mailing list archives
Re: Top10 Blowing Chunks :>
From: Wolfgang Kandek <wkandek () qualys com>
Date: Wed, 18 Sep 2013 18:10:37 -0400
Dan, I agree. If you have the technical skill you can select and maintain
any platform that is a less likely target of mainstream attackers, as long
as in still attends to your business needs. On the Microsoft side that
would be Windows 2000 I believe, maybe in 2 years Windows XP.
On the other hand, if you have that technical capability you could evaluate
running on another OS altogether, be it Mac OS X, Chromebooks or Linux.
Actually I do not understand why large organizations (governments) do not
have their own version of an operating system. How many people can it take
to audit and maintain a version of Linux, for example? The only effort I
know of along these lines is/was in Brazil.
For normal IT organizations I think is technically and commercially easier
to support the business and increase security by being on the latest
versions of OS and applications. Then use any remaining technical resources
to introduce variations (EMET, additional sandboxing) and invest into early
On Wed, Sep 18, 2013 at 6:23 AM, <dan () geer org> wrote:
Wolfgang, Once upon a time it was shown that the most attacked
versions of software tended to be one revision off of current,
leading to the strategy that you should keep up or stay well behind
(like a herd animal either staying in the center of the herd or
hiding in the bush but *never* being in the trailing edge of the
herd as that's where the predators were). Coupled with the observed
propensity of so many software houses to have upgrades that add
all-but-gratuitous features, it seemed almost preferable to take
the hide-in-the-bush strategy if you had any technical skill at
Expand on this in whatever direction you can, if you like.
Dailydave mailing list
Dailydave () lists immunityinc com