Ol' gatesy is gettin worried huh ?

Discussion in 'NZ Computing' started by Troglodyte, Oct 27, 2004.

  1. Troglodyte

    Troglodyte Guest

    1. Advertising

  2. Troglodyte

    Troglodyte Guest

    thing wrote:

    > Matthew Poole wrote:
    >
    >> In article <>, wrote:
    >>
    >>> http://www.reuters.co.uk/newsArticle.jhtml?type=internetNews&storyID=6632437&se
    >>>
    >>> ction=news

    >>
    >>
    >>
    >> I loved the comment about Windows having fewer security
    >> vulnerabilities than Linux. Which planet's rarified atmosphere does
    >> the man live in? Flaws with IE, given MS's insistence that IE cannot
    >> be separated from Windows, are Windows flaws. And I've lost count of
    >> the number of moderately or highly critical flaws in IE that've come
    >> out of Secunia this year.
    >> Linux has had its share, to be sure, but they're not usually highly
    >> critical remote code execution flaws. Or if they are, they're in
    >> shared libraries that are optional.
    >>

    >
    >
    > I suspect it was a pre-emptive strike over this,
    >
    > http://news.bbc.co.uk/1/hi/business/3960025.stm
    >
    > ".....John Oughton, chief executive of the OGC, said that the pilot
    > schemes in the UK show that Linux "could support government bodies by
    > offering efficient and cost-effective IT solutions".
    >
    > "This report will assist public sector bodies in making informed,
    > value-for-money judgements when deciding upon which solutions best suits
    > their needs."
    >
    > The pilot schemes found that using Linux can extend the life of
    > equipment and limit the number of servers need to run programs.
    >
    > It also said that there were "potential green" benefits, as well as the
    > cost cutting....."
    >
    > When even Government "experts" are coming out and saying Linux is
    > viable, then the stupidity that Ballmer is spewing is getting way beyond
    > believable.
    >
    > It must be the rarified atmosphere up there is MS tower or something
    > because the only people I can believe would believe this are the MS
    > faithful and the clueless. In which case his email does little to win
    > over the people that count, which are the ones that do their research,
    > costings and make the decisions ie sit in positions that matter like CIO's.
    >
    > This does not mean Linux is always the answer, what it does mean is that
    > more and more MS is no longer the automatic solution for a "small/medium
    > solution". Its now a 2 horse race which is good for everybody (except
    > MS), even the MS faithful.
    >
    > regards
    >
    > Thing
    >
    >

    Went to a Novell sales push on suse the other week. And even they say
    that you should not, as a business, put all your faith in one system.
    Better a marraige of the two.
     
    Troglodyte, Oct 28, 2004
    #2
    1. Advertising

  3. In article <>, wrote:
    >http://www.reuters.co.uk/newsArticle.jhtml?type=internetNews&storyID=6632437&se
    >ction=news


    I loved the comment about Windows having fewer security vulnerabilities
    than Linux. Which planet's rarified atmosphere does the man live in?
    Flaws with IE, given MS's insistence that IE cannot be separated from
    Windows, are Windows flaws. And I've lost count of the number of
    moderately or highly critical flaws in IE that've come out of Secunia
    this year.
    Linux has had its share, to be sure, but they're not usually highly
    critical remote code execution flaws. Or if they are, they're in shared
    libraries that are optional.

    --
    Matthew Poole Auckland, New Zealand
    "Veni, vidi, velcro...
    I came, I saw, I stuck around"

    My real e-mail is mattATp00leDOTnet
     
    Matthew Poole, Oct 28, 2004
    #3
  4. Troglodyte

    thing Guest

  5. Troglodyte

    thing Guest

    Matthew Poole wrote:
    > In article <>, wrote:
    >
    >>http://www.reuters.co.uk/newsArticle.jhtml?type=internetNews&storyID=6632437&se
    >>ction=news

    >
    >
    > I loved the comment about Windows having fewer security vulnerabilities
    > than Linux. Which planet's rarified atmosphere does the man live in?
    > Flaws with IE, given MS's insistence that IE cannot be separated from
    > Windows, are Windows flaws. And I've lost count of the number of
    > moderately or highly critical flaws in IE that've come out of Secunia
    > this year.
    > Linux has had its share, to be sure, but they're not usually highly
    > critical remote code execution flaws. Or if they are, they're in shared
    > libraries that are optional.
    >



    I suspect it was a pre-emptive strike over this,

    http://news.bbc.co.uk/1/hi/business/3960025.stm

    ".....John Oughton, chief executive of the OGC, said that the pilot
    schemes in the UK show that Linux "could support government bodies by
    offering efficient and cost-effective IT solutions".

    "This report will assist public sector bodies in making informed,
    value-for-money judgements when deciding upon which solutions best suits
    their needs."

    The pilot schemes found that using Linux can extend the life of
    equipment and limit the number of servers need to run programs.

    It also said that there were "potential green" benefits, as well as the
    cost cutting....."

    When even Government "experts" are coming out and saying Linux is
    viable, then the stupidity that Ballmer is spewing is getting way beyond
    believable.

    It must be the rarified atmosphere up there is MS tower or something
    because the only people I can believe would believe this are the MS
    faithful and the clueless. In which case his email does little to win
    over the people that count, which are the ones that do their research,
    costings and make the decisions ie sit in positions that matter like CIO's.

    This does not mean Linux is always the answer, what it does mean is that
    more and more MS is no longer the automatic solution for a "small/medium
    solution". Its now a 2 horse race which is good for everybody (except
    MS), even the MS faithful.

    regards

    Thing
     
    thing, Oct 28, 2004
    #5
  6. Troglodyte

    thing Guest

    Matthew Poole wrote:
    > In article <>, wrote:
    >
    >>http://www.reuters.co.uk/newsArticle.jhtml?type=internetNews&storyID=6632437&se
    >>ction=news

    >
    >
    > I loved the comment about Windows having fewer security vulnerabilities
    > than Linux. Which planet's rarified atmosphere does the man live in?
    > Flaws with IE, given MS's insistence that IE cannot be separated from
    > Windows, are Windows flaws. And I've lost count of the number of
    > moderately or highly critical flaws in IE that've come out of Secunia
    > this year.
    > Linux has had its share, to be sure, but they're not usually highly
    > critical remote code execution flaws. Or if they are, they're in shared
    > libraries that are optional.
    >


    This does a good bunk of what he is saying,

    http://www.theregister.co.uk/security/security_report_windows_vs_linux/

    My thought is, if this "get the facts" campaign is the best MS can come
    up with, it does not look good for MS. For those that blindly accept
    what MS says.....well carry on doing a dis-service to your
    employer....for those that want to think, research is very easy....

    regards

    Thing
     
    thing, Oct 28, 2004
    #6
  7. In article <>,
    Troglodyte <> wrote:

    >Went to a Novell sales push on suse the other week. And even they say
    >that you should not, as a business, put all your faith in one system.
    >Better a marr[ia]ge of the two.


    That's the biodiversity argument.

    It's a fact that it's more "efficient" to run your entire business on a
    single platform. However, that leaves you vulnerable to a single
    security hole affecting all your machines enough to knock out your whole
    business. So you diversify, which increases your costs and reduces your
    efficiencies somewhat but buys you greater robustness.

    Kind of like how evolution works in the natural world: it's a highly
    inefficient process, but the diversity of organisms it produces makes it
    a little bit less likely that everything will be wiped out by the next
    asteroid strike.
     
    Lawrence D'Oliveiro, Oct 29, 2004
    #7
  8. Troglodyte

    thing Guest

    Troglodyte wrote:
    > thing wrote:
    >
    >> Matthew Poole wrote:
    >>
    >>> In article <>, wrote:
    >>>
    >>>> http://www.reuters.co.uk/newsArticle.jhtml?type=internetNews&storyID=6632437&se
    >>>>
    >>>> ction=news
    >>>
    >>>
    >>>
    >>>
    >>> I loved the comment about Windows having fewer security
    >>> vulnerabilities than Linux. Which planet's rarified atmosphere does
    >>> the man live in? Flaws with IE, given MS's insistence that IE cannot
    >>> be separated from Windows, are Windows flaws. And I've lost count of
    >>> the number of moderately or highly critical flaws in IE that've come
    >>> out of Secunia this year.
    >>> Linux has had its share, to be sure, but they're not usually highly
    >>> critical remote code execution flaws. Or if they are, they're in
    >>> shared libraries that are optional.
    >>>

    >>
    >>
    >> I suspect it was a pre-emptive strike over this,
    >>
    >> http://news.bbc.co.uk/1/hi/business/3960025.stm
    >>
    >> ".....John Oughton, chief executive of the OGC, said that the pilot
    >> schemes in the UK show that Linux "could support government bodies by
    >> offering efficient and cost-effective IT solutions".
    >>
    >> "This report will assist public sector bodies in making informed,
    >> value-for-money judgements when deciding upon which solutions best
    >> suits their needs."
    >>
    >> The pilot schemes found that using Linux can extend the life of
    >> equipment and limit the number of servers need to run programs.
    >>
    >> It also said that there were "potential green" benefits, as well as
    >> the cost cutting....."
    >>
    >> When even Government "experts" are coming out and saying Linux is
    >> viable, then the stupidity that Ballmer is spewing is getting way
    >> beyond believable.
    >>
    >> It must be the rarified atmosphere up there is MS tower or something
    >> because the only people I can believe would believe this are the MS
    >> faithful and the clueless. In which case his email does little to win
    >> over the people that count, which are the ones that do their research,
    >> costings and make the decisions ie sit in positions that matter like
    >> CIO's.
    >>
    >> This does not mean Linux is always the answer, what it does mean is
    >> that more and more MS is no longer the automatic solution for a
    >> "small/medium solution". Its now a 2 horse race which is good for
    >> everybody (except MS), even the MS faithful.
    >>
    >> regards
    >>
    >> Thing
    >>
    >>

    >
    > Went to a Novell sales push on suse the other week. And even they say
    > that you should not, as a business, put all your faith in one system.
    > Better a marraige of the two.


    Some sense in that, sorta.

    1) With all your eggs in one basket you have to be 100% sure the system
    you rely on is so well designed and built you get that 100% out of it.

    2) Trouble is of course so many systems within a business are in terms
    of job function interrelated at the person's job level even if they are
    not in actual IT terms. By this I mean having say seperate servers for
    email and files is just great....unless your so reliant on both to do
    your job that if one goes down you cannot work effectively anyway.

    So the design, build and maintenance challenge is to keep the business
    at a functional level even if one major component fails. ie if email is
    30% of the business, and fails we still need to have 70% capability, not
    10%.

    Which begs a huge question on the reality of MS appearing to want thick
    client and being so anti-thin client, if you have lost your fileserver
    effectively you can do so little with your desk top that its all but
    useless. So a thick client means you can maybe play solitaire if your
    allowed to and if your already logged in. If you are not using ISA and
    say have a squid proxy without AD authentication then you can web
    browse, a real business gain.....not.

    regards

    Thing
     
    thing, Oct 29, 2004
    #8
  9. thing wrote:
    > Matthew Poole wrote:
    >
    >> In article <>, wrote:
    >>
    >>> http://www.reuters.co.uk/newsArticle.jhtml?type=internetNews&storyID=6632437&se
    >>>
    >>> ction=news

    >>
    >>
    >>
    >> I loved the comment about Windows having fewer security
    >> vulnerabilities than Linux. Which planet's rarified atmosphere does
    >> the man live in? Flaws with IE, given MS's insistence that IE cannot
    >> be separated from Windows, are Windows flaws. And I've lost count of
    >> the number of moderately or highly critical flaws in IE that've come
    >> out of Secunia this year.
    >> Linux has had its share, to be sure, but they're not usually highly
    >> critical remote code execution flaws. Or if they are, they're in
    >> shared libraries that are optional.
    >>

    >
    > This does a good bunk of what he is saying,
    >
    > http://www.theregister.co.uk/security/security_report_windows_vs_linux/


    Drivel!

    Of course its written by Nicholas Petreley and published by The
    Register, it must be true...

    > My thought is, if this "get the facts" campaign is the best MS can come
    > up with, it does not look good for MS. For those that blindly accept
    > what MS says.....well carry on doing a dis-service to your
    > employer....for those that want to think, research is very easy....


    likewise for someone that blindly accepts the Nicholas Petreley rant.
    There are a bunch of flat out inaccuracies in the "report" along with
    some subversion of the CERT data to support the inaccurate claims
     
    Nathan Mercer, Oct 29, 2004
    #9
  10. Troglodyte

    steve Guest

    Troglodyte wrote:

    > http://www.reuters.co.uk

    newsArticle.jhtml?type=internetNews&storyID=6632437&section=news

    Rely on Reuters to publish Microsoft ads as news.

    They used to be a credible news agency.......but over the past 4 years they
    have been shown to pervert the news to support their political and economic
    agenda.

    One need only read their coverage of events in Venezuela over the past 3
    years to discern the clear pattern at play.

    US uber alles.

    --
    Distributed Computing Projects:
    SETI at Home
    http://boinc.mundayweb.com/seti2/stats.php?userID=1248
    ClimatePrediction.net
    http://boinc.mundayweb.com/cpdn/stats.php?userID=334
     
    steve, Oct 29, 2004
    #10
  11. In article <92ngd.23932$>,
    Nathan Mercer <> wrote:

    >thing wrote:
    >> Matthew Poole wrote:
    >>
    >>> In article <>, wrote:
    >>>
    >>>> http://www.reuters.co.uk/newsArticle.jhtml?type=internetNews&storyID=663243
    >>>> 7&se
    >>>>
    >>>> ction=news
    >>>
    >>>
    >>>
    >>> I loved the comment about Windows having fewer security
    >>> vulnerabilities than Linux. Which planet's rarified atmosphere does
    >>> the man live in? Flaws with IE, given MS's insistence that IE cannot
    >>> be separated from Windows, are Windows flaws. And I've lost count of
    >>> the number of moderately or highly critical flaws in IE that've come
    >>> out of Secunia this year.
    >>> Linux has had its share, to be sure, but they're not usually highly
    >>> critical remote code execution flaws. Or if they are, they're in
    >>> shared libraries that are optional.
    >>>

    >>
    >> This does a good bunk of what he is saying,
    >>
    >> http://www.theregister.co.uk/security/security_report_windows_vs_linux/

    >
    >Drivel!


    Explain.
     
    Lawrence D¹Oliveiro, Oct 29, 2004
    #11
  12. Troglodyte

    thing Guest

    Lawrence D¹Oliveiro wrote:
    > In article <92ngd.23932$>,
    > Nathan Mercer <> wrote:
    >
    >
    >>thing wrote:
    >>
    >>>Matthew Poole wrote:
    >>>
    >>>
    >>>>In article <>, wrote:
    >>>>
    >>>>
    >>>>>http://www.reuters.co.uk/newsArticle.jhtml?type=internetNews&storyID=663243
    >>>>>7&se
    >>>>>
    >>>>>ction=news
    >>>>
    >>>>
    >>>>
    >>>>I loved the comment about Windows having fewer security
    >>>>vulnerabilities than Linux. Which planet's rarified atmosphere does
    >>>>the man live in? Flaws with IE, given MS's insistence that IE cannot
    >>>>be separated from Windows, are Windows flaws. And I've lost count of
    >>>>the number of moderately or highly critical flaws in IE that've come
    >>>>out of Secunia this year.
    >>>>Linux has had its share, to be sure, but they're not usually highly
    >>>>critical remote code execution flaws. Or if they are, they're in
    >>>>shared libraries that are optional.
    >>>>
    >>>
    >>>This does a good bunk of what he is saying,
    >>>
    >>>http://www.theregister.co.uk/security/security_report_windows_vs_linux/

    >>
    >>Drivel!

    >
    >
    > Explain.


    As a MS employee what did you expect from Nathan?

    Trouble is Nathan, MS has a history of being highly selective in
    publishing "testing" results, paying for "independant" reports and
    cherry picking dates from selected criteria.

    Take this back to your masters for me,

    MS is losing credibility, but now its got to the stage people who matter
    like CIOs and Government agencies can see the hollowness of your claims
    and even at times outright lies. Less and less they believe...

    You are failing in your FUD. If you bring in IP challenges all you will
    do is get people's backs up at all levels. You will sew the seeds of
    your own destruction, instead of taking the world with you you are
    intent on crushing it, it wont work. The world is not the USA, while you
    may have IP in the US (and that is being seen more and more as a
    disaster, the 3rd World will not. Even if European Politicians are
    stupid enough to allow US style IP, the 3rd world will not.

    Too many Countries see the results of US IP meaning they cannot have
    drugs at prices they can afford. The US trades in farming produce in its
    terms, trapping many third world countries in poverty because they
    cannot compete fairly. Many of these Governments see OSS as one of the
    keys to bring their country out of poverty, do you really think they
    will allow the US to chain them into perpetual misery? like it has done
    with food, minerals and drugs?

    You may not see it Nathan in your ivory tower but many people are sick
    of being treated badly and are sick of watching others being treated
    badly, so stay in MS land earning your nice salary by squashing people
    and inovation or step out and get a life.

    regards

    Thing
     
    thing, Oct 29, 2004
    #12
  13. Troglodyte

    thing Guest

    steve wrote:
    > Troglodyte wrote:
    >
    >
    >>http://www.reuters.co.uk

    >
    > newsArticle.jhtml?type=internetNews&storyID=6632437&section=news
    >
    > Rely on Reuters to publish Microsoft ads as news.
    >
    > They used to be a credible news agency.......but over the past 4 years they
    > have been shown to pervert the news to support their political and economic
    > agenda.
    >
    > One need only read their coverage of events in Venezuela over the past 3
    > years to discern the clear pattern at play.
    >
    > US uber alles.
    >


    Most US news agencies are totally reliant on advertising, since 9/11
    they are so afraid of a consumer backlash causing a deserting of their
    services/programming hence a collapse in advertising revenue that they
    are now only highly pro-US in stance. Forget US news for a balanced
    view. My concern is the BBC might go that way too....

    regards

    Thing
     
    thing, Oct 29, 2004
    #13
  14. In article <92ngd.23932$>, Nathan Mercer <> wrote:
    >thing wrote:

    *SNIP*
    >Drivel!
    >

    *SNIP*

    My response to this, Nathan:
    http://www.p00le.net/wvl-yr.png

    I didn't add in any transparency, since your favourite browser still
    hasn't learned that trick!

    --
    Matthew Poole Auckland, New Zealand
    "Veni, vidi, velcro...
    I came, I saw, I stuck around"

    My real e-mail is mattATp00leDOTnet
     
    Matthew Poole, Oct 29, 2004
    #14
  15. In article <i5ygd.23995$> in nz.comp on Sat, 30
    Oct 2004 09:53:12 +1300, thing <> says...
    > steve wrote:
    > > Troglodyte wrote:
    > >
    > >
    > >>http://www.reuters.co.uk

    > >
    > > newsArticle.jhtml?type=internetNews&storyID=6632437&section=news
    > >
    > > Rely on Reuters to publish Microsoft ads as news.
    > >
    > > They used to be a credible news agency.......but over the past 4 years they
    > > have been shown to pervert the news to support their political and economic
    > > agenda.
    > >
    > > One need only read their coverage of events in Venezuela over the past 3
    > > years to discern the clear pattern at play.
    > >
    > > US uber alles.
    > >

    >
    > Most US news agencies are totally reliant on advertising, since 9/11
    > they are so afraid of a consumer backlash causing a deserting of their
    > services/programming hence a collapse in advertising revenue that they
    > are now only highly pro-US in stance. Forget US news for a balanced
    > view. My concern is the BBC might go that way too....


    Oh come on, you expect us to take your leftie biased tosh as fact, Steve
    the conspiracy theorist and capitalism hater? What kind of world do you
    live in?
     
    Patrick Dunford, Oct 29, 2004
    #15
  16. Troglodyte

    EMB Guest

    Matthew Poole wrote:

    > My response to this, Nathan:
    > http://www.p00le.net/wvl-yr.png


    Fsck that's funny, the sad thing is that it's true and most of the
    pro-MS brigade won't acknowledge that.


    --
    EMB
     
    EMB, Oct 30, 2004
    #16
  17. Troglodyte

    Brendan Guest

    On Sat, 30 Oct 2004 11:46:04 +1300, Patrick Dunford wrote:

    > Oh come on, you expect us to take your leftie biased tosh as fact, Steve
    > the conspiracy theorist and capitalism hater? What kind of world do you
    > live in?


    **** off Patrick. Capitalism is a pathological ideology.

    --

    .... Brendan

    "'He says gods like to see an atheist around. Gives them something to aim at.'" -- Terry Pratchett, _Small Gods_

    Note: All my comments are copyright 30/10/2004 11:27:50 p.m. and are opinion only where not otherwise stated and always "to the best of my recollection". www.computerman.orcon.net.nz.

    ************************************************************************
    * THE BELOW ADVERT IS NOT MY WORK AND IS APPENDED AGAINST MY WISHES. *
    * NEWSFEEDS.COM'S CLAIM OF 100,000 GROUPS IS BOGUS AS MANY OF THEM *
    * ARE ILLEGITIMATE AND DELETED BY MOST OTHERS. NEWSFEEDS.COM CANNOT *
    *BE TRUSTED. THEY USE YOUR DISCUSSION AS A VEHICLE FOR SPAMMING USENET.*
    ************************************************************************


    ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
    ---= East/West-Coast Server Farms - Total Privacy via Encryption =---
     
    Brendan, Oct 30, 2004
    #17
  18. X-No-archive: yes

    Lawrence D¹Oliveiro wrote:
    >>>>I loved the comment about Windows having fewer security
    >>>>vulnerabilities than Linux. Which planet's rarified atmosphere does
    >>>>the man live in? Flaws with IE, given MS's insistence that IE cannot
    >>>>be separated from Windows, are Windows flaws. And I've lost count of
    >>>>the number of moderately or highly critical flaws in IE that've come
    >>>>out of Secunia this year.
    >>>>Linux has had its share, to be sure, but they're not usually highly
    >>>>critical remote code execution flaws. Or if they are, they're in
    >>>>shared libraries that are optional.
    >>>>
    >>>
    >>>This does a good bunk of what he is saying,
    >>>
    >>>http://www.theregister.co.uk/security/security_report_windows_vs_linux/

    >>
    >>Drivel!

    >
    > Explain.


    Well, Nicholas Petreley is not exactly known to be subjective for a
    start, and this is supposedly a objective report based on facts?!

    The facts most of his arguments are based on - have a number of flat out
    innacurracies. Here are just a few of them...

    One of the first claims made is is that CERT reports more severe
    vulnerabilities in Windows than Linux. This is a clear twisting and
    subversion of the CERT data.

    The CERT severity metric takes into account things like market
    penetration and risk to the overall internet infrastructure, both areas
    where Microsoft products are more crucial to the internet as a whole
    than nearly any other vendor, than maybe Cisco. Consequently, identical
    vulnerabilities in Windows will be rated more severe than
    vulnerabilities in, say Debian. Further, CERT uses this metric to
    prioritise their response, and things that fall below a certain severity
    threshold simply won't be reported on the CERT web site due to lack of
    cycles.

    "From the CERT Web site:

    Metric
    The metric value is a number between 0 and 180 that assigns an
    approximate severity to the vulnerability. This number considers several
    factors, including:
    Is information about the vulnerability widely available or known?
    Is the vulnerability being exploited in the incidents reported to US-CERT?
    Is the Internet Infrastructure at risk because of this vulnerability?
    How many systems on the Internet are at risk from this vulnerability?
    What is the impact of exploiting the vulnerability?
    How easy is it to exploit the vulnerability?
    What are the preconditions required to exploit the vulnerability?

    Because the questions are answered with approximate values that may
    differ significantly from one site to another, users should not rely too
    heavily on the metric for prioritizing vulnerabilities. However, it may
    be useful for separating the very serious vulnerabilities from the large
    number of less severe vulnerabilities described in the database.
    Typically, vulnerabilities with a metric greater than 40 have been
    candidates for a CERT advisory, and we will continue to use this metric
    for US-CERT Technical Alerts. The questions are not all weighted
    equally, and the resulting score is not linear (a vulnerability with a
    metric of 40 is not twice as severe as one with a metric of 20)."

    It is claimed as a fact that "When it comes to web servers, the biggest
    target is Apache, the Internet's server of choice. Attacks on Apache are
    nevertheless far fewer in number, and cause less damage."
    The reality is just way different. Check out the Zone-H stats "Todays
    Verified Attacks" just about any day of the week and you will almost
    always see that Linux Web site defacements are higher than Windows by a
    ration of almost 3:1.

    He waffles on about how bad IIS is, brings up the Code Red worm BO which
    is fair enough. But what isn't fair is that he had to go back 4 months
    or so to get 40 vulns for RH and a whole year for Windows Server 2003.
    MSFT and their customers knew IIS4/5 was bad, so put it through the
    TrustWorthy Computing ringer, and designed the thing from the ground up
    and rewrote it to be significantly more secure. IIS6 is built into
    Windows Server 2003, and it is widely acknowledged to be the most secure
    version of IIS ever. Regardless IIS5 can be made to be secure, just
    like earlier versions of Apache can be - its just that you have to jump
    through hoops, and it is too easy for people to get the configuration
    wrong and then get 0wned.
    If he's going to be be fair and base arguement on facts we would be
    comparing IIS4/5 with dodgy old versions of Apache too - I don't think
    you want to go there right? There has been 1 vuln with IIS6 IIRC
    throughout its life, I'm damn sure Apache can't claim the same,
    especially when you look at a real work workload like an Application
    Server, not just a "static web httpd"

    Once again he is comparing Windows old stuff with Linux new stuff. Sure
    IE is built into the Windows platform and can't be removed. Fact is tho
    that XPSP2/Server 2003 SP1 brings the browser security to a whole new
    level. Most of the recent IE vulns don't apply to XPSP2 and Server 2003
    with IE lockdown. Likewise a bunch of them are mitigated by running as
    a user. Not rocket science there

    His assertion that Linux servers are ideal for headless non-local
    administration is exactly the same for Windows Server 2003. Windows
    Server 2003 locks down the browser, and it certainly is not recommended
    to run a browser locally on the Server logged in as root. Same for Linux.

    Look at Mozilla FireFox, there has been a bunch of vulns just recently
    going through the RC and PR releases that needed updates. We have seen
    a significant rise in vulnerability reports in Mozilla and the entire
    Mozilla suite. Especially as the much publicised migration of users
    from IE to Mozilla on the basis of what was originally believed to be a
    product suite less vulnerable to attack. Expect more - attackers are
    clearly targetting the increasing usage of Mozilla.

    The codswallop titled "Patches and Vulnerabilities Affecting Microsoft
    Windows Server 2003" is a laugh - all the admins I know leave the IE
    settings on the server alone, and certainly don't surf untrusted
    websites while logged in as administrator. The attack vectors that he
    states are mitigated by running as an unprivleged user under Linux are
    exactly the same as for Windows Server 2003 too. Albeit slightly harder
    to achieve under Windows, but this is a admin training/education issue
    rather than an inherent fault. I really don't think Microsoft promotes
    the "local familiar Windows desktop as the prime advantage to Windows
    Server 2003" Anyone who is serious about server computing will setup
    remote administation, automated monitoring etc. This is not unique to Linux

    There's probably more inaccuracies, thats a start to get the ball
    rolling. If some of these fundamental things are wrong, what else can
    be wrong too?

    Nice rant. Full of holes. Linux has its own set of challenges, and
    Windows isn't so bad afterall.

    Insert head back into sand...
     
    Nathan Mercer, Oct 31, 2004
    #18
  19. Troglodyte

    thing Guest

    Nathan Mercer wrote:
    > X-No-archive: yes
    >
    > Lawrence D¹Oliveiro wrote:
    >
    >>>>> I loved the comment about Windows having fewer security
    >>>>> vulnerabilities than Linux. Which planet's rarified atmosphere
    >>>>> does the man live in? Flaws with IE, given MS's insistence that IE
    >>>>> cannot be separated from Windows, are Windows flaws. And I've lost
    >>>>> count of the number of moderately or highly critical flaws in IE
    >>>>> that've come out of Secunia this year.
    >>>>> Linux has had its share, to be sure, but they're not usually highly
    >>>>> critical remote code execution flaws. Or if they are, they're in
    >>>>> shared libraries that are optional.
    >>>>>
    >>>>
    >>>> This does a good bunk of what he is saying,
    >>>>
    >>>> http://www.theregister.co.uk/security/security_report_windows_vs_linux/
    >>>
    >>>
    >>> Drivel!

    >>
    >>
    >> Explain.

    >
    >
    > Well, Nicholas Petreley is not exactly known to be subjective for a
    > start, and this is supposedly a objective report based on facts?!


    He is biased because he does not accept MS's drivel? and MS is renowned
    for its unbiased nature? Who started the latest advertising campaign Nathan?

    Who usually gets selected data from so called but in reality bought and
    paid for analysts? Or twists their data, or releases selective snippets?
    sometimes against the analysts wishes?

    Linux maybe? dont think so.....

    Credability Nathan........

    > The facts most of his arguments are based on - have a number of flat out
    > innacurracies. Here are just a few of them...
    >
    > One of the first claims made is is that CERT reports more severe
    > vulnerabilities in Windows than Linux. This is a clear twisting and
    > subversion of the CERT data.


    Not from waht I have read and others have written, lies, damn lies and
    statistics as they say.

    > The CERT severity metric takes into account things like market
    > penetration and risk to the overall internet infrastructure, both areas
    > where Microsoft products are more crucial to the internet as a whole
    > than nearly any other vendor, than maybe Cisco. Consequently, identical
    > vulnerabilities in Windows will be rated more severe than
    > vulnerabilities in, say Debian. Further, CERT uses this metric to
    > prioritise their response, and things that fall below a certain severity
    > threshold simply won't be reported on the CERT web site due to lack of
    > cycles.
    >
    > "From the CERT Web site:
    >
    > Metric
    > The metric value is a number between 0 and 180 that assigns an
    > approximate severity to the vulnerability. This number considers several
    > factors, including:
    > Is information about the vulnerability widely available or known?
    > Is the vulnerability being exploited in the incidents reported to US-CERT?
    > Is the Internet Infrastructure at risk because of this vulnerability?
    > How many systems on the Internet are at risk from this vulnerability?
    > What is the impact of exploiting the vulnerability?
    > How easy is it to exploit the vulnerability?
    > What are the preconditions required to exploit the vulnerability?
    >
    > Because the questions are answered with approximate values that may
    > differ significantly from one site to another, users should not rely too
    > heavily on the metric for prioritizing vulnerabilities. However, it may
    > be useful for separating the very serious vulnerabilities from the large
    > number of less severe vulnerabilities described in the database.
    > Typically, vulnerabilities with a metric greater than 40 have been
    > candidates for a CERT advisory, and we will continue to use this metric
    > for US-CERT Technical Alerts. The questions are not all weighted
    > equally, and the resulting score is not linear (a vulnerability with a
    > metric of 40 is not twice as severe as one with a metric of 20)."
    >
    > It is claimed as a fact that "When it comes to web servers, the biggest
    > target is Apache, the Internet's server of choice. Attacks on Apache are
    > nevertheless far fewer in number, and cause less damage."
    > The reality is just way different. Check out the Zone-H stats "Todays
    > Verified Attacks" just about any day of the week and you will almost
    > always see that Linux Web site defacements are higher than Windows by a
    > ration of almost 3:1.


    If I look at Zone-hs verified attacks for today, it shows 56.5% Windows
    v 36.8% Linux...

    Pulling a MS Nathan? being selective in our statistics are we?

    > He waffles on about how bad IIS is, brings up the Code Red worm BO which
    > is fair enough. But what isn't fair is that he had to go back 4 months
    > or so to get 40 vulns for RH and a whole year for Windows Server 2003.


    MS has been renowned for taking sample periods from public data to show
    Linux is weaker, yet moving that sample period by as little as 25% shows
    a different result.

    > MSFT and their customers knew IIS4/5 was bad, so put it through the
    > TrustWorthy Computing ringer, and designed the thing from the ground up
    > and rewrote it to be significantly more secure. IIS6 is built into
    > Windows Server 2003, and it is widely acknowledged to be the most secure
    > version of IIS ever.


    Someone once told me this, while mentioning a country's top submariner,
    "its like spotting the tallest amongst midgets, big deal".

    Regardless IIS5 can be made to be secure, just
    > like earlier versions of Apache can be - its just that you have to jump
    > through hoops, and it is too easy for people to get the configuration
    > wrong and then get 0wned.
    > If he's going to be be fair and base arguement on facts we would be
    > comparing IIS4/5 with dodgy old versions of Apache too -


    Lets go there, lets look at how many exploits and holes there are in say
    5 years of apache and 5 years of IIS, still want to go there Nathan?

    I don't think
    > you want to go there right? There has been 1 vuln with IIS6 IIRC
    > throughout its life, I'm damn sure Apache can't claim the same,
    > especially when you look at a real work workload like an Application
    > Server, not just a "static web httpd"


    Apache still has the biggest active site numbers, give up trying to
    compare apples with oranges.

    >
    > Once again he is comparing Windows old stuff with Linux new stuff. Sure
    > IE is built into the Windows platform and can't be removed. Fact is tho
    > that XPSP2/Server 2003 SP1 brings the browser security to a whole new
    > level. Most of the recent IE vulns don't apply to XPSP2 and Server 2003
    > with IE lockdown. Likewise a bunch of them are mitigated by running as
    > a user. Not rocket science there
    >
    > His assertion that Linux servers are ideal for headless non-local
    > administration is exactly the same for Windows Server 2003. Windows
    > Server 2003 locks down the browser, and it certainly is not recommended
    > to run a browser locally on the Server logged in as root. Same for Linux.


    Yes a bit pointless.

    > Look at Mozilla FireFox, there has been a bunch of vulns just recently
    > going through the RC and PR releases that needed updates. We have seen
    > a significant rise in vulnerability reports in Mozilla and the entire
    > Mozilla suite. Especially as the much publicised migration of users
    > from IE to Mozilla on the basis of what was originally believed to be a
    > product suite less vulnerable to attack. Expect more - attackers are
    > clearly targetting the increasing usage of Mozilla.


    That may well be, but at present running Mozilla/Firefox etc on NTx
    gives users a breathing space of safety.

    Running Mozilla/Firefox on Linux means that when exploits do start to
    arrive for these platforms they will be far more limited in effect.

    >
    > The codswallop titled "Patches and Vulnerabilities Affecting Microsoft
    > Windows Server 2003" is a laugh - all the admins I know leave the IE
    > settings on the server alone, and certainly don't surf untrusted
    > websites while logged in as administrator. The attack vectors that he
    > states are mitigated by running as an unprivleged user under Linux are
    > exactly the same as for Windows Server 2003 too. Albeit slightly harder
    > to achieve under Windows, but this is a admin training/education issue
    > rather than an inherent fault.


    Didnt Gates say win2kx was easier to setup and use than Linux?

    I really don't think Microsoft promotes
    > the "local familiar Windows desktop as the prime advantage to Windows
    > Server 2003" Anyone who is serious about server computing will setup
    > remote administation, automated monitoring etc. This is not unique to
    > Linux
    >
    > There's probably more inaccuracies, thats a start to get the ball
    > rolling. If some of these fundamental things are wrong, what else can
    > be wrong too?
    >
    > Nice rant. Full of holes. Linux has its own set of challenges, and
    > Windows isn't so bad afterall.
    >
    > Insert head back into sand...


    Well we have round 3 from Novell,

    http://news.zdnet.co.uk/software/linuxunix/0,39020390,39171756,00.htm

    "...Novell's Hogan also questioned Ballmer's statement that the reports
    cited are independent, giving an example where Microsoft was permitted
    to fine-tune a set-up, while Linux was run off an emulator..."

    Credability Nathan.

    Its MS's to loose not Linux to take it away.

    regards

    Thing
     
    thing, Oct 31, 2004
    #19
  20. Troglodyte

    Guest

    On Mon, 01 Nov 2004 09:15:27 +1300, thing wrote:

    > If I look at Zone-hs verified attacks for today, it shows 56.5% Windows
    > v 36.8% Linux...


    And then you also have to factor in the fact that *nix based websites are
    the majority and Windows based websites are a minority.

    And then the above statistics look even worse.


    Divine

    --
    43 - for those who require slightly more than the answer to life, the universe
    and everything.
     
    , Oct 31, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. monique

    why do i keep gettin this message..........

    monique, Nov 15, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    525
    BuffNET Tech Support - MichaelJ
    Nov 15, 2003
  2. Annika1980

    GETTIN SQUIRRELLY WITH THE D60 !!!

    Annika1980, May 2, 2004, in forum: Digital Photography
    Replies:
    14
    Views:
    490
    Marli
    May 5, 2004
  3. ChrisCoaster

    Gateway Millennium machine gettin' its freak on

    ChrisCoaster, Dec 12, 2006, in forum: Computer Information
    Replies:
    0
    Views:
    380
    ChrisCoaster
    Dec 12, 2006
  4. Annika1980

    GETTIN ALL FLOWERY WITH THE 20D !!!

    Annika1980, Nov 13, 2004, in forum: Digital Photography
    Replies:
    9
    Views:
    277
    Aerticus
    Nov 14, 2004
  5. Nick

    Recon ol Bills gettin worried ?

    Nick, Jun 26, 2004, in forum: NZ Computing
    Replies:
    8
    Views:
    429
    Steven H
    Jun 29, 2004
Loading...

Share This Page