RE: [ok] [Full-Disclosure] RE: [Full-disclosure]MS should re-write code with security in mind

["Curt Purdy" <purdy () tecman com>]

Clairmont, Jan M wrote:
> M$ should just bite the bullet and re-write windows with 
> security in mind, give it a true process scheduler, multi-user
> with windows as a client server processes.
<snip>

It ain't gonna happen.  There is so much legacy code, dating all the way
back to NT 3.5 in 2K XP that no-one really knows how it works.  Of course,
that is the beauty of open-source, lots of people know how Linux works.  

Of course you don't have to be open-source to be secure, as Netware was
always built with security in mind.  Novell engineers have a saying, "We
patch Netware twice a year whether it needs it or not."  I hate to see it
go.  I love SuSE linux, am running the 64-bit version on AMD, but I wish
they were keeping the Netware kernal also, for my security-critical clients.
Sadly, the days of not having to run around patching servers all the time
will be gone after Netware 7.

BTW, when I have to run windows (rarely), I start a VMWare session under
SuSE, do what I need, and close it out as quickly as possibe, after checking
for patches of course ;)

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke

<<attachment: winmail.dat>>