North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Spyware becomes increasingly malicious

  • From: sthaug
  • Date: Wed Jul 14 17:11:49 2004

> Ok.. but has BSD been attacked on the scale that MS code has? I would argue
> no, not even close. Do you believe BSD is invulnerable to attack? Hardly..

I don't believe anybody is claiming that. However, the BSD code has been
out *and* has been publicly scrutinized for quite a bit longer than
Windows.

> Unless you want to go back to text based browsers and kernals that fit on a
> floppy, it is extermely difficult to eliminate all vulnerabilities in the
> code of a sophisticated OS. The more complex the system, the easier it is to
> break, and with the level of automation currently expected by most users,
> this requires a very complex build.

However, Microsoft creates complexity by design, because they integrate
more and more stuff into the basic OS, and because all the various
applications gain more features with each new release.

> Could MS be made more secure, of course. Do I think they are actively
> working on the problem, yes.

Looks to me like they are actively working in two directions:

- Trying to make the systems more secure by teaching developers to think
about security, etc.

- Trying to make the systems less secure, by making them steadily more
complex. (And please don't try to tell me the *users* are demanding all
the new features that MS put into the systems.)

It will be interesting to see which direction wins out in the long run.

> If Novell or Mac had risen to the top of the OS
> heap, would they be catching all the viruses now? I think they would.

They would certainly be catching viruses. Would they be catching *as
many* viruses as MS? We don't know.

> Really, my point was not to argue this, but that there is no justification
> for malicious code, that you can't simply pawn it off on MS as being the
> real problem.

However, you can certainly argue that MS is *part of* the problem, or
that they have *created* a large part of the problem themselves.

Steinar Haug, Nethelp consulting, [email protected]