Re: the exploit that wasn't
- From: Steve de Mena <steven@xxxxxxxxxxxxxxx>
- Date: Sun, 22 Apr 2007 14:04:05 -0700
Tom Reestman wrote:
Steve de Mena (steven@xxxxxxxxxxxxxxx) got drunk after typing this
drivel in news:462b0631$0$1360$4c368faf@xxxxxxxxxxxxxxxxx
Tom Reestman wrote:Steve de Mena (steven@xxxxxxxxxxxxxxx) got drunk after typing thisOne sentence of news, followed by twice as much text bashing Microsoft.
drivel in news:462a664c$0$19452$4c368faf@xxxxxxxxxxxxxxxxx
DanielEran wrote:Another knee-jerk dismissal of a RoughlyDrafted artice, I see.Instead of discussing what happened at CanSecWest we just get yet another anti-Microsoft rant, rehashing the same old tired myths again and again.The other Mac Book Pro? It was not compromised. There were two, andAnd what about the others? Recall that this was a FULLY patchedWhat about the other what?
system.
only one was given away.
http://www.roughlydrafted.com/RD/RDM.Tech.Q2.07/616874CC-35CE-49D3-B
85 9-C2719B6FF352.html
Yawn.
Steve
How is the following not "discusssing what happened at CanSecWest"?
"...Gohring’s article clearly described a local exploit. There’s a
big difference between the remote exploits that made Windows infamous
for its insecurity and a local exploit of an application."
"Opening an email URL that exposes a security flaw in Safari is bothYes, and thats where he should have stopped. But no....
news to report and a problem for Apple to tackle, but reporting it as
a remote exploit is inaccurate, irresponsible, and sloppy journalism,
particularly for IDG's InfoWorld, which purports to be an authority
on computing."
I'd say that sums it up nicely, and his taking InfoWorld to task for
its misleading headline is perfectly valid.
As for the rest of the article, it goes on to bash Dragos Ruiu's ridiculous statement (quoted in the IW article) regarding OS XWe hear again and again how "..Unix security has been exhaustively researched by experts for decades." Today I installed Sun Solaris 10 in a virtual machine (Parallels) just to play with it. I installed the 11/2006 u3 build. After it was done it looked for updates and there were about 83 updates, the vast majority (75?) for security issues.
security, and does so well. It certainly does not change the accuracy
of the above.
Ruiu, as the principle organizer of the conference, specifically
brought Microsoft into a security discussion about Mac OS X. That was
about as dumb as it gets, and left the door open for RoughlyDrafted
to call it for the ridiculous statement that it is.
Steve
You do NOT measure an OS' security by how many patches there are for it. That's ridiculous! And why act as if "secure" somehow means that everything that ever needs to be patched has already been patched? No one ever said that. It's yet another MS-defender artificial contruct to detract from what counts.
MS defenders have spread this new way to "measure" security because they lose (oh boy do they lose!) when measured by the only criteria that counts: How many real, bona-fide attacks there have been in the wild. All else is just statistical chest-thumping by people trying to hide the fact that the purpose of security is to keep your system from being attacked in the real world.
UNIX and UNIX-like systems have had something like 700 known viruses in the wild, and I believe zero malware. MS Windows systems have had over one hundred thousand, springing up a nine BILLION dollar industry to keep them at bay. This industry has become so ingrained in the MS mind-set that such users consider it "normal". But for other operating systems it is most certainly not normal. And, yes, those other OS's are 100% correct to tout that as a major, MAJOR advantage. It's not their fault that MS users see it only as a binary operation, and can't tell the difference between high risk even with costly and CPU-sucking AV/anti-malware products running constantly, and minimal risk even without third-party "protection".
Even Paul Thurrot, one of the biggest MS apologists on the planet, had this to say about it:
"It's not hard to secure a PC. But you do have to secure a PC. I don't secure my Macs. But I don't have to secure my Macs. There's something to be said for that. Anyway, I just felt this needed to be said. There are plenty of good reasons to use a PC, and certainly Windows Vista fixes a lot of problems. But Macs are more secure than PCs. Obviously."
You are talking about something completely different - realworld vulnerabilities, which are affected by the popularity of the target OS.
I was talking about OS design, and the comment that ""..Unix security has been exhaustively researched by experts for decades." from the article and how it is beaten into repeated over and over and Unix and OS X are *more secure OSs*. The number of security patches, even greater than Windows lately, refutes that. But now that this is becoming obvious to more the goal posts are being moved and we can only talk about real world exploits, and not any inherent level of security in the OS itself.
Steve
.
- Follow-Ups:
- Re: the exploit that wasn't
- From: Tom Reestman
- Re: the exploit that wasn't
- References:
- the exploit that wasn't
- From: none
- Re: the exploit that wasn't
- From: Snit
- Re: the exploit that wasn't
- From: PC Guy
- Re: the exploit that wasn't
- From: Snit
- Re: the exploit that wasn't
- From: DanielEran
- Re: the exploit that wasn't
- From: Steve de Mena
- Re: the exploit that wasn't
- From: Tom Reestman
- Re: the exploit that wasn't
- From: Steve de Mena
- Re: the exploit that wasn't
- From: Tom Reestman
- the exploit that wasn't
- Prev by Date: Re: The funniest post ever in CSMA
- Next by Date: Re: Microsoft is in deep trouble and now it is going to die
- Previous by thread: Re: the exploit that wasn't
- Next by thread: Re: the exploit that wasn't
- Index(es):
Relevant Pages
|
