/changes that have a lot
more potential to do harm than most realize.
--
www.e-woodshop.net
Last update: 9/21/03
"Leon" wrote in message
> IMHO Microsoft's OS works fine until it is infected or hacked, much like a
> car is fine until some one runs into it.
On Tue, 07 Oct 2003 12:33:12 +0000, Renata wrote:
> While there's truth to the premise that hackers attack MS because it's
> in such widespread use, there are additional problems inherant in the
> OS that are probablly known to MS but not corrected/handled because
> they choose to focus on "features" rather than a robust foundation.
>
> To continue with your analogy, MS OS's are like a house with several
> windows left open. IOW, the nature of the lock, if any is irrelevant
> cause the window's wide open inviting all would be hackers welcome
> entry.
Here's an article that covers the basic issues:
http://www.securityfocus.com/columnists/188
-Doug
In article <[email protected]>,
"CW" <[email protected]> wrote:
> So, when is the K.-Benoit Evans operating system supposed to come out? Have
> you set a price yet? It's impervious to anything, right? Should be great,
> just install and start using. No worries about security, that has all been
> taken care of.
Well, aren't you an snide one. I suggest you do some reading on the
concept and nature of "security holes" in software. We are not talking
about the inevitable imperfections and inherent weaknesses in any human
construction. We are talkinga about major flaws resulting from the
failure of the designer to maintain state-of-the-art control over his
work.
If a physician did likewise, he would be charged with criminal
malpractice.
--
Regards,
Benoit Evans
> > IMHO Microsoft's OS works fine until it is infected or hacked, much like a
> > car is fine until some one runs into it.
> >
It's not just the OS, it is also (and very often) the MS Internet
Explorer Web browser. The real problem and the real danger is the
mono-culture nature of personal computing. MS is almost the only show in
town. Since I'm on a Macintosh, there are very few viruses, worms,
trojan horses, etc. that are a real threat to the security of my system
or the integrity of my programs and data. However, I still pay a high
price in nuisance time because almost everyone else is on the MS Windows
system.
Where I work, a government agency, our systems security people had to
apply FIVE patches to MS Windows 2000 Profession NT in a single week so
that the integrity and security of our Windows network could be
maintained and so that there was no risk that that network could
willfully or inadvertently endanger our main computer and its personal
data on over seven million people.
Take the W32.swen worm that was detected on 18 September. While it is
not a danger to me nor can it use my system to re-mail itself to others,
I am still a victim of the sheer volume of infected e-mail attachments
that flood my mail account. In the last 15 days, I have received 3,615
infected attachments, each one 104 KB long. If I don't download my mail
at least three times a day, I risk reaching my storage limit and having
my ISP start bouncing REAL mail.
For some reason, my ISP did not take measures this time like they did
with the recent SO.big virus--that makes the ISP a part of the problem
too.
Imagine what would happen if almost all cars were a Ford Focus and a
major defect forced the immediate immobilization of all of them until a
fix was made.
Saying that MS stuff works fine until it is hacked or infected is a
copout. If you bought a purported state-of-the-art lockset for your
front door and your house was broken into by thieves or murderers
because the lock had a design defect that allowed it to be opened simply
by sticking a toothpick in the keyhole, I suspect you would try to hold
the lockmaker responsible. That kind of insecurity is expected in the
lock on a three dollar diary. It is intolerable on a top-of-the-line
entry door lock.
Until consumer and legislative pressure is brought to bear on
Micro$loth, they will continue to rush product to market, hope for the
best and then publish a patch when a problem arises.
--
Regards,
Benoit Evans
In article <[email protected]>, McQualude <[email protected]> wrote:
>Doug Winterburn spaketh...
>
>> Here's an interesting article on the shortcomings of Windows security:
>
>It's because all the virus/worm/trojan writers are Linux users trying to
>discredit Microsoft.
Microsoft does a perfectly fine job of bringing discredit upon themselves,
without any outside assistance.
>
>The reason it is even an issue is that most Windows users have not been
>educated about securing their OS. Linux users are more computer savvy as a
>rule and keep the security holes patched. It isn't about which has the most
>bugs, they are about the same.
This lands pretty far from the mark. Microsoft ships Windows in an insecure
configuration by default; they also have not yet figured out how to write code
that is not susceptible to buffer-overflow exploits. AFAIK, Linux does not
have either of those problems.
Steve Gibson has been a lone voice crying in the wilderness on the subject
of WIndows security (or lack thereof) for a long time. He predicted, a year
and a half ago, that this was gonna happen. Read some of what he has to say at
http://grc.com/xpdite/xpdite.htm
http://grc.com/stm/shootthemessenger.htm
http://grc.com/unpnp/unpnp.htm
--
Regards,
Doug Miller (alphageek-at-milmac-dot-com)
Why should I study up on what it takes to make an effective operating
system? That's your job seeing as you are the one that is going to put out
the operating system that is going to make Bill jealous. When should we
expect it?
"K.-Benoit Evans" <[email protected]> wrote in message
news:[email protected]...
> In article <[email protected]>,
> "CW" <[email protected]> wrote:
>
"Leon" <[email protected]> wrote:
>"Jim" <[email protected]> wrote in message
>news:[email protected]...
>Well it's happened. Someone has filed suit against Microsoft for failing to
>design an operating system that is impenetrable.
How about an OS that isn't wide open ootb? They built it, they reaped
the profits and destroyed competition. It is their problem.
Since the source is closed, they have full responsiblity for keeping
things secure.
Wes
--
Reply to:
Whiskey Echo Sierra Sierra AT Gee Tee EYE EYE dot COM
Lycos address is a spam trap.
"Randy Chapman" <[email protected]> wrote:
>What, like Linux?
>
>Oh, wait, that's got the same problem.
But not the same class of users.
>
>My *ONE* Linux box has been infected once. All my windows boxes, together,
>have been infected a total of ONCE.
>
>--randy
>
Gee what a metric. I only had three linux boxes but 60-70 windows
boxes and a few Novell servers. Zero infections on Linux and very few
on windows but then that was early in my learning curve. The linux
boxes were dns, fwtk, pop3proxy, mailserver, webserver, yada, yada.
Novell's count was also zero.
Seeing that you are using lookout to post,
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
You should check this url:
http://www.pivx.com/larholm/unpatched/
Wes
--
Reply to:
Whiskey Echo Sierra Sierra AT Gee Tee EYE EYE dot COM
Lycos address is a spam trap.
Hell that don't work either. I have experienced the doctors you are talking
about....
George
"K.-Benoit Evans" <[email protected]> wrote in message
news:[email protected]...
> In article <[email protected]>,
> "CW" <[email protected]> wrote:
>
> > So, when is the K.-Benoit Evans operating system supposed to come out?
Have
> > you set a price yet? It's impervious to anything, right? Should be
great,
> > just install and start using. No worries about security, that has all
been
> > taken care of.
>
> Well, aren't you an snide one. I suggest you do some reading on the
> concept and nature of "security holes" in software. We are not talking
> about the inevitable imperfections and inherent weaknesses in any human
> construction. We are talkinga about major flaws resulting from the
> failure of the designer to maintain state-of-the-art control over his
> work.
>
> If a physician did likewise, he would be charged with criminal
> malpractice.
>
> --
> Regards,
>
> Benoit Evans
Very true. it is good to see that some people can actually think and reason.
"McQualude" <[email protected]> wrote in message news:>
> The reason it is even an issue is that most Windows users have not been
> educated about securing their OS. Linux users are more computer savvy as a
> rule and keep the security holes patched. It isn't about which has the
most
> bugs, they are about the same.
> --
> McQualude