Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Re: Microsoft Coding / National Security Risk
From: "Steven Alexander" <alexander.s () mccd edu>
Date: Fri, 26 Mar 2004 11:53:08 -0800

/me pulls hair out.  

It is true that security is partly a function of the measures taken by
the people responsible for securing a machine or network.  However, an
insecure operating system will remain insecure even if managed by smart,
responsible security-conscious people.  

The security track record of Windows is pitiful!  Microsoft is notorious
for the number of bugs in their code, security related or otherwise.
Their authentication sucks; grab both of Mudge and Schneier's PPTP
papers off of www.schneier.com .  The password encryption sucks
(rainbowcrack anyone?).  The firewall capability distributed with the OS
is not even close to what is distributed with open source systems.  

The only buffer overflow protection available from Microsoft is the
simple StackGuard-like protection built into Windows 2003 (can be turned
on in Visual Studio by using /GS); however, Microsoft fucked it up
(http://www.nextgenss.com/papers/defeating-w2k3-stack-protection.pdf).
MS should really look to implement something stronger, at least as an
option for systems that *NEED* to be secure.

-steven



-----Original Message-----
From: joe [mailto:mvp () joeware net] 
Sent: Friday, March 26, 2004 10:24 AM
To: full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] Re: Microsoft Coding / National Security
Risk


<snip>

You can have people who don't know how to run Windows, Linux, VMS, or
ANY OS
or RTS. Security is a function of the quality of the people responsible
for
securing the boxes more so than the OS/RTS on the box.


<snip>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]