From: Kevin Sheldrake (kev@electriccat.co.uk)
Date: Sat Aug 21 2004 - 05:10:33 EDT
I disagree. Security is much more than patching an OS so that it achieves
an arbitrary security aim that it had so far been missing. Microsoft
finally fixed a number of the holes that the 'open sourcers' had been
laughing about. So what? Does this mean that they have changed their
development and release processes to reduce the number of security-related
bugs that hit the market? Or that they'll be quicker to respond to the
friendly 'open sourcers' who privately email them vulnerabilities? I'll
wait for some evidence before congratulating them, if you don't mind.
I'm not going to argue 'linux is better than Windows' because I think it
depends what your requirements are. I will point out, however, that it
is. ;)
And another thing ;) I don't think the simple test of 'can anyone hack
this unknown anonymous box on the Internet?' proves security either way.
I would gamble putting a Windows box (98 through to XP) directly on the
Internet with no MS firewall but with ZoneAlarm, as millions of broadband
end users are doing everyday. You may ask yourself why it has taken MS so
long to finally implement something that has been freely available to home
users for years.
I'm sorry if this post doesn't meet your 'MS is great' stance, but other
than all the things they've broken, I can't really see the changes that XP
SP2 claims to have made.
Kev
> This is such BS...
>
> Look, a lot of us aren't having any significant problems with SP2. MOST
> of the apps listed on the link you provide are home user apps, rather
> than corporate apps. Are there problems w/ SP2? Of course there are.
> MS made a lot of changes, and fallout is to be expected. This would be
> the same thing if the same level of changes were made to any other OS.
> Indeed, lets make a little guess that there are a million applications
> for Windows... this list has what, 20 entries? 20/1,000,000 = 0.002% of
> applications that are currently having problems. Get over it.
>
> If you're so against MS, DON'T USE THE STUFF. It really is that simple.
> All the open sourcer's tell us they make systems that are spiff, so use
> that... Oh, you say the performance sucks (ala OpenOffice)? You're
> frustrated that getting decent information and documentation is
> difficult? Well, hey, it's programmers, you don't expect a lot of docs
> from them. You don't know enough about linux and don't like having to
> tinker with it all the time to get it to work? Yeah, cars are like
> that, too... Come off this MS Bashing. They really did give us what we
> asked for -- I put a SP2 box out on the internet raw (without any
> customization after installation) and guess what... it survived 49 hours
> (and counting) without being compromised.
>
>
>
>
>
> -----Original Message-----
> From: Bill Burge [mailto:bill@burge.com]
> Sent: Wednesday, August 18, 2004 7:49 PM
> To: pen-test@securityfocus.com
> Subject: RE: XPSP2 compatability
>
> I'm gonna have to go with "grassy knoll shooters" for 500 dollars, Alex.
>
> Based on this list, I think there is a conspiracy afoot. I've dealt
> with Microsoft for many years and at MANY different levels ranging from
> customer to competitor to takeover object - I trust them as far as I can
> throw Redmond.
>
> The apps on the list represent many of the apps and families of apps
> that made Windows OS's (can I call them that?) popular. There are first
> run games, office productivity applications (many from MS, who would
> have already tested them and KNOWN they wouldn't work) and the
> anti-virus applications as well as PC protection apps many have come to
> rely on for a feeling of protection. They can't possibly think that the
> Windows using world would just go on without them?
>
> http://support.microsoft.com/default.aspx?kbid=884130&product=windowsxps
> p2
>
> And the list will only g-r-o-o-o-o-o-o-o-w...
>
> After getting kicked in the butt all around the 'Net for making an OS
> with all the security of cheese cloth, Bill G has come back and given us
> what "we asked for" - a "much more secure" (useless) version of Windows.
>
>
> I'm guessing there is already a less restrictive, more permissive,
> version of SP2 waiting in the wings (or reg setting). It might even be
> SP2rc2 (which might just be SP2 with the "added security 'off' by
> default") - but Windows users will have to choose to run a less secure
> Windows - and that is what he wants. "I gave you a more secure Windows
> - but you chose not to run it."
>
> Some call me paranoid, I call it experience... ;-)
>
> bb
>
>
>
>
> *********** REPLY SEPARATOR ***********
>
> On 8/17/2004 at 11:33 AM Jon Cheuvront wrote:
>
>> Same here, I've been using XPsp2RC2 with no problems, now WinPCAP is
>> broken and ethereal will not work (I use all day long with the admin
>> interface for NFR Sentivist). The only problem I have now is the
>> service pack will NOT uninstall, how would have guessed it crashes when
>> I try to remove it. I'm done with MS, I'm loading Linux and just use
>> vmware or rdc for the ms apps.
>>
>> -JC
>> ---
>> Jon Cheuvront
>> Network System Technologies, Inc.
>>
>>
>> -----Original Message-----
>> From: Roman Fomichev [mailto:from@e-solutions.lv]
>> Sent: Tuesday, August 17, 2004 3:52 AM
>> To: Anjin; pen-test@securityfocus.com
>> Subject: Re: XPSP2 compatability
>>
>> I have been using ethereal for years. I have been using XPSP2 since
> rc1.
>>
>> No problems.
>>
>> On Mon, 16 Aug 2004 22:50:32 +0930, Anjin <wildcard@internode.on.net>
>> wrote:
>>
>>> Following up on the item from James, it also seems that XPSP2 is
>>> incompatible with WinPCAP. Both Snort and Ethereal fail with an
>>> identical error when XPSP2 is installed. Removing the patch solves
>>> the problem.
>>>
>
>
>
>
> ------------------------------------------------------------------------
> ------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one
> interaction
> with one of our expert instructors. Check out our Advanced Hacking
> course,
> learn to write exploits and attack security infrastructure. Attend a
> course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
> ------------------------------------------------------------------------
> -------
>
>
>
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking
> course,
> learn to write exploits and attack security infrastructure. Attend a
> course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
> -------------------------------------------------------------------------------
>
>
>
>
> --
> Incoming mail is certified Virus Free.
> Checked by AVG Anti-Virus (http://www.grisoft.com).
> Version: 7.0.262 / Virus Database: 264.6.4 - Release Date: 19/08/2004
>
-- Kevin Sheldrake MEng MIEE CEng CISSP Electric Cat (Bournemouth) Ltd -- Outgoing mail is certified Virus Free. Checked by AVG Anti-Virus (http://www.grisoft.com). Version: 7.0.262 / Virus Database: 264.6.4 - Release Date: 19/08/2004 ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:00 EDT