Another reason to despise Microsoft

[Hogg]

I have not paid much attention to the recent security flaws in Microsoft's products since, well, though their stuff looks nice and works well, it has been full of wormholes since the first operating system was ever released.

In this article, another one of Microsoft's flaws is exposed yet this is not a programming glitch nor a security flaw. Rather, it is a default feature of a product that few know about and it has recently caused embarassment for a number of unknowing users.

http://yahoo.businessweek.com/magazine/content/04_16/b3879047.htm


Honestly, my feeling is that open source is the way to go. I'll give you an example. Redhat linux ships with OpenOffice.org which is a product supported by Sun as an spin-off of their Star Office business productivity suite. It is provided with source code (should you choose to compile the product yourself) and thus has nothing to hide. MS products on the other hand are never provided with source code, barring certain items which have become "open" as a result of litigation. My point is, you never know what lurks in the bowels of microsoft products and given Gates' recent nuzzling with the music industry, it is not hard to believe that the founder of the world's largest operating systems company may in fact become the world's largest information-gathering Nazi.

When I scan across the horizon looking for neo-nazis, I see Geo. W giving the customary salute....with Bill Gates in tow right behind him and a Windows powered handheld firmly by his side.


On an unrelated note:

Another security issue that has popped up which involves none other than the nextel phones that we know and love. The latest and greatest model, I believe it is called the i70sx, has a built in GPS transceiver....so that you can track your employees, kids, or perhaps anyone that you can plant your nextel on....ie, their car. Now mind you, if this technology is available to the private sector, it makes you wonder what government back doors are planted in even the older models.

 

[Patuba]

Yes, Microsoft is horrible with their security flaws and how they collect information about their users but on the other hand I couldn't imagine what computers would be like today without them.

 

[oldtimer]

Hogg, open source is an illusion that most people believe without really knowing what it is. I don't want to delve in the gory details, but compare the security flaws on Windows XP/2k3 with RedHat and you'll get shocked.

Remember, RH9 support stops end of this month one year after its release. RH doesn't give you free SW anymore, you have to pay (RH Enterprise suite).

I have statistics, i can send them your way if you want. Did you know that in Europe Linux attacks are actually more the Windows?, yet, MS gets bashed because Linux is ignored.

The most famous research that got the market upside down was the forrester study: http://www.technewsworld.com/perl/story/33287.html

I've been in this market (security market) for a long time, it's not as simple as most people think.

-OT

 

[MD28]

Is my porn going to be affected in any way due to these security flaws?

MD280

 

[Hogg]

OT yes but, what about 2000, NT4, Win98.....

I have followed the evolution of the linux and FreeBSD operating systems since 1994 ...Linux has made marked advances as an OS in terms of end user coddling but the reality is, it is, and always has been as much Unix as everything else and thus far less prone to the attacks that microsoft had to learn about as they ported their Win3.1 product to work on TCP/IP....remember the days of NetBeui? Beyond that, look at SMB traffic as a whole......total vulnerability to wire sniffing and administrator password cracking from within via even the old and unsupported Lopht crack password hashing engine-hence now kerberos tickets and back end management networks in the 2000 server and beyond products....it took them a LONG time to reach this level.....

All the while, Linux has trudged on. Mind you, we left an RH6 sendmail box unpatched for 6 months until it got trin00'd......6 months of no patches. Microsoft, every month a new major flaw is exposed.

As far as Redhat, yes, 9 is down the tubes, but you should have been moving to Fedora long before that........Core 1 is out and has been stable for quite a while, Core 2 is available and is on its second or 3rd minor release....and the RH software is still very much free.

Also, let me ask you this OT, is Linux any less secure than Solaris, IRIX, AIX, HP-UX???

As far as the RH Enterprise suite, if you want to pay the money for their server products and middleware, then there is a price. On the other hand, you can set up a typical DNS/Sendmail/FTP/Ipchains/Apache box for a $ 0 software investment....it just depends if you want the additional features available via RH enterprise Linux and the and the ease of the RH update and support service.

Hogg, open source is an illusion that most people believe without really knowing what it is. I don't want to delve in the gory details, but compare the security flaws on Windows XP/2k3 with RedHat and you'll get shocked.

Remember, RH9 support stops end of this month one year after its release. RH doesn't give you free SW anymore, you have to pay (RH Enterprise suite).

I have statistics, i can send them your way if you want. Did you know that in Europe Linux attacks are actually more the Windows?, yet, MS gets bashed because Linux is ignored.

The most famous research that got the market upside down was the forrester study: http://www.technewsworld.com/perl/story/33287.html

I've been in this market (security market) for a long time, it's not as simple as most people think.

-OT

 

[oldtimer]

Try putting an unpatched Windows box. I did this with no SPs and no patches and no one can even access my box 'cept through 80/443. I installed URLScan on the box and confg'ed IPSec filters (filtering only, no encryption/authN), and it still stands all of today's attacks (can you believe that!, 5 years with no patches or SPs and it's resiliant). You see, it's knowledge that most people lack that hurts Windows most.

For NT 4/98, i totally agree with you. However, remember that NT 4.0 was designed in the early 90's, when the Internet was not there yet. If you compare this timeframe with Linux, Linux became stable (and usable) around 1996-1997 (if my memory serves my right). For 98, it was never meant to be used as it is now, it was for simple tasks and not for the Enterprise, but MS learned its lesson nevertheless.

-OT

 

[Desibaba]

Lets assume that someone goes back in time and kills bill gates before he developed microsoft.The world would be very different from what it is today.I bet we wouldnt be having our wonderful online steroid community either.Hows it goin oldtimer? Any lil oldtimers on the way yet?

 

[Bob Smith]

We'd all be running Macs and not having security or crashing problems.

 

[Hogg]

Try putting an unpatched Windows box. I did this with no SPs and no patches and no one can even access my box 'cept through 80/443. I installed URLScan on the box and confg'ed IPSec filters (filtering only, no encryption/authN), and it still stands all of today's attacks (can you believe that!, 5 years with no patches or SPs and it's resiliant). You see, it's knowledge that most people lack that hurts Windows most.

I assume this is an unpatched NT box with IPsec ? is this in a DMZ or is it out on the edge raw??

For NT 4/98, i totally agree with you. However, remember that NT 4.0 was designed in the early 90's, when the Internet was not there yet. If you compare this timeframe with Linux, Linux became stable (and usable) around 1996-1997 (if my memory serves my right). For 98, it was never meant to be used as it is now, it was for simple tasks and not for the Enterprise, but MS learned its lesson nevertheless.

-OT

True, and true. The internet was released to the public from Darpa in fall of 1993. that was back during the Win 3.1/3.11 years where you needed a winsock stack which was installed seperate from the OS. Linux, at that time, had a Unix-like kernel but did not have the full networking functionality of its Unix peers.....at that time, Sun was dominant along with AT&T Unix and HP-UX on HP risc boxes. I still have the old redhat release at home....dinosaur as it might be, but nevertheless a keepsake.

OT, do you remember when NT was certified under the government's trusted systems evaluation procedure. I believe it was NT3.5 that was certified and it was stripped down to nothing more than a stick and rudder. My things have come a long way.

 

[MD28]

I assume this is an unpatched NT box with IPsec ? is this in a DMZ or is it out on the edge raw??



True, and true. The internet was released to the public from Darpa in fall of 1993. that was back during the Win 3.1/3.11 years where you needed a winsock stack which was installed seperate from the OS. Linux, at that time, had a Unix-like kernel but did not have the full networking functionality of its Unix peers.....at that time, Sun was dominant along with AT&T Unix and HP-UX on HP risc boxes. I still have the old redhat release at home....dinosaur as it might be, but nevertheless a keepsake.

OT, do you remember when NT was certified under the government's trusted systems evaluation procedure. I believe it was NT3.5 that was certified and it was stripped down to nothing more than a stick and rudder. My things have come a long way.

I wonder how we would receive high volumes of porn without the Internet.

MD280

 

[Hogg]

I wonder how we would receive high volumes of porn without the Internet.

MD280

It would be back to the XXX theater sitting next to peewee herman getting your wank on .....Either that or donkey shows in tijuana

 

[jah_live10]

open source

 

[MD28]

Back to the good old glory holes I guess..... this time I shall make sure there are females on the receiving end.... not like those college pranksters that were acting like a female was on the other end but were actually 3 males.


MD280