|
|
|
latsot
Skeptic Friend
United Kingdom
70 Posts |
 Posted - 07/05/2005 : 03:59:55 [Permalink]
|
quote:
Some Windows vulnerabilities should never have existed
I can only assume that you haven't been involved in developing large-scale software. Have you ever tried to analyse complex software for bugs? Especially for security bugs? It is hard. And you are always going to miss something. Don't be too quick to hand out criticism. Software is *complex*.
Oh, another thing that I ought to have mentioned in my other post on this thread. When you write software of any complexity, there are a number of competing things to consider. One is security, of course, one is offering services to users (and in the case of OS, applications programmers), cost, ease of use, etc. etc. etc. And there are always finite resources - even at ms and the design stage is partly about deciding what compromises to make. You can only go so far in every direction.
Unix as an OS doesn't offer the same facilities for application integration as windows does (I'm not going to defend this - I think its true, but if you dont agree take it as an example). Stuff like this is obviously going to make security more difficult. Improving security by removing features of the OS is not necessarilly a good move. But horses for courses. If you value security more highly, use an OS you feel gives better security. But get over the petty religious wars and learn how to assess security objectively.
Cheers
r
|
 |
|
|
Siberia
SFN Addict
Brazil
2322 Posts |
Posted - 07/05/2005 : 06:01:07 [Permalink]
|
Software is complex, and it doesn't even need a lot to completely boggle your mind.
Or maybe I'm just a lousy programmer... but hey, I'm getting the hang of it. |
"Why are you afraid of something you're not even sure exists?"
- The Kovenant, Via Negativa
"People who don't like their beliefs being laughed at shouldn't have such funny beliefs."
-- unknown
|
|
|
|
woolytoad
Skeptic Friend
313 Posts |
Posted - 07/05/2005 : 07:03:05 [Permalink]
|
I'm going to use an oft used example. But I'll avoid any issues related to windows internals, since I can't peak at those easily.
You know those Windows Messenger Spam alerts? http://www.jmu.edu/computing/security/info/winmsg.shtml
This is possible because port 135 (correct me if I'm wrong) is open by default. So people can communicate with your computer out-of-the-box. Most people don't know about this. Indeed I had no idea until I got my first spam message and found out that there are several ports open by default. With my little networks experience, it was clear that this is potentially a very bad thing. If someone can talk to my machine and there is an exploit in the Messenger Service, then someone can do something to my machine. Even worse, the window looks like a typical windows alert box. So there is an opportunity for social engineering there.
If I remember correctly, the service is used for sending users system messages and alerts for computers in a LAN. It's not useful at home.
I think it's 'obvious' since anyone with some networks knowledge will be suspicious of such a decision. The Windows team certainly knew the implications. Some of the MS devs are very good. This 'feature' should never even existed because not useful to most people yet it's still available by default. Since it's not a logic bug, someone loaded the service and left a port open consciously.
As noted, comparing OSes is difficult due to patches and such. But I think it's reasonable to assume that the average user will have internet. I also don't think my example is the most solid. But it does illustrate that there are things in Windows that just shouldn't be.
But yeah, arguing OSes is stupid. I use both Mac and PC myself. Mac is just my main system for work and general entertainment. I don't care what you use, I just thought people need to stop spreading the "security is related to install base" thing. Using a single metric to determine security is incorrect. |
|
|
|
latsot
Skeptic Friend
United Kingdom
70 Posts |
Posted - 07/05/2005 : 07:31:55 [Permalink]
|
quote:
Originally posted by woolytoad
I'm going to use an oft used example. But I'll avoid any issues related to windows internals, since I can't peak at those easily.
Oh well done. Thats a specific vulnerability in windows which, as far as I'm aware is turned off by default now. Even if it isn't, so what? Presumably there are flaws in mac, unix, whatever security.
Clap.
Oh - yawn.
No need to be so hostile. Every need to think about what security really means. Picking particular security flaws and arbitrarily deciding that they should never have occurred is pointless.
My point was really that deciding which system is more secure is as arbitrary as choosing a religion.
And my other point was that 'security' goes way beyond the facilities offered by the os anyway.
r |
|
|
|
latsot
Skeptic Friend
United Kingdom
70 Posts |
Posted - 07/05/2005 : 07:39:31 [Permalink]
|
quote:
Using a single metric to determine security is incorrect.
Who is doing this? Who on this forum has attempted to do so?
People have suggested that userbase is a factor and it is.
Nobody has suggested this is the only metric to use for evaluating security.
Get off your fucking high horse.
r |
|
|
|
Siberia
SFN Addict
Brazil
2322 Posts |
Posted - 07/05/2005 : 08:15:03 [Permalink]
|
| Fundie wars over OS systems... intriguing. |
"Why are you afraid of something you're not even sure exists?"
- The Kovenant, Via Negativa
"People who don't like their beliefs being laughed at shouldn't have such funny beliefs."
-- unknown
|
|
|
|
Dave W.
Info Junkie
USA
26022 Posts |
Posted - 07/05/2005 : 08:20:53 [Permalink]
|
quote:
Originally posted by latsot
Get off your fucking high horse.
Personally, the way I read the thread, I thought woolytoad was getting off the high horse with that last post. |
- Dave W. (Private Msg, EMail)
Evidently, I rock!
Why not question something for a change?
Visit Dave's Psoriasis Info, too. |
|
|
|
latsot
Skeptic Friend
United Kingdom
70 Posts |
Posted - 07/05/2005 : 09:13:18 [Permalink]
|
quote:
Originally posted by Dave W.
quote:
Originally posted by latsot
Get off your fucking high horse.
Personally, the way I read the thread, I thought woolytoad was getting off the high horse with that last post.
Perhaps.
He/she was making unsubstantiated claims.
r |
|
|
|
dv82matt
SFN Regular
760 Posts |
Posted - 07/05/2005 : 09:55:42 [Permalink]
|
quote:
Originally posted by latsot
quote:
Originally posted by woolytoad
I'm going to use an oft used example. But I'll avoid any issues related to windows internals, since I can't peak at those easily.
Oh well done. Thats a specific vulnerability in windows which, as far as I'm aware is turned off by default now. Even if it isn't, so what? Presumably there are flaws in mac, unix, whatever security.
Clap.
Oh - yawn.
No need to be so hostile. Every need to think about what security really means. Picking particular security flaws and arbitrarily deciding that they should never have occurred is pointless.
My point was really that deciding which system is more secure is as arbitrary as choosing a religion.
And my other point was that 'security' goes way beyond the facilities offered by the os anyway.
andquote:
quote:
Using a single metric to determine security is incorrect.
Who is doing this? Who on this forum has attempted to do so?
People have suggested that userbase is a factor and it is.
Nobody has suggested this is the only metric to use for evaluating security.
Get off your fucking high horse.
Um, yeah, woolytoad's the one being hostile.
Honestly latsot, you're the one being sarcastic and hostile. woolytoad's last post was downright conciliatory by comparison. |
|
|
 |
|
Topic Locked
