2CPU

Main Menu

· Content
· News
· Articles
· Mailinglists
· Knowledgebase
· Trouble Tickets
· Files
· Glossary
· Links
· Compatibility Lists
· Forums

News

· News Overview
· News Channels
· News Archive
· Search News
· Submit News

What's New

Login to see an overview of all news stories since your last visit.

News Channels

· General Site News
· Folding@Home
· SETI@Home
· General Web News
· General Distributed Computing
· RC5
· General Articles
· Hardware
· Motherboards
· Video Cards
· Storage
· Cases
· Optical Drives
· Barebones, Servers and SFFs
· Processors
· General Hardware
· Operating Systems
· Applications
· How-To
· General Technical
· Frequently Asked Questions
· Editorials
· Press Releases

News Tags

The news tag list is currently empty

Online Users

There are currently 9 user(s) online

Managed with Contentteller(R) Community Edition, (C) 2002 - 2009 Esselbach Internet Solutions. The Community Edition of Contentteller(R) is free software released under the GNU/GPL v3

Latest News

· Best CPU: 10 top processors from AMD and Intel
· Happy New Year
· AMD aim Opteron at the Cloud
· Cisco doing the silicon shuffle
· Juniper goes after the SDN market
· China gives birth to Godson, rival Intel
· HP intros the Proliant SL4500 series Server
· Tech Jobs and Minimum wage
· Linux Mag's Linux for Small Business Servers
· AMD's Sweet 16

Top News

· Best CPU: 10 top processors from AMD and Intel
· Samsung To Enter the Server Market?
· Weekend Topic: Should employers be able to fire employees caught looking for job
· Site Redesign: Comments? Suggestions? Help?
· Poll Time: Milkshake - Beverage or Dessert?
· Help Wanted!
· Neoseeker plays with Iwill's DVD266-R!
· Honesty: The best policy?
· It's Official: nitro_fish owns me...
· No comment!

Latest Poll

There are currently no polls in the news database

News Archive

· November 2015
· January 2013
· December 2012
· November 2012
· October 2012
· August 2012
· July 2012
· June 2012
· May 2012
· April 2012
· March 2012
· February 2012
· January 2012
· December 2011
· November 2011
· April 2011
· March 2011
· February 2011
· January 2011
· November 2010
· October 2010
· September 2010
· August 2010
· July 2010
· June 2010
· May 2010
· April 2010
· March 2010
· February 2010
· January 2010
· December 2009
· September 2009
· August 2009
· July 2009
· June 2009
· May 2009
· April 2009
· March 2009
· February 2009
· January 2009
· December 2008
· November 2008
· October 2008
· September 2008
· August 2008
· July 2008
· June 2008
· May 2008
· April 2008
· March 2008
· February 2008
· January 2008
· December 2007
· November 2007
· October 2007
· September 2007
· August 2007
· July 2007
· June 2007
· May 2007
· April 2007
· March 2007
· February 2007
· January 2007
· December 2006
· November 2006
· October 2006
· September 2006
· August 2006
· July 2006
· June 2006
· May 2006
· April 2006
· March 2006
· February 2006
· January 2006
· December 2005
· November 2005
· October 2005
· September 2005
· August 2005
· July 2005
· June 2005
· May 2005
· April 2005
· March 2005
· February 2005
· January 2005
· December 2004
· November 2004
· October 2004
· September 2004
· August 2004
· July 2004
· June 2004
· May 2004
· April 2004
· March 2004
· February 2004
· January 2004
· December 2003
· November 2003
· October 2003
· September 2003
· August 2003
· July 2003
· June 2003
· May 2003
· April 2003
· March 2003
· February 2003
· January 2003
· December 2002
· November 2002
· October 2002
· September 2002
· August 2002
· July 2002
· June 2002
· May 2002
· April 2002
· March 2002
· February 2002
· January 2002
· December 2001
· November 2001
· October 2001
· September 2001
· August 2001
· July 2001
· June 2001
· May 2001
· April 2001
· March 2001
· February 2001
· January 2001
· December 2000
· November 2000
· October 2000
· September 2000
· August 2000
· July 2000
· June 2000
· May 2000
· April 2000
· March 2000
· February 2000
· January 2000

Theme Selector

The theme override option is disabled

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

2CPU.com » News » August 2004 » Windows Not Expected Secure Until 2011

Windows Not Expected Secure Until 2011

Posted by: duke on: 08/31/2004 02:18 PM [ Print | 22 comment(s) ]

Slashdot has linked to an interview in Wired Magazine with Microsoft's Security Program Manager, Stephen Toulouse.
WIRED: It's been more than a month since the first news of Download.Ject, and you still haven't issued a real fix for Internet Explorer. How long is it going to take? TOULOUSE: The first step was to block this specific attack. The malicious software was being delivered from a server in Russia. We worked with law enforcement to get that shut down. And our product teams released an update that blocked the downloads that Ject had hacked. It was not specifically a security update for Internet Explorer. We're still working on that.
Read the remainder of the interview for yourself.


Digg it! Slashdot Del.icio.us Technorati Fark it! Binklist Furl Newsvine Windows Live Netscape Google Bookmarks Reddit! LinkaGoGo Tailrank Wink Dzone Simpy Spurl Yahoo! MyWeb NetVouz RawSugar Smarking Scuttle Magnolia BlogMarks Nowpublic FeedMeLinks Wists Onlywire Connotia Shadows Co.mments

Related Stories

08/19/2004 03:24 PM: Windows XP/Windows Server 2003 64-Bit Updated by Jim_
OSNews let me know that updated builds of Windows XP/Windows Server 2003 64-Bit are now available for download. Windows XP Professional x64 Edition Customer PreviewWindows Server 2003 for 64-Bit Exten...

08/10/2004 02:20 PM: Windows XP SP2 Network Installation Package by Jim_
Hooz let me know that Microsoft has posted a link to their Network Installation Package for Windows XP Service Pack 2. They've released this to make it easier on us IT professionals who'll be installi...

08/02/2004 01:52 PM: Windows Server 2003 gets free X86-64 upgrade options by Forge
Cnet notes this morning that purchasers of Windows 2003 Server are going to get their 64bit OS for free:customers that buy a 64-bit Opteron or Xeon server and pay for a license to Windows Server 2003 ...

07/28/2004 02:09 PM: Microsoft Delays Windows XP64 by Jim_
C|Net is reporting that Microsoft will be delaying an update to Windows Server 2003 (SP1) and its first version of Windows for 64-bit processors. The software maker said Windows Server 2003 Service P...

07/13/2004 02:24 PM: Microsoft Delays Windows XP Service Pack 2 by Jim_
Microsoft's eagerly anticipated Service Pack 2 for Windows XP has been delayed again! Slashdot has the information. Microsoft has once again delayed its release of Service Pack 2 for Windows XP, thoug...

07/07/2004 09:19 PM: MS Windows XP 64-bit Edition Does not Run on Intel by Jim_
X-Bit is running a report from InfoWorld stating that Microsoft's upcoming 64-bit version of Windows XP does not run on Intel's recently released 64-bit processors. ...current beta version of Microsof...

07/07/2004 06:39 PM: Windows XP 64 Security Update by Jim_
AMDZone is reporting that Microsoft has released a security patch for Windows XP 64. Adodb.stream provides a method for reading and writing files on a hard drive. This by-design functionality is some...

06/30/2004 02:08 PM: Windows XP64 will be OEM-only! by Jim_
The Inquirer is reporting that Microsoft Windows XP64 will only be available in OEM form. No retail version of the operating system is expected. Microsoft is working on a scheme to allow people to tra...

06/16/2004 05:09 PM: Windows XP SP2 RC2 is finally out by Jim_
Lots of us have been waiting for Windows XP Service Pack 2 with bated breath for awhile now, and apparently it's at least made it to RC2! If you're brave enough to try it, you can grab it over here. ...

05/25/2004 08:22 PM: Microsoft creating Windows for supercomputers by Jim_
Hooz let me know about this story over at C|Net. Microsoft has launched an effort to produce a version of Windows for supercomputers. Trying to gain share in a market currently dominated by open-sourc...


« Itanium sales fall $13.4bn shy of $14bn forecast · Windows Not Expected Secure Until 2011 · FreeBSD Popularity Contest »

Comment

Methos
Registered User


Posts: 89
Joined: 2002-12-28

#31544 Posted on: 08/31/2004 06:57 PM
I don't think that he really means that 'Windows Will Be Secure in 2011', though it does make for a good headline. Computer Security is going to be an important part of every OS's future, not just windows, and everyone had better have a long term plan for it, or they are going to find themselves sad pandas.

I'd rather read that they are in year 3 of their 10 year plan than read 'Oh yeah, we fixed that shit, we is goods to go'.

I'm curious to know if any of the major linux distributors have any such long term plans.

Comment

DPMitchell
Retired Researcher


Posts: 149
Joined: 2004-08-21

#31545 Posted on: 08/31/2004 08:02 PM
So Microsoft thinks security is a hard probelm and will take years. Why is that supposed to be perceived as negative? Let's take a quick look at the CERT advisories on security vulnerabilities:

Windows - 1076 reports
Linux - 1136 reports

IIS - 171 reports
APACHE - 260 reports

This doesn't tell me that open source software is better or more safe. Windows is under heavy attack all the time, but I see no evidence that switching to Linux really solves that problem.

PS. BSD - 177 reports (grin)

Comment

rmn
oh my, it's huge!



Posts: 5894
Joined: 2002-01-26

#31546 Posted on: 08/31/2004 09:10 PM
How does the number of reports tell you anything about how serious they are? It's like comparing a guy with "one injury" (lost a leg) with another thas has "30 injuries" (scratches and skin cuts).

I agree Windows isn't particularly less secure than other operating systems, though; it usually boils down to the administrator. A known vulnerability can usually be avoided. But vulnerabilities in Windows are harder to find and understand correctly, due to its closed source nature, and therefore harder to work around.

RMN
~~~

Comment

Occupant
Registered User


Posts: 2405
Joined: 2002-03-04

#31547 Posted on: 08/31/2004 09:19 PM
Originally posted by DPMitchell
So Microsoft thinks security is a hard probelm and will take years. Why is that supposed to be perceived as negative? Let's take a quick look at the CERT advisories on security vulnerabilities:

Windows - 1076 reports
Linux - 1136 reports

IIS - 171 reports
APACHE - 260 reports

This doesn't tell me that open source software is better or more safe. Windows is under heavy attack all the time, but I see no evidence that switching to Linux really solves that problem.

PS. BSD - 177 reports (grin)


Also keep in mind, the time lag between reports and fixes. I think most linux fixes are available in hours to days, where windows its weeks to months... (sometimes many many months)

Comment

AssKoala
Anti-Zealot @ GATech



Posts: 3302
Joined: 2002-01-02

#31548 Posted on: 08/31/2004 10:06 PM
Originally posted by Occupant
Also keep in mind, the time lag between reports and fixes. I think most linux fixes are available in hours to days, where windows its weeks to months... (sometimes many many months)


And in many cases, they don't (completely) work the first time and take a couple weeks or months to get truly fixed.

As rmn said, Security is all under the care of the Administrator. If you're running a system that hasn't been rebooted in two weeks, chances are its open for attack.

Security is active, not passive, no matter what Operating System you're using.

Note that there are security oriented projects (Gentoo Hardened, SELinux) and, of course, the BSD's (OpenBSD being the security focused OS). These have their own exploits that are occasionally found (except OpenBSD which hasn't had a remote exploit in how long?) and as such require updating on a regular basis.

Me Webpage | If you always think like an expert, you'll always be a beginner. | "A handful of knowledgeable people is more effective than an army of fools" -Writing Secure Code, 2nd Ed.

Comment

Vuke69
Bitpimp



Posts: 341
Joined: 2001-03-16

#31549 Posted on: 08/31/2004 10:16 PM
Originally posted by DPMitchell
So Microsoft thinks security is a hard probelm and will take years. Why is that supposed to be perceived as negative? Let's take a quick look at the CERT advisories on security vulnerabilities:

Windows - 1076 reports
Linux - 1136 reports

IIS - 171 reports
APACHE - 260 reports

This doesn't tell me that open source software is better or more safe. Windows is under heavy attack all the time, but I see no evidence that switching to Linux really solves that problem.

PS. BSD - 177 reports (grin)


That is not an apples to apples comparison.

Windows is one small, clearly defined OS, and a handfull of apps and services from a single vendor.

Linux is an all together different beast. There are dozens upon dozens of different distros, and tens of thousands of apps and services included in each.

Even if you just compare kernel to kernel, it's impossible. With windows there is one kernel (per release) plus the microsoft supplied patches to that kernel. With linux there are literally thousands of different kernel revisions, from major revisions, down to daily builds. Plus many thousand more kernel patches made by whover picks up a keyboard and fixes or enhances something.

The only somewhat fair and unbiased comparison I can think of is to take the whole of the code that would be concidered part of either Windows, or Linux, in the eyes of CERT. And come up with either advisories per line of code, or per MB of code, or something similar, for each platform. Possibly weighted values based on severity, and remove all the duplicates. (there are many dupes on the linux side)

If nothing else, it would be a generic metric for the security quality of the code.

In such a comparison, I am quite comfident that windows would come out looking like a silly, insecure, toy; just waiting to break.

But I must also add, that just because a particular vuln is in an OS, does not by any means that it is exploitable on any given box. A good Windows admin can lock down a Windows box just as good as a good Linux admin could to a Linux box. On the other side of the coin, a lazy or incompetent admin could easily take the most secure platform possible, and make it wide open, in only a couple of keystrokes, or mouse clicks.

The moral of the story is:

It's the man that makes the security, and its the man that can break the security.

The other moral of the story is:

Dont take for granted that something is secure, only to have a 12 year old prove you wrong. Turn off all unneeded services, block all unneeded ports, and guard the hell out of any services and ports you must have up/open.

Comment

DPMitchell
Retired Researcher


Posts: 149
Joined: 2004-08-21

#31550 Posted on: 09/01/2004 12:05 AM
Its a given that just looking at numbers of CERT reports doesn't tell you everything, although its a big sample size, so it does say that on the average, there is no obvious evidence that one system is intrisically more secure than the other.

I'm trying to be skeptical, not dogmatic. Microsoft says it will take years to make Windows secure, which doesn't surprise me. I don't think this means Microsoft programmers are incompetant, or that Linux programmers will achieve security any sooner.

It's interesting because security is a big part of the marketing campaign for open source products. Convert, and you will not be a target of hackers. The argument never really appealed to me. Its like telling a company they won't be bombed if their employees convert to another religion.

Comment

XWRed1
Registered User



Posts: 185
Joined: 2001-08-27

#31551 Posted on: 09/01/2004 12:35 AM
How does the number of reports tell you anything about how serious they are? It's like comparing a guy with "one injury" (lost a leg) with another thas has "30 injuries" (scratches and skin cuts).


Or maybe a high number of reports is good?

A higher number might mean more people are finding more vulnerabilities and fixing them before they are used in the wild.

Comment

stmok23
Registered User


Posts: 797
Joined: 2002-02-02

#31552 Posted on: 09/01/2004 12:46 AM
Generally, more bad reports are interpreted as bad. Less problems the better.

But this "number of reports" BS doesn't include factors discussed in this thread or previous threads relating to OSs and security.

Please stop posting the numbers of CERT advisories, because they simply mean jacksh*t to folks who know what's going on.

They're often used by third-parties paid by MS to spread FUD to potential users wishing to use open-source solutions.

Sempron (Socket 754): 2x Abit NF8-V (nForce3 250Gb) and ASRock K8SLI-eSATA2 (ULi M1697) Dual CPU love: Supermicro P6DBE (i440BX), PIIIDRE (i840), 2x PIIIDR3 (i840), 4x ASUS P3C-D (i820), and ACorp 6A815EPD1 (i815EP) OSs?: Linux, Solaris and BSDs.

Comment

rmn
oh my, it's huge!



Posts: 5894
Joined: 2002-01-26

#31553 Posted on: 09/01/2004 12:51 AM
Originally posted by Vuke69
Windows is one small, clearly defined OS, and a handfull of apps and services from a single vendor.


Is it? Windows NT, 98, ME, 2000, XP, some of which come in flavours of Home, Workstation, Professional, Server, Advanced Server and Datacenter, and can include different versions of IIS, MSIE and OE (which I mention because they're the main "swiss cheese" elements).

True, it doesn't have as many personalities as Linux (from those 1136 reports, probably no distro suffers from more than half), but it's still quite far from a "clearly defined OS".

I'm pretty sure Microsoft could make Windows "secure" (in terms of bugs, at least - some features will always be a tradeoff between functionality and security) in 4 or 5 years... if they stopped changing it. But they won't, so new bugs and new "feature-based" vulnerabilities will keep popping up.

RMN
~~~

Comment

DPMitchell
Retired Researcher


Posts: 149
Joined: 2004-08-21

#31554 Posted on: 09/01/2004 02:37 AM
Thanks, I was waiting for someone to suggest I was being paid by Microsoft, and to use the term "FUD".

Comment

incognito9
Registered User


Posts: 314
Joined: 2002-09-17

#31555 Posted on: 09/01/2004 02:54 AM
Windows is actually expected to be secure someday?

That's Great!!

Comment

Vuke69
Bitpimp



Posts: 341
Joined: 2001-03-16

#31556 Posted on: 09/01/2004 06:32 AM
Originally posted by rmn
Is it? Windows NT, 98, ME, 2000, XP, some of which come in flavours of Home, Workstation, Professional, Server, Advanced Server and Datacenter, and can include different versions of IIS, MSIE and OE (which I mention because they're the main "swiss cheese" elements).

RMN
~~~


To some extent yes, but many of the flavours have very little difference between them. For example, the difference between XP home and professional is only 3-4 .DLLs everything else is identical. The difference between the four 2k versions is somewhat larger, but not by a great margin. 2003 server I'm not so sure about, there has got to be at least a dozen different versions, and all I have ever used is standard.

So you do have a valid point, but it would still be possible come up with a list (yes a very large list) of every discrete version of every file ever distributed with windows of any version. But if that list were made, I would highly doubt that the total size would be greater than 4-5 GB. Is that an absurd ammount of code? Yes, by all means. Is it more than a comparable list of linux? No way in hell. Just to pull numbers out of my ass ( I like to do that, I guess ) I would guesstimate that the linux list would be closer to the 100-150GB range, if not larger.

If my head is up my ass, please, someone tell me. But I think I have a valid argument.

Also, I am in no way bashing windows. I have been using linux since approx 1997, and windows not much earlier than that. Dos was my first true love. I have approx equal experience on each. And each have their strong points and their weak points. I use both at home, and I use both at work, hell my job is getting them to play nice together. And they really do complement each other quite nicely. I do however have a couple of problems with microsoft as a company, and some of their business tactics. But that can be a subject of a different oral bowl movement.

Comment

AssKoala
Anti-Zealot @ GATech



Posts: 3302
Joined: 2002-01-02

#31557 Posted on: 09/01/2004 08:34 AM
Originally posted by Vuke69
If my head is up my ass, please, someone tell me. But I think I have a valid argument.


It's pretty far up there. The argument is valid only if you you make things up.

100-150GB? Are you throwing in every package you can think of? Those numbers aren't for Linux + every package in a distro. Mozilla has vulnerability advisories, they don't get applied to the Linux total.

Go to Secunia, OSVDB, Securityfocus, whatever, and watch the vulnerabilities out for everything every day. You'd be surprised how many Linux kernel vulnerabilities are out regularly compared to the number of Windows kernel vulnerabilities. Windows gets attacked with separate parts, the Linux kernel alone can pull off an amazing number of holes. Checking out the source code can tip you off for that in some areas.

In other words, Linux is no more secure than Windows. If you haven't installed/patchedAndRebuilt a new kernel in two or three weeks, chances are you've got a nice hole that needs exploiting.

Security is active.

Me Webpage | If you always think like an expert, you'll always be a beginner. | "A handful of knowledgeable people is more effective than an army of fools" -Writing Secure Code, 2nd Ed.

Comment

Vuke69
Bitpimp



Posts: 341
Joined: 2001-03-16

#31558 Posted on: 09/01/2004 10:38 AM
Every package in every release of ever major distro, with no duplicates. Thats what they count as linux.

To me, linux is a kernel. But that wouldn't be a fair comparison either.

What would you propose as a fair basis of comparison?

I do however wonder where they came up with those CERT advisory numbers. For example, searching through the CERT database, I can only find 65 that even mention Apache, thats a few shy of 260. And most of them are not really for Apache, they are for third party app servers, and misc modules.

The more I think about it though, this is a really stupid argument. Why did I ever open my mouth (er... keyboard?) So I'm going to shut my mouth now, and stay out of the OS holy war.

Comment

Vuke69
Bitpimp



Posts: 341
Joined: 2001-03-16

#31559 Posted on: 09/01/2004 10:41 AM
Originally posted by AssKoala
Security is active.


I second that .

Comment

sAvAgE69
Unregistered



#31560 Posted on: 09/01/2004 11:14 PM
Originally posted by DPMitchell
So Microsoft thinks security is a hard probelm and will take years. Why is that supposed to be perceived as negative? Let's take a quick look at the CERT advisories on security vulnerabilities:

Windows - 1076 reports
Linux - 1136 reports

IIS - 171 reports
APACHE - 260 reports

This doesn't tell me that open source software is better or more safe. Windows is under heavy attack all the time, but I see no evidence that switching to Linux really solves that problem.

PS. BSD - 177 reports (grin)


Price of Windows License Depends on what you buy
Price of BSD License FREE :D
Price of Linux FREE :D

Every Operating system has it's bugs and the fixes are out in linux the development and fixes do come out faster than windows.

Comment

AssKoala
Anti-Zealot @ GATech



Posts: 3302
Joined: 2002-01-02

#31561 Posted on: 09/01/2004 11:27 PM
Originally posted by sAvAgE69
Price of Windows License Depends on what you buy
Price of BSD License FREE :D
Price of Linux FREE :D

Every Operating system has it's bugs and the fixes are out in linux the development and fixes do come out faster than windows.


Price of time spent per hour on irc channels and googling bug fixes, hardware support intricacies, reading manuals for Linux and BSD.....

TCO isn't initial cost alone, not that TCO of BSD or Linux are greater than Windows, only that there are far more factors involved.

Me Webpage | If you always think like an expert, you'll always be a beginner. | "A handful of knowledgeable people is more effective than an army of fools" -Writing Secure Code, 2nd Ed.

Comment

rmn
oh my, it's huge!



Posts: 5894
Joined: 2002-01-26

#31562 Posted on: 09/02/2004 01:50 AM
Most "TCO" studies about Windows assume that everyone knows how to use Windows, and that no-one knows how to use the alternatives. As they all become more and more similar, that argument is kind of hard to hold up.

Easy issues are usually easy to solve in any OS. With more complex issues, you'll always need to spend some time investigating and learning (or pay someone to solve them for you). There's probably more information available about Windows, but most if it is more superficial, and it's much harder to contact the developers directly.

I use mainly Windows because it gets the job done and runs most of the software I need or like. But if I was developing software for a specific task, or setting up a "mission critical" server, I'd probably go for Linux / BSD / QNX instead.

RMN
~~~

Comment

Big B
Psychic or Psycho?



Posts: 3631
Joined: 2001-07-03

#31563 Posted on: 09/02/2004 03:09 AM
No OS is 100% foolproof. No OS will ever be 100% secure.

Why? Humans screw stuff up, and there will always be a security bug somewhere at some time on some OS, regardless of where it came from.

It does not matter if it's Windows, Linux, *BSD, Mac OS, QNX, etc...none are perfectly secure. I don't care what anyone says, there has to be some kind of administration to keep things in check.

MSI Z97S SLI Plus.Pentium G3258 @ 4.3GHz. 8GB GSkill DDR3-2133. Seagate 320GB. WD 1TB+160GB+160GB. LG DVDRW. XFX Radeon 7850. XFX 650W PSU. CoolerMaster 212 EVO. Win 7

Comment

Kimpsu
Registered User


Posts: 515
Joined: 2003-01-09

#31564 Posted on: 09/02/2004 06:18 PM
Originally posted by sAvAgE69
Price of Windows License Depends on what you buy
Price of BSD License FREE :D
Price of Linux FREE :D

Every Operating system has it's bugs and the fixes are out in linux the development and fixes do come out faster than windows.


But if you actually want some support for that... how much does a Red Hat Enterprise Linux AS server operating system, for example, cost?

I'll tell you:

for Intel x86, Intel Itanium2, Intel EM64T, AMD64, IBM POWER series it costs $1499 for the standard edition, and $2499 for the premium.

for IBM zSeries & s/390* standard costs $15000 and premium $18000
*IBM zSeries & s/390 subscriptions include the ability to run and support up 25 Enterprise Linux AS instances/images per subscription, per engine.

http://www.redhat.com/software/rhel/purchase/index.html

Comment

scythe
Quad nutty


Posts: 538
Joined: 2002-09-25

#31565 Posted on: 09/05/2004 01:24 AM
windows isn't secure... neither is linux... in my experience any server box with an os on it that is serving anything and is connected to the internet isn't secure and is a risk. how much of a risk is up to the systems administrator.
you put up a firewall... you have a real dmz for the web stuff and you block the hell out of the stuff on the internal network. pay attention to what is going on in your network and pay especially close attention to the "how much", "where" and "when" of your network traffic.
if you give a damn about or continue to argue about who's system is less/more secure you're just spending more time not paying attention to what you are being paid to pay attention to... that's just my take on it.

- Q6600 @ 3.0ghz (333x9) - 4x1gb DDR2 800 - HD4890 - Asus Maximus Formula X38 - 150GB RaptorX - Antec P180v2 w/ 550w Real Power Pro -

2CPU.com » News » August 2004 » Windows Not Expected Secure Until 2011