Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[agrohimgfu]

• <a href="https://www.port... by agrohimgfu
  [Yesterday at 01:50:21 AM]
• Professional Advice: Reco... by Davidfak
  [May 10, 2024, 11:59:18 AM]
• <a href="https://www.port... by Davidfak
  [May 10, 2024, 03:21:43 AM]
• <a href="https://www.port... by Antonioair
  [May 09, 2024, 04:28:57 PM]
• <a href="https://www.port... by Davidfak
  [May 07, 2024, 07:52:26 PM]
• <a href="https://www.port... by Davidfak
  [May 07, 2024, 01:37:16 PM]

Members

• Total Members: 4952
• Latest: WllkeiJocky

Stats

• Total Posts: 129628
• Total Topics: 7187
• Online Today: 151
• Online Ever: 1013
• (January 12, 2023, 01:18:11 AM)

[xolik]

I found this to be an interestring read.

http://seattletimes.nwsource.com/html/businesstechnology/2002182315_security17.html

[Demosthenes]

Nice.  

Well yeah, a Windows server IS more secure if you're comparing it to a Linux server not secured properly, which they did.  I read their "study" when this came out a couple of weeks ago and it was pretty funny.  

This is my favourite part from this article, however, something that apparently just doesn't get through to some people no matter how many times it's shot down as "valid" criteria:

They compared Windows Server 2003 and Red Hat Enterprise Server 3 running databases, scripting engines and Web servers (Microsoft's on one, the open source Apache on the other).

Their criteria included the number of reported vulnerabilities and their severity, as well as the number of patches issued and days of risk — the period from when a vulnerability is first reported to when a patch is issued.

On average, the Windows setup had just over 30 days of risk versus 71 days for the Red Hat setup, their study found.

Never mind the fact that the way they were comparing "severity" was totally apples and oranges.  

And the amount of time for patches to be released (by ONE linux vendor, Red Hat) is directly related to the severity level.  For patches that fix security issues that can result in the compromise of the box itself, they're a lot faster.

Unlike a certain company in Redmond that just sits on security holes until someone comes up with an exploit for them.  

In other words, you could reword their "findings" to something like:


Under ideal conditions, when compared to a Linux server that isn't secured properly, and when you don't pay close attention to the types of security fixes issued, and you only compare the number and severity of Microsoft security fixes to one Linux vendor, a Windows server is more secure.

[hackess]

Of course. Isn't that the way all good, reliable research is done?

[xolik]

I must confess to being eternally grateful for Microsoft for it's contribution to the Server platform. In all seriousness, the amount of overtime I've been paid so far this year alone to apply patches and updates has made this year start off great.

[Demosthenes]

I suppose there is that.

I would have to say that if it weren't for some rampant Microsoft OS problems with workstations and servers, I'd have a lot less to do at work.

Oh yeah, did I mention that Microsoft funds research in these areas at the facility which conducted the aforementioned "study"?  

But I'm sure that probably doesn't surprise anyone...

[Crystalmonkey]

*Gasp* I would have never guessed it!

 

[Demosthenes]

I mean, IBM funds research there too, but it's pretty clear from this "study" that objectivity wasn't exactly a priority to them.

[Anonymous]

Did you know that microsoft is now in the business of fighting spyware too? They have a beta anti spyware available. I suspect it's likely that they will eventually have retail versions of this anti spyware software for sale in the near future. Anyone see the irony? In the spirit of fabricating accurate Microsoft statements, allow me to say:

Instead of fixing the many vulnerabilities present in our EI browser, which is used by like 9 people out of 10, we will instead sell you a software that may correct the damage caused spyware. Spyware exploits our IE vulnerabilities and can really fuck up your PC, especially if you have limited knowledge in computers (which is our #1 target market). We could be upfront and simply state that we have no interest in fixing our EI vulnarabilities because of the capital it will generate thanks to our new anti-spyware solution but we won't. We're good at what we do. This is what we do: We've come up with yet another way to fill up our pockets with your hard earned cash. Thank you for being loyal to Microsoft, and most importantly, thank you for being an average idiot.

[Demosthenes]

Yeah, that's kind of like that company that would spam people via the Windows Messenger service, using it to pop up annoying messageboxes that they used to promote their "program" that could block such messages.

[hackess]

Judge, you mean IE, right?

Even better, you have to VALIDATE your version of Windows before they'll let you download and install certain things off their site, including their anti-spyware program.

Even better than that, is I seem to have tweaked my machine to the point where Windows Updates won't install if I use their stupid website, but I can manually download and install. Suck it, Gates.

[Anonymous]

Judge, you mean IE, right?

Yep. I type 30 words a minute with 2 fingers so that happens a lot.

Even better, you have to VALIDATE your version of Windows before they'll let you download and install certain things off their site, including their anti-spyware program.

Validation is optional for the anti-spyware, but still, the whole validate my windows option is pretty gay.

Suck it, Gates.

I'm sure he'd enjoy that!  

[ho0ber]

Sadly, most of my work-study job is cleaning up after the messes that IE makes.  I love the fact that Microsoft not only ignores the fact that IE is the root of almost everyone's spyware problems, but they also didn't even develop their own anti-spyware software.  They just bought someone else's technology.

Well, I guess it is good that they know they aren't capable of fixing the mess they made on their own.

This is why we install firefox on every machine we clean or re-image.  In fact, we hide IE if we possibly can.


I'm sick of spyware... and I know IE wouldn't suck quite so much if it wasn't the most common browser, but it just happens to be -- and therefore is the most targeted.  But I mean, come on... With the popularity comes SOME responsibility.

Although, I suppose all that spyware is great at convincing people to buy a new computer, or at least upgrade from Windows ME (fer-fucks-sake!).  So I take it back.  Windows is doing a great job making more money while pretending they care.  The upside is those gullable consumers throw away their 'broken' equipment where i can get my hands on it.

[Demosthenes]

This is why we install firefox on every machine we clean or re-image.  In fact, we hide IE if we possibly can.

We've started doing that at work, too.  In fact, we've been telling users that we "removed" Internet Explorer, so "here, use this instead" and point at the Firefox shortcut.

I don't think most of them have even noticed the difference.

And in a few cases, you'd probably get punched if you told them you were going to remove Firefox for some reason.  A few users here have grown pretty attached to it, and I don't see that as a bad thing.

I'm sick of spyware... and I know IE wouldn't suck quite so much if it wasn't the most common browser, but it just happens to be -- and therefore is the most targeted.  But I mean, come on... With the popularity comes SOME responsibility.

I'm not convinced that's the real cause of it.  I think it has FAR more to do with IE's hooks into the heart of Windows and the inability (or unwillingness) of Microsoft to separate IE from Windows itself.

As long as the two are so entangled, there will never be a way of really making it "secure" and still allowing users to do ANYTHING with their computers.

Although, I suppose all that spyware is great at convincing people to buy a new computer, or at least upgrade from Windows ME (fer-fucks-sake!).  So I take it back.  Windows is doing a great job making more money while pretending they care.  The upside is those gullable consumers throw away their 'broken' equipment where i can get my hands on it.

I was just talking to one of our other IT techs about that.  Looking in the classified section of our local newspaper is a festival of cheap 1 to 2 year old computers put there because their owners have bought new ones because the "old" ones are "too slow".

We were estimating that the vast majority of these "too slow" machines (many of which are things like Pentium IV 1.2ghz processors with 256mb to 512mb of RAM) are probably just fine if you reinstall Windows and start fresh.

But then, where would we find computers like that advertised in newspapers for only $400?  Or sometimes even less, as ridiculous as that sounds?