Reliance on Microsoft called risk to U.S. security

martin f krafft madduck at madduck.net
Fri Sep 26 08:56:11 EDT 2003 

also sprach Ian Grigg <iang at systemics.com> [2003.09.25.2253 +0200]:
> > "I wouldn't put all of the blame on Microsoft," Schneier said,
> > "the problem is the monoculture."
> 
> On the face of it, this is being too kind and not striking at the
> core of Microsoft's insecure OS.  For example, viruses are almost
> totally a Microsoft game, simply because most other systems aren't
> that vulnerable.

Yes and no. First, I think that viruses will surface were e.g. Linux
to take top position, albeit they may have to employ totally new
paradigms to subvert the more advanced security architecture of
UNIX.

But I believe Schneier is right for the following reason: Microsoft
is a monopolist who, despite enjoying bad press for the past four
years, is managing to keep its sales going up each quarter. If you
are in business, what do you care for? The steep sales curve, or the
quality of your product?

As long as Microsoft has the monopoly on the desktop, as long as new
computers come with Windows per default, and as long as people stop
complaining and actually take action against the crap that Redmond
ships by switching to other systems in bulk, Microsoft has no reason
to invest any money in a code rework.

> So, in the market for server platform OSs, is there any view as to
> which are more secure, and whether that insecurity can be traced
> to the OS?

The defacement archive[1] has some statistics. But don't let
yourself be fooled as one should not forget that while Windows
usually comes with one web-, one mail-, one DNS server, there are
like 27 and up in each category for UNIX. So theoretically, when
comparing those categories, you need to include a factor of 27.

  1. http://defaced.alldas.org/

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net at madduck
 
invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!
 
"women love us for our defects.
 if we have enough of them,
 they will forgive us everything,
 even our gigantic intellects."
                                                        -- oscar wilde
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20030926/89635172/attachment.pgp>

More information about the cryptography mailing list