«

http://www.microsoft-watch.com/artic...129TX1K0000535

How many weeks have past since the last one?


Have A Nice Cup of Tea

--
Jeffrey Jaffe, Novell CTO: "What many people are discovering is that the
Linux desktop works just fine."

In article <>,
Have A Nice Cup of Tea <> wrote:

> http://www.microsoft-watch.com/artic...=MWRSS02129TX1
> K0000535
>
> How many weeks have past since the last one?
>
>
> Have A Nice Cup of Tea

feel free to post the linux and firefox security flaws too, just to give
a ballanced perspective

On Mon, 27 Mar 2006 03:01:52 +1200, someone purporting to be whoisthis
didst scrawl:

> In article <>,
> Have A Nice Cup of Tea <> wrote:
>
>> http://www.microsoft-watch.com/artic...=MWRSS02129TX1
>> K0000535
>>
>> How many weeks have past since the last one?
>>
> feel free to post the linux and firefox security flaws too, just to give
> a ballanced perspective

That's a bit difficult when there's nothing to post.
Well, not nothing, but nothing major. IE is currently affected by an
Extremely Critical unpatched bug, and before that it was just Highly
Critical. Firefox's most serious unpatched bug is Less Critical, which
tallies with 2.4.x and 2.6.x versions of the Linux kernel.

What's also interesting is that, since 2003, those versions of the kernel
have had nothing more serious than a Moderately Critical bug, according to
Secunia. That could just be rounding, but it's still very, very low.
Firefox 1.x has had 4% Extremely and 26% Highly. IE6.x has had 15%
Extremely, 28% Highly.

Just to give a balanced perspective. Oh, and IE and Firefox have had
fairly similar numbers of bugs, before you start down that particular path.


--
Matthew Poole
"Don't use force. Get a bigger hammer."

On Mon, 27 Mar 2006 07:13:55 +1200, someone purporting to be Matthew Poole
didst scrawl:

> On Mon, 27 Mar 2006 03:01:52 +1200, someone purporting to be whoisthis
> didst scrawl:
*SNIP*
> Just to give a balanced perspective. Oh, and IE and Firefox have had
> fairly similar numbers of bugs, before you start down that particular path.

Not sure where I got the similar numbers thing from. IE has had over three
times as many as FF (96 against 27), and nearly as many reported bugs in
IE are unpatched as there have ever been reported bugs in FF1.x

--
Matthew Poole
"Don't use force. Get a bigger hammer."

In article <>,
Matthew Poole <> wrote:

> On Mon, 27 Mar 2006 03:01:52 +1200, someone purporting to be whoisthis
> didst scrawl:
>
> > In article <>,
> > Have A Nice Cup of Tea <> wrote:
> >
> >> http://www.microsoft-watch.com/artic...?kc=MWRSS02129
> >> TX1
> >> K0000535
> >>
> >> How many weeks have past since the last one?
> >>
> > feel free to post the linux and firefox security flaws too, just to give
> > a ballanced perspective
>
> That's a bit difficult when there's nothing to post.
> Well, not nothing, but nothing major. IE is currently affected by an
> Extremely Critical unpatched bug, and before that it was just Highly
> Critical. Firefox's most serious unpatched bug is Less Critical, which
> tallies with 2.4.x and 2.6.x versions of the Linux kernel.
>
> What's also interesting is that, since 2003, those versions of the kernel
> have had nothing more serious than a Moderately Critical bug, according to
> Secunia. That could just be rounding, but it's still very, very low.
> Firefox 1.x has had 4% Extremely and 26% Highly. IE6.x has had 15%
> Extremely, 28% Highly.
>
> Just to give a balanced perspective. Oh, and IE and Firefox have had
> fairly similar numbers of bugs, before you start down that particular path.

And of course because linux is of limited interest to criminals because
of the much lower numbers (and I do accept better security model as I
run Macs for the same reason) they exploits probably are these they are
just no found.

And of course to be balanced it should be noted that Unix is more than
twice as old as Windows so it has had an extra 20 years to work out the
issues !

On Mon, 27 Mar 2006 02:24:52 +1200, Have A Nice Cup of Tea <> wrote:

>http://www.microsoft-watch.com/artic...129TX1K0000535
>
>How many weeks have past since the last one?
>
>
Got hard-on?

whoisthis wrote:

8><----

> And of course because linux is of limited interest to criminals because
> of the much lower numbers (and I do accept better security model as I
> run Macs for the same reason) they exploits probably are these they are
> just no found.

Yes Apache and Linux run 3 times the web servers that run on MS & ISS,
so if you want to infect web browsers via the web do it via an infected
Apache server, this is so happening....

Of course this is a prime reason to switch to Linux & FF, it is not
targetted by criminals and the better security model means any future
impact is going to be limited.

> And of course to be balanced it should be noted that Unix is more than
> twice as old as Windows so it has had an extra 20 years to work out the
> issues !

What balance? what does 20 years of Unix got to do with IE and Firefox?

Unless you mean that by the same point IE has been around for several
years longer ie way older than FF, so it should have less bugs, but has
more and worse....kinda an oxy moron....

regards

Thing

On Mon, 27 Mar 2006 07:43:03 +1200, whoisthis wrote:

> And of course to be balanced it should be noted that Unix is more than
> twice as old as Windows so it has had an extra 20 years to work out the
> issues !

So why then, has Micro$oft dumped M$ WindowsNT in favour of a supposedly
complete new OS called Vista?

I mean, if all those years of development are anything to go by, surely
also M$'s own software should be now starting to be reasonably secure -
given all the patching that it has done over the years.


Have A Nice Cup of Tea

--
"Vista - I wouldn't buy it with someone else's money. Then again What do I
know, I've only been testing the dog for the last 2-3 yrs..."

Have A Nice Cup of Tea wrote:
> On Mon, 27 Mar 2006 07:43:03 +1200, whoisthis wrote:
>
>
>>And of course to be balanced it should be noted that Unix is more than
>>twice as old as Windows so it has had an extra 20 years to work out the
>>issues !
>
>
> So why then, has Micro$oft dumped M$ WindowsNT in favour of a supposedly
> complete new OS called Vista?
>
> I mean, if all those years of development are anything to go by, surely
> also M$'s own software should be now starting to be reasonably secure -
> given all the patching that it has done over the years.
>
>
> Have A Nice Cup of Tea
>

and lets not forget MS's huge R&D budget......

Patching wont fix the fundimental design flaws that MS allowed in to
make applications talk to each other easily....or DLL hell.....

I find it interesting that virtaul servers seem such a popular idea. Yet
when you look at why it is mostly a way to allow different applications
running on a MS OS that require different DLLs to live together happily
on the same hardware. All this for a 5~20% hit on server performance
over native mode....with Unix and linux you just run them....yet another
layer being added into hide yet another flaw in the MS OS......

regards

Thing

On Mon, 27 Mar 2006 07:43:03 +1200, someone purporting to be whoisthis
didst scrawl:

> In article <>,
> Matthew Poole <> wrote:
*SNIP*
> And of course because linux is of limited interest to criminals because
> of the much lower numbers (and I do accept better security model as I
> run Macs for the same reason) they exploits probably are these they are
> just no found.
>
Reported bugs has nothing to do with the availability of exploits for
them. Most bugs in Firefox and the Linux kernel are never exploited, and
many bugs in IE are never exploited.

> And of course to be balanced it should be noted that Unix is more than
> twice as old as Windows so it has had an extra 20 years to work out the
> issues !

Unix != Linux! There is no connection between the Linux kernel and Unix,
so the age of Unix matters not a jot. If we were discussing the BSD's it
would be a valid comparison, as they are direct descendants of AT&T's
Unix, but we're not.

--
Matthew Poole
"Don't use force. Get a bigger hammer."