[Info-vax] 2009 VMS Bootcamp notice

[Bill Gunshannon]

In article <glhnqk$6sn$1 at tempo.update.uu.se>,
	Johnny Billquist <bqt at softjar.se> writes:
> Bill Gunshannon wrote:
>> In article <ab43de16-f8a4-4249-8274-dfe95872bd5b at s1g2000prg.googlegroups.com>,
>> 	johnwallace4 at yahoo.co.uk writes:
>>> What is possible in an ideal world is not always the same as what is
>>> commonly seen in the real world. It is common for Windows systems to
>>> be exploited, surely you couldn't disagree with that. Partly that is
>>> because Windows boxes are defective by design (especially a Windows
>>> system fresh from a Windows CD, as you have already acknowledged).
>>> Partly that is because of the level of competence and experience and
>>> motivation of the typical Windows-centric IT department (or home
>>> user). Your experience seems to be very different from that of many
>>> people in the Windows world, be they home users, corporates, or
>>> whatever.
>> 
>> Well, I hardly consider myself a Windows expert.  I don't even like
>> Windows. :-)  Which begs the question: "If I can do it, why are the
>> supposed professionals having such a hard time?"  My answer is really
>> quite simple.  There are millions and millions of Windows boxes out
>> there.  A hacked Windows box sells newspapers and magazines.  A Windows
>> success story does not.  We are being innundated now with stories of
>> "4.9 million" Windows boxes infected with a worm that MS published a
>> fix for months ago.  So, who's fault is it that these machines are now
>> getting infected?  Windows? MS? Or is it maybe closer to home.  (Hint:
>> none of the machines under my control have been hit nor are they even
>> vulnerable.  Go figure!)
> 
> Oh, come on. That's an argument I've heard a million times, and it just 
> don't hold water. That's basically the Microsoft excuse for the problems 
> they have - "hey, we don't have any more problems than anyone else, it's 
> just that our systems are so much more common, but proportionally they 
> are actually better".

NO, I am not saying MS doesn't have problems, I am saying that Windows can
be secure.  One has to walk the line between security and functionality.
I have worked in places that go all the way over to the secure side.  No
user installed anything.  All machines run from a standard image.  All
policies pushed from above.  No floppies, no CD's, no thumbdrives, strict
control over what sites can be visited on the Internet.  And yet, they do
the job they are required to do just fine.  IN my day job I have to support
students and faculty.  By far the worst environment because you are not
allowed to impact their daily use.  You can't block certain web sites.  You
have to let them move data around.  Back in the days of Win98 I spent a large
part of my time doing re-installs in the labs because that was the only
effective way of cleaning infected systems.  That's when we first started
usinf Ghost and master images saved somewhere safe.  But, those days are
gone.  I learned how to secure the systems and I applied that knowledge.
Problem solved!

> 
> They never give any numbers to back up that statement with, though. And 
> most people are *not* using MS IIS as their web servers (even if they 
> are using Windows), and yet the biggest number of security problems and 
> fixes are for IIS. OSes like Linux, *BSD and others are fully free, and 
> anyone can audit the code. And that is one reason you have a bunch of 
> security problems discovered there, and fixed. Windows do not have such 
> auditing, and yet the number of security problems reported are more 
> numerous. Granted, the number of systems out there are more, but the 
> number of bugs are not proportional to the number of systems you sell.
> (Or atleast, they shouldn't be. I can't really speak for how MS works...)
> 
> So, it's basically bollocks. Windows have more security problems.

Possibly, even probably, but it doesn't mean they are insurmountable.  And
not all of them require a patch from MS to fix.  Some of the worst worm/virus
attacks can be stopped at a firewall.  That's part of the "Defense in Depth"
I have mentioned recently.  And, it applies to all systems, not just Windows.
Protecting machines requires a systemwide approach, not a narrow too-focused
view.

>                                                                    And I 
> haven't even started on all the brilliant ideas that Microsoft gets, 
> such as automatically executing code in incoming mails just in case it 
> provides some nifty, fancy extra functionality which makes the user 
> experience more pleasant (forgetting that virus programmers just love 
> such features).

If you dont like that, it's preventable.  Some people like it.  And that
is business.  Just because one person doesn't like something and sees it
as a major security problem doesn't mean you drop it.  That's the way I
feel about OnStar.  I woudl require it be removed from any car I was going
to buy.  Not disabled.  Not turned off.  Removed.  But I can assure you
GM is not going to stop providing it to the majority of their customers.

bill

-- 
Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n.  Three wolves
billg999 at cs.scranton.edu |  and a sheep voting on what's for dinner.
University of Scranton   |
Scranton, Pennsylvania   |         #include <std.disclaimer.h>