-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm not going to further a MS vs unix argument but my point still stands on windows. Yeah IE and windows have a lot of holes but as a security conscious admin or manager you don't just say "well hell, lets put on anything we want, 200 potential holes isn't any worse than 100". IT business security is of utmost concern whether its protecting windows, Unix, open source software, etc. The same principles and practices must be followed. It's not a developers ass on the line if there is data loss at your company.
Configuration control isn't nearly as important as other security measures. I could go on for pages and hours about secuirty practices but I'll assume most list members have done their research and aren't blindly assuming they are secure just because they aren't running windows. On Wednesday 19 May 2004 7:04 am, Will Hill wrote: > That's a good point, but it obviously was not followed by any company that > deployed Microsoft desktops. The review process had to be bullshit because > the result has absolutely no configuration control besides firing people. > It really galls me when I hear that argument used against free software. > > The last big company I worked for had tried to tighten up on what got > installed on top of Windoze, but it was a charade given all the holes in > the platform itself. I remember them making a big deal out of deploying IE > 5.x. They stuck posters in the elevators about it coming. About the same > time, I got a mail bomb in Lookout that called IE to open dozens of porn > browsers and thrashed my hard drive doing God knows what. The Exchange > administrator told me this was "a normal part of advertising" and not to > worry, she go them all the time. Yeah, she had the ability to remotely > operate any desktop in the company. I tried to explain just how bad that > was, but she thought I was paranoid. It was totally clueless. I don't > want to even think about how infested those machines must have gotten. > > Windoze and *nix, especially GNU, are worlds apart when it comes to > security. Using a distribution like Debian, I know that real testing was > performed before release, that the application won't without warning and > irreversibly break others, and that I can have real configuration control > if I wanted. That configuration control is the first step in real security > that the Windoze world will never give you. > > On Tuesday 18 May 2004 11:19 pm, Bryce T. Pier wrote: > > You don't just install a new app, no matter how much you believe it to be > > secure, wonderful, etc. without a good reason and a lot of review. Why? > > Because each additional package on a system, windows, unix, whatever, is > > another possible attack vector. > > _______________________________________________ > General mailing list > General@brlug.net > http://brlug.net/mailman/listinfo/general_brlug.net - -- Bryce T. Pier [EMAIL PROTECTED] We are dreamers, shapers, singers and makers. We study the mysteries of laser and circuit, crystal and scanner, holographic demons and invocations of equations. These are tools we employ and we know many things. -Elric, Babylon5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAq2YNoNTOIKp/8CURAlxMAJ9ZYVgHwbTgYSmUI2T01sxjjRa01wCfSUqq v/lz0DImphkstwe/tacSmg0= =mT6v -----END PGP SIGNATURE-----
