[SNIP] > > Would you blame OpenBSD if a user got hacked because he hadn't bothered to > patch? > > I'm not arguing that Microsoft has done the right thing or even that their > OS is secure. (It isn't, and I refuse to use it as a server unless forced > to. I prefer to use FreeBSD whenever possible.) I'm arguing that you > can't blame Microsoft for malicious code that takes advantage of weaknesses > for which they have already issued patches, sometimes 12 months in advance > of an outbreak. *That* is a problem directly attributable to users. > > What you're trying to argue is that, if OS vendors would simply do the > right thing from the start, users would be protected despite their lack of > patching, and I am saying that is preposterous. *No* OS is so secure that > you can simply leave it on the Internet, never patch it, and still be > secure. >
Wasn't it you that made the argument during the msblaster episode that patching was a dead horse, that most env's of significatnly sized userbase were understaffed for the NUMEROUS patches that faced windows admins at the time and cuurrently? <perhaps I'm thinking it was you and in fact it was someone else> Either the arguement was false then and windows admins were and remain just plain lazy, or the argument was/is true and there's a problem within the core OS offered up from redmond... Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html