×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

295 comments

Not exactly (3, Insightful)

WrongSizeGlass (838941) | more than 6 years ago | (#19020565)

If the "market penetration" philosophy were true Unix would have been hacked to bits decades ago. There are a lot more Chevy's around than BMW's, but I bet that more Chevy's are stolen because their "security features" are easier get past rather then just because they're more prevalent.

If the Apple/Windows market positions were reversed (or Linux/Windows for that mater) Windows would still be less secure. Unlocked doors and windows are still less secure even though there are fewer of them (or in our case more of them).

Re:Not exactly (0)

vonPoonBurGer (680105) | more than 6 years ago | (#19020605)

Did you even read the article? Trick question! You couldn't have, since there was no link at this time! How can you post a contrary opinion without having RTFA? Shame on you, sir.

Re:Not exactly (1)

WrongSizeGlass (838941) | more than 6 years ago | (#19020641)

Shame on you, sir.
Actually, I read it on /.'s own Firehouse earlier this morning. Shame on you for missing it there. ;-)

Re:Not exactly (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#19020739)

How about a link?

Re:Not exactly (0, Redundant)

Fred_A (10934) | more than 6 years ago | (#19021301)

I read it on /.'s own Firehouse earlier this morning.
/.'s house is on fire bring out the hose !

Re:Not exactly (4, Insightful)

tbannist (230135) | more than 6 years ago | (#19021129)

It's simple. The summary is quite obviously from a microsoft apologist. The author's just trotting out the old fallacy that "things couldn't be any different then they are now". While it is true that there is more to security than avoid Microsoft, there are very legitimate reasons to gripe about Microsoft's security. They've been told repeatedly before they did stupid, stupid things that they were creating security holes and leaving their customers vulnerable. They didn't care and now everyone else has to clean up their mess.

They've earned their damnation as the weakest link of security and if you eliminate the weakest link, the entire chain becomes stronger.

Re:Not exactly (5, Insightful)

Gearoid_Murphy (976819) | more than 6 years ago | (#19020643)

absolutely, but theres a considerable group of people out there who view animosity towards Microsoft as part of a broader resistance to big corporations, and as a consequence of this, view this resistance as being naive and unfounded. Unix style systems have been around for a long long time and have a well deserved reputation for stability and security, unlike windows products which I, as a computer scientist and software engineer experience as being badly concieved and poorly executed

Re:Not exactly (5, Insightful)

DevStar (943486) | more than 6 years ago | (#19020969)

Where do people get this illusion that Unix systems were secure in the past? As an undergrad we would drive our friends crazy hacking into computers. Just about every Unix program they ran, from mail to finger to rn had security holes you could drive a car through.

The difference back then was no one cared if we broke into a computer. It just didn't make news. Heck, I remember that remote exploits stayed open for years, and no one said a peep. The world was very different back then. Plus there just wasn't much interesting to hack into. People would generally hack into other students accounts -- erase homework, put a bug in a friends assignment, send a goofy email from their professor's account, etc... You didn't have organized crime stealing credit cards, because no one besides geeks used computers.

I know this doesn't fit into your mental model of how Unix was this secure fort in the old days, but you'd better think again. Those of us who were there, know better.

I hate to sound cliche, but as long as we have people programming systems, there will be security holes. And I've worked at enough places to know that no one has a silver bullet.

Re:Not exactly (2)

jedidiah (1196) | more than 6 years ago | (#19021153)

You would have also been laughed off of the local BBS in those days for suggesting something such as an email 'virus'.

Re:Not exactly (5, Insightful)

ArchdukeChocula (1096375) | more than 6 years ago | (#19020667)

>If the "market penetration" philosophy were true Unix would have been hacked to bits decades ago.

It was! Today's script kiddies can't tell grep for the GIMP but back in the day BBSs were filled with philes on hacking UNIX. Most those files are useless now because BSD and Linux developers have worked hard to improved security. (And so have Windows developers, XP is harder to hack then Win95) The point is that any product as complex as an OS will be full of security holes. Sure UNIX may be more secure but as soon as you get lazy and think your safe someone will prove you wrong.

Re:Not exactly (1)

lambini (1061090) | more than 6 years ago | (#19020755)

Totally agree with what is said here. Back in the medieval ages of IT, you had a large penetration of unix systems or anything similar. Those systems got their fair share of being hacked. Even today, these systems are still being hacked, but what can be said, as it was in the past, they are less vulnerable to viral attacks or be the cause of any virus spreading. I still remember the time, you just could ftp to any ftp server on the internet and get the /etc/passwd from it, put john the ripper on it and BAM you had a big chance of extracting accounts from it. Even shadowing the password files were of no big use.

Re:Not exactly (0)

Anonymous Coward | more than 6 years ago | (#19020715)

For the longest time, UNIX used weak passwords available for every user on the system to crack, and authentication information was sent over the wire in cleartext. The only reason UNIX wasn't compromised more was because it wasn't connected to the Internet for much of its early life, and the people administrating it knew what they were doing.

UNIX may not have been hacked to bits early decades ago, but that's likely because it didn't have to face the threats that it would today. Connect a late 80s/early 90s UNIX box to the Internet, and see how long it lasts before someone owns it. Not long, I bet.

Re:Not exactly (5, Insightful)

wframe9109 (899486) | more than 6 years ago | (#19020723)

That's pretty funny, because from my experience, Unix has had a history rife with exploits and security issues... It *was* hacked to bits long ago. Good job!!!

Despite it's lesser market percentage, we still see exploits for Unix variants, and the services offered within. It's not some sort of impenetrable OS.

Anyhow. Security is in the hands of the user. Someone with half-decent security knowhow will be able to secure a Windows box far better than a newbie running Unix.

Re:Not exactly (3, Interesting)

niiler (716140) | more than 6 years ago | (#19021357)

You must be talking about Linspire or whatever they call it these days. Most Linuxes I've run out of the box are quite a bit more secure than their Windows counterparts. I just ran nmap on my local network. The result was that all computers running Windows XP were identified along with their open ports and services whereas none of the linux boxes (with default firewalls configured on install) showed much at all. Nmap guessed that they were running Linux or Unix, but that was it.

Nobody is claiming that any OS is perfectly secure. But I seriously question your statement about newbies running *nix being more insecure compared to their Windows counterparts as most modern distros seem to have firewalls enabled and extraneous services shut off by default.

Re:Not exactly (1)

NickFortune (613926) | more than 6 years ago | (#19020773)

Quite. While it's obviously true that there is only going to be a market leader, it in no way follows that that market leader will therefore have lousy security.

And even if it did, that wouldn't be a reason to deploy products from a vendor with Microsoft's lamentable track record on security in in cases where security is paramount.

It's time for all the people who have entertained this fantasy to stop deluding themselves.

I know who gets my vote for delusional.

Re:Not exactly (1)

markov_chain (202465) | more than 6 years ago | (#19020775)

Uh, the original Internet Worm ran on SunOS, and a key reason it did so much damage was the Sun monoculture of the day.

Re:Not exactly (1)

Fujisawa Sensei (207127) | more than 6 years ago | (#19020953)

The Morris Worm was cross platform exploiting a weakness in Telnet, Finger, Sendmail, and probably every other service that used get() without input buffer checking. It was more of a BSDism than a Sunism, but the majority of the systems it could infect were Sun boxes.

Re:Not exactly (1)

VirusEqualsVeryYes (981719) | more than 6 years ago | (#19020907)

Seriously. How many times must we go through this? I can maybe understand oblivious Windows users buying into the only-because-of-lesser-market-share bullshit, but computer world? Come on.

Let's regurgitate what I keep telling my friendly Windows trolls. In a certain year, market share of Linux/Apache was 60%, Microsoft's IIS had 20%, 60-something worms spread that year, ALL of them for Microsoft's product.

There. It's not that hard to understand. This claim of security only through obscurity is completely and patently false, and the propagation of this nonsense boils my blood.

Re:Not exactly (2, Informative)

Anonymous Coward | more than 6 years ago | (#19021213)

Let's regurgitate what I keep telling my friendly Windows trolls. In a certain year, market share of Linux/Apache was 60%, Microsoft's IIS had 20%, 60-something worms spread that year, ALL of them for Microsoft's product.

PLEASE, PLEASE, PLEASE FIND A NEW ARGUMENT. This one was dead before it began. Why? Simple...which version of Apache commands 60% of the market? Would that be the 1.2.x/SPARC/Solaris 2.6 version? Or the 2.0.x/MIPS/IRIX 6.5.4 version? Or the 2.2.x/x86/RedHat EL 4.0 version? The point is there is no one Apache in the same sense there is one version of IIS. Apache runs on multiple platforms, multiple OSes, and there are multiple versions of Apache. Therefore when you say "Apache has 60% of the market" it's not like saying that "IIS has 20% of the market". Plus I have seen no credible evidence supporting that IIS is hacked more than Apache. To the contrary IIS 6.0 has had an excellent security track record. Much better than Apache. I can only assume you're referring to the IIS 5.0 buffer overflow which exploited systems, and here is the key, which were never intended to be web servers. As IIS 5.0 was installed and operational on all Windows 2000 Servers unless specifically disabled this led to a huge number of web servers which Netcraft can't account for (as they're internal).

Now with that said please stop ignoring the obvious.

Re:Not exactly (0)

Anonymous Coward | more than 6 years ago | (#19021445)

Let's regurgitate what I keep telling my friendly Windows trolls. In a certain year, market share of Linux/Apache was 60%, Microsoft's IIS had 20%, 60-something worms spread that year, ALL of them for Microsoft's product.
60-something worms that propagated through web servers? Last I checked worms propagated through client systems, of which the vast majority are Windows-based. Your argument doesn't make sense.

"Security" does not exist! (5, Insightful)

khasim (1285) | more than 6 years ago | (#19020951)

At least, that is what TFA says.

Networks in a world in which Apple had won the operating systems wars would still be insecure. What's that, you say? The Macintosh has had far fewer bugs reported and patched than Windows? That's true, but it's a consequence of the minuscule market penetration of Mac OS.

Got that? It's all about market share. There is no such thing as "security".

If everyone's house had no locks, they would be just as secure as if everyone's house had the best locks on the market.

If you put computers on a network and open that network to the outside world via the Internet, you're going to have security problems, regardless of whether you're running Windows, Mac OS, Linux or an operating system you created in your spare time.

I run Ubuntu (Feisty Fawn). By default it has NO open ports. That means that unless a worm can hit the TCP/IP stack, I am invulnerable to them.

He is an idiot. He doesn't even define "security" before he says that it doesn't exist.

My definition is: Security is the process of evaluating threats and reducing their effectiveness.

But once we've done all that, we're left with one unalterable fact: Users will still make errors galore.

You're an idiot.

So if we replace Windows with Ubuntu, and the number of cracked machines goes down from 10,000,000 to only 1,000 ... that doesn't mean that Ubuntu is more secure because 99% of the cracked machines would be Ubuntu.

So, what needs to be done? You must require users to attend formal information security training and awareness programs. No one should be left out.

Why do I get the feeling that this guy just bought stock in a training company?

If that approach was effective, we wouldn't have the problem we have today.

Re:"Security" does not exist! (2, Insightful)

mstone (8523) | more than 6 years ago | (#19021475)

---- If everyone's house had no locks, they would be just as secure as if everyone's house had the best locks on the market.

I understand what you're trying to say, but there's a certain comedy value in seeing a door that's secured with a Chubb 20mm deadbolt, but framed between a pair of plate glass windows.

If we take 'security' to mean some kind of magic fairy dust you can sprinkle on part of the world to make bad things stop happening, then no.. it doesn't exist. Bruce Schneier discussed the issue at length, and quite eloquently in his book Secrets and Lies. The best approximation of 'security' we can get is a complete and integrated system whose strong points and weak points overlap each other, and whose cost/benefit ratio is proportional to the cost/risk profile of the stuff being protected.

Any such system that's tight enough to meet conventional ideas of 'security' is tough to build, and even harder to maintain. The effort and diligence curves are way above what you can expect from the everyday person on the street.

We can build systems that make it easier for people to do things that promote good security, and harder for them to do things that promote avoidable risk, but that's about the best we're ever likely to manage. Security is measured like system uptime: in orders of magnitude. One-nine security (90%) is easier to achieve than two-nines (99%), with each additional nine being harder and more expensive to tack on. It's very unlikely that we'll ever see the general public acquire the knowledge and discipline necessary to maintain overall five-nines security (99.999%), because somebody just won't think the payoff is worth the effort.

Re:Not exactly (1)

Billosaur (927319) | more than 6 years ago | (#19020997)

If the Apple/Windows market positions were reversed (or Linux/Windows for that mater) Windows would still be less secure. Unlocked doors and windows are still less secure even though there are fewer of them (or in our case more of them).

True. However, if things were reversed, Windows would have a tiny market share and its relative insecurity would doom it to obscurity. No one would care about Windows and hackers would be having a field day trying to crack Mac OS X. Don't kid yourself - when the kid the bullies pick on gets wise and stops reacting, the bullies don't dance with him/her anymore and go on to pick on someone else. Microsoft's presence/absence has little to do with the larger issue of Internet/OS security.

Re:Not exactly (1)

jimstapleton (999106) | more than 6 years ago | (#19021131)

Script kiddies can still get into bigger systems. I've seen/heard of plenty of UNIX systems getting hacked - here's a hint, not all of the databases that you hear are hacked and have a loss of data security, are Windows.

But most importantly, as the writer of the article said - it's the people who use the systems, who cause the security breaks. He suggested that everyone have a minimal amount of training, but the problem is, no amount of training will fix the inherant apathy to system security that a normal user has.

So maybe by limiting the access of the users, you could also help secure a popular system, but even them, there comes a point when you are not just limiting their access to be harmful, but also their access to do what they need to do as well.

Re:Not exactly (2, Insightful)

Vancorps (746090) | more than 6 years ago | (#19021401)

One of my professors in college referred to security as the art of breaking services. He's as correct today as he was then. It would be great to open up the systems and allow anyone to do whatever they want, they're productivity would rise. Unfortunately the world doesn't work that way and we're forced to break stuff to the point where users can only do what they are explicitly authorized to do. This means no taking initiative and probably no learning of the system since I know at least in my organization the only people that know the full system are my coworker and myself. We're the only ones that know what the network is fully capable of which means we have to participate in a lot more meetings to make sure that people do utilize the automated approach instead of manually processing thousands of records.

From my experience with OS X we'd have a lot of the same problems as we do if it switched roles with Windows except we would lose are advanced management and monitoring capabilities. I know OS X likes to transmit everything unencrypted, it drives me crazy especially given that with each release Samba support just seems to get worse.

Of course Solaris and Linux have all the advanced management and monitoring capabilities as that's where they all originated. Tripwire is the savior of all. I'm not sure how the world would be if the two were dominant in the mid-level and home markets. Home users invariably will drop enough security to do what they want without thinking. This is the mentality that Microsoft has been dealing with for years. Of course now MS tries to lock their product down and the likes of Symantec and Mcafee are suing them because it will end their businesses. I don't envy any of their positions, I like being in the middle.

Story? (1)

AlHunt (982887) | more than 6 years ago | (#19020573)

>Jay Singala noted a story which points out

Pity Jay didn't provide a link to that story ...

Re:Story? (1)

yorugua (697900) | more than 6 years ago | (#19020835)

this might be a test to see if /.'rs actually read stories... Guess they had to come up with some really artificial and/or unbelievable subject/story to prove the point and catch as much /.'rs attention as possible.

Re:Story? (1)

ktappe (747125) | more than 6 years ago | (#19021023)

Pity Jay didn't provide a link to that story ...
He did--I have no idea why you and a few others do not seem to be able to access the link. For those who cannot, here is the article:

Security Isn't Just Avoiding Microsoft

Ben Rothke

May 07, 2007 (Computerworld) -- Weve all heard IT professionals imagine how secure their networks would be if they just didnt have to use any Microsoft products.

I've had to listen to clients kvetch for hours on end about how Microsoft makes their lives miserable and how everything would be better in a Microsoft-free world. Tony Bove wrote a whole book with that theme, Just Say No to Microsoft, and plenty of blogs have taken up the cry.

It's time for all the people who have entertained this fantasy to stop deluding themselves.

How would life without Microsoft be different? It wouldn't be in any meaningful way for those in charge of network security; there would just be a different vendor peddling the dominant operating system.

Networks in a world in which Apple had won the operating systems wars would still be insecure. What's that, you say? The Macintosh has had far fewer bugs reported and patched than Windows? That's true, but it's a consequence of the minuscule market penetration of Mac OS. If the Mac had enjoyed a market share of upwards of 80% for the past couple of decades, it would have been the focus of every hacker and script kiddie on the planet. And you might be lamenting the minuscule market share of that scrappy operating system vendor in Redmond, Wash.

If you put computers on a network and open that network to the outside world via the Internet, you're going to have security problems, regardless of whether you're running Windows, Mac OS, Linux or an operating system you created in your spare time. By all means, we need to run the safest operating system we can, fortify our networks and police the whole thing. But once we've done all that, we're left with one unalterable fact: Users will still make errors galore. Training can help. But for a bit of perspective, consider commercial air transportation. The hardware is about as safe as possible, and pilots are trained as thoroughly as surgeons. But accidents happen, and theyre usually the result of pilot error.

User errors have long been the bane of security. In a sense, true security requires a paranoia honed to a fanatical edge, but sometimes even fanaticism isnt enough. After all, no one has surpassed the Nazis when it comes to fanatical paranoia. Yet even the well-trained German soldiers of World War II broke a fundamental rule of cryptography and reused the same keys. That mistake might be the only reason this article wasn't written in German.

So, what needs to be done? You must require users to attend formal information security training and awareness programs. No one should be left out. Set minimum security training and awareness requirements that all workers must meet -- even janitors and others who have no system access. Step up the requirements for those who have access to corporate information systems (most workers would fall into this category), and establish exhaustive requirements for employees in computer-related positions of trust, such as security staff and systems programmers.

Your first step, if you haven't already done it, is to write down your information security policies. You can't design an effective training and awareness program without them.

Once you've set up effective training, you have to maintain it. Keep it consistent, and make sure users are up to date. It won't be easy. In fact, it's a lot easier to just blame Microsoft. But don't feel that all that kvetching didn't help. It took lots of people kvetching loudly for many years for Microsoft to realize that it had to do more, and it has made great strides since 2002, when it announced its Trustworthy Computing initiative.

Now it's your turn to do something similar within your own organization.

Ben Rothke, CISSP, is a senior security consultant at International Network Services and the author of Computer Security: 20 Things Every Employee Should Know (McGraw-Hill, 2006). You can contact him at ben.rothke@ins.com [mailto] .

Where's the link? (1)

vonPoonBurGer (680105) | more than 6 years ago | (#19020583)

I'm sure it's a fascinating story, but I can't read it if you don't provide a link.

Oh, come on (0)

Anonymous Coward | more than 6 years ago | (#19020633)

This is slashdot. Nobody RTFA's here. He's just removing the charade.

"A story"? (1)

Minwee (522556) | more than 6 years ago | (#19020585)

Is it any particular story, or was the source far too uninteresting to do anything other than lift an completely unattributed quote from?

Ignorant, much? (1, Flamebait)

toby (759) | more than 6 years ago | (#19020601)

How would life without Microsoft be different?

WHY DON'T YOU TRY IT AND FIND OUT?

On desktops, I run myself and have administered studios of Macs 24/7 (at least 50 machine years or more) and I've seen no malware of any description since the 1980s. How's your Windows experience compare with that, numbskull?

On servers, I run Linux, Solaris 10, and even SunOS 4 for a year or two, for perhaps 100-200 server years (haven't counted them lately), on the public internet, with zero security incidents. Like those apples?

The options have always be there. Just use them and FIND OUT FOR YOURSELF what the difference from the Microshit ghetto is.

Life's too short for Microcrap.

Re:Ignorant, much? (1)

Mr. Underbridge (666784) | more than 6 years ago | (#19020681)

How would life without Microsoft be different? WHY DON'T YOU TRY IT AND FIND OUT?

I'm pretty sure the question meant, "How would life be different if MS didn't exist?" Unfortunately, I do not have the means to cause MS to not exist.

Re:Ignorant, much? (1)

numbski (515011) | more than 6 years ago | (#19020687)

On desktops, I run myself and have administered studios of Macs 24/7 (at least 50 machine years or more) and I've seen no malware of any description since the 1980s. How's your Windows experience compare with that, numbskull?

You can bite my shiny metal ass.

Re:Ignorant, much? (1)

numbski (515011) | more than 6 years ago | (#19020845)

Now that I've gotten that out of the way.... :)

I few words that mean something to those who use *nix regularly.

$HOME
chmod 700
jail
iptables
pf/pfctl
firefox/konqueror/opera

There are vulnerabilities out there, but to anyone who bothers to take the time to learn a variant of Unix, yes, there is some measure of security because no one bothers to hack, but far more is it possible that a properly done distro is going to be better than a Windows pre-install any day of the week. If I am forced to do a Windows install, I do a clean install on the box (if at all possible, sometimes not because there's no CD key to match a full installer disk, and if that's the case, spend an hour or so uninstalling crap), install clamwin, install ad-aware, install spybot, install Hijack-This, lock down each, revoke admin privs from default user (HP, I'm looking at you...), install Firefox, install Adblock (and element-hiding helper), Flashblock, NoScript. Hide or remove any or all references to IE.

Even then I wind up getting calls about spyware. It drives me batty. I won't install Windows unless forced, and in my data center I make people sign a labor-waiver if they insist on using a Windows dedicated server instead of FreeBSD (our OS of choice there). I usually get some dirty looks, and politely explain that people who want Windows on their server tend to not *really* know how to manage a Windows server, and as a result we get more support calls, and inevitably we have break-ins (anon FTP for example, with locked directories...one of my "favorites"), spyware or virus.

I have managed to keep this type of stuff to a minimum by telling customers that all public ports to their gear is off by default. They can vpn in to get to everything, but if they want a port to be publicly accessible, they need to submit a trouble ticket, and we'll open it, IF it's a reasonable request. SQL ports are off limits. Use VPN. If that's not possible, specify the IP that will be connecting, etc. Still...ugh.

No. Things would not be different in the monopolistic arena more than likely. There would likely STILL be a dominant OS vendor, but I think the security landscape would be far different, perhaps far more advanced would the hacks be, and you would have to be more savvy to execute them. Just MHO...

Isn't the question (1)

ShiningSomething (1097589) | more than 6 years ago | (#19020699)

what life without Microsoft "at all" would be like?

It's hard to answer, but it's possible that the market has room for a cheap, low security alternative, and a more expensive, high security alternative - because regular users just aren't aware of how unsafe their personal data is, and how valuable it is. So we would see something similar to MS Windows taking its place.

Or, we could see less people with computers. Or whatever, my point is without the article it's hard to know what the appropriate counterfactual is, but it shouldn't be taking everything else as it is today... Surely without MS in the picture, Apple/Mac would be different?

Re:Ignorant, much? (1)

DogDude (805747) | more than 6 years ago | (#19020859)

WHY DON'T YOU TRY IT AND FIND OUT?

Will do. Please loan me $10,000 to replace my current PC's with Macs, and please be on call for us 24/7 to administer our shiny new Linux server. Oh yeah... and I'll need about $200,000 to develop our primary business app that doesn't have any Linux equivalents.

Re:Ignorant, much? (0)

Anonymous Coward | more than 6 years ago | (#19021049)

Oh yeah... and I'll need about $200,000 to develop our primary business app that doesn't have any Linux equivalents.
I doubt you will need that much. First, if there is no linux equivalent (Have you even looked?), there is always the possibility that it will run using Wine (or one of the commercial offspring). Oh, and to make matters even worse for your argument, you could even virtualize the Windows OS you need to run the software using VMware (or another suite) and be more secure since you can isolate the VM from the actual hardware.

Only on /. could this drivel be modded up (1)

BlackCobra43 (596714) | more than 6 years ago | (#19020887)

..when it ENTIRELY MISSES the POINT of the submission. It's as if you didn't bother to read TFA and just posted whatever rabid anti-M$ bullplop you could think of...wait, that actually sounds like pretty standard fare. Carry on.

Re:Only on /. could this drivel be modded down (1)

dfoulger (1044592) | more than 6 years ago | (#19021375)

All he said was I've actually tried the alternatives and the author has overstated things by a lot. Only on Slashdot is entirely reasonable argument modded as flaimbait by those who would defend Microsoft no matter how unreasonable the defense.

Story? Who cares? (1, Funny)

yuna49 (905461) | more than 6 years ago | (#19020613)

I guess this just means that the editors have come to realize that, since no one actually reads the stories posted here before bloviating, it's just more efficient to omit the story entirely.

Re:Story? Who cares? (1)

Gearoid_Murphy (976819) | more than 6 years ago | (#19020663)

bloviating; to speak pompusly, i thought thats what slashdot discussions were for ;)

Re:Story? Who cares? (1)

CdBee (742846) | more than 6 years ago | (#19021099)

the other obvious form of slashdot one-upmanship is to use a word that forces people to use a dictionary before going "oh yeah, that's really true, man.."

NO STORY FOR YOU!!!! /storynazi (0)

Anonymous Coward | more than 6 years ago | (#19020615)

NEXT!!!

WTF? (-1, Redundant)

Mock (29603) | more than 6 years ago | (#19020617)

What kind of a story is this?
This is not news!

"Security doesn't just mean moving away from MS". All hail the king of DUHHHH!

Security always at risk (1)

lambini (1061090) | more than 6 years ago | (#19020637)

It doesn't matter what OS, there is always a security risk. Although, have another vendor sell a similar functional OS as Microsoft with the same software/games available to them, you would see that most likely the system would cause less headaches. But nevertheless it would still be a cause a any security issues. But we should pose the question, is Microsoft prepared to give up some of the functionality of its software to try to eliminate the chance that feature might turn out to be exploitable. On the other hand, how would life be without people trying to exploit those 'features'.

So someone else takes the fall (1, Insightful)

Kymri (1093149) | more than 6 years ago | (#19020645)

If Microsoft is gone, someone else will have the biggest share of the market and thus make the biggest, most appealing target. It helps that Windows is perceived as more vulnerable (though it can be argued it isn't - not that I hold this position myself), but surely some of that is due to the combination of more attacks against it (more home users and businesses) and a less-than-instant response to security holes.

Whoever the biggest name in a Microsoft-free world was (assuming they were the biggest in a similar kind of space with businesses and home users, not biggest like the bajillion flavors of *nix kind of way), I'm sure things would be the same, and only the details would vary.

Re:So someone else takes the fall (1)

vertinox (846076) | more than 6 years ago | (#19021473)

It helps that Windows is perceived as more vulnerable (though it can be argued it isn't - not that I hold this position myself), but surely some of that is due to the combination of more attacks against it (more home users and businesses) and a less-than-instant response to security holes.

I don't know about you, but if I was a hacker... Having "the first guy to break OS X/Linux security" with a massive security hole on a massive scale would seem rather appealing on my resume. Just think of the bragging rights alone which you could beat over the head of all the naysayers.

So why hasn't there been any persons up to the task?

MS too large (2, Interesting)

Turn-X Alphonse (789240) | more than 6 years ago | (#19020665)

MS's problem is they haven't had a real rival in years. They are so used to being the top dog they forget how to fight. It's the same way guys who work up from the bottom suddenly develope amnesia of exactly how difficult it was to get there until using "I came from the streets!" is going to help them in politics of some sort.

Things would be no better with any company having Microsofts history, but that doesn't mean MS was set on it's current course through fate or whatever else you wish to call it.

Re:MS too large (1)

RedHat Rocky (94208) | more than 6 years ago | (#19021487)

You have this backwards.

The Information Technology industry's problem is Microsoft is too big.

Go back and look at the rate of innovation in the 90's. Now look at the last eight years or so. Thinks were changing so fast in OS space and then *BAM*, stagnation.

Microsoft bullying their way to monopoly status has hurt IT advances more than anything else. Think where the industry would be if Microsoft had suceeded in ignoring/supressing the Internet as well.

Seriously, editors... ENOUGH ALREADY (5, Interesting)

freeweed (309734) | more than 6 years ago | (#19020727)

This is the 3rd or 4th story in as many days that positively SCREAMS troll.

1. Find a common belief of Slashdot
2. Whine and bitch about "Slashdot bias" while not even understanding the point
3. When you don't get modded high enough for your complaining, find some blog that agrees with you
4. Get story linked to on Slasdot
4a. In this case, not even a link
5. Page Hits

Editors, I know you love to drive ad revenue by putting up these blatant trolls (OMG How Can I Love Open Source Without Copyright? If I Don't Like The RIAA I MUST Hate RMS!!!!!One!), but the joke's on you - most of us who respond to these out of annoyance run adblock.

Can we try for some actual stories now?

I can already see tomorrow's story (1)

markov_chain (202465) | more than 6 years ago | (#19020901)

freeweed writes, "Microsoft secretly paid astroturfers to submit anti-Linux stories to Slashdot, as the following [link to freeweed's blog] story [/link] reports. ... "
   

Re:Seriously, editors... ENOUGH ALREADY (1)

mikkelm (1000451) | more than 6 years ago | (#19021021)

So pointing out that a common consensus is wrong is trolling to you? You're either really arrogant or very conservative.

Re:Seriously, editors... ENOUGH ALREADY (0)

Anonymous Coward | more than 6 years ago | (#19021247)

No, but saying that the earth is flat just to start an argument is.

Re:Seriously, editors... ENOUGH ALREADY (1)

khallow (566160) | more than 6 years ago | (#19021439)

It's not a common concensus. A relevant common concensus would be that given the same amount of effort to secure, a Linux box is more secure than the Windows equivalent.

Re:Seriously, editors... ENOUGH ALREADY (1)

sharkey (16670) | more than 6 years ago | (#19021501)

Not to mention that he thinks that Slashdot 'editors' actually 'edit' in the commonly-defined sense of the word.

Lightning Rod Article (0)

Anonymous Coward | more than 6 years ago | (#19020761)

He's just attempting to up magazine subscriptions. Note the credentials - CISSP. A CISSP writing an article about security is about as useful as a Liberal Arts major writing about quantum physics.

No (0, Redundant)

Wiseman1024 (993899) | more than 6 years ago | (#19020765)

> How would life without Microsoft be different?

Think of lusers not using an Internet browser that sends "User-agent: RAPE ME LOL" every time they browse for porn in the stupid way they always do.

Think of lusers not running their OS in god mode when they couldn't tell a computer and a refrigerator apart.

Think of lusers not having a POP email client complete with an awesome support for scripting spambots.

Think of lusers having software written by people who give a damn about security (and functionality), not by businesstards who just want to lure lusers by offering stupid interfaces they saw in Star Trek.

You can ask any questions you like, but facts speak for themselves: if you get rid of MSIE, Outlook Express, MSN Messenger, and Windows altogether, you could be the worst systems administrator ever and you still wouldn't have 1/10 the security breaches and incidents.

(I, however, recommend getting rid of screensaver collecting, iTunes using lusers first.)

Re:No (3, Insightful)

$RANDOMLUSER (804576) | more than 6 years ago | (#19021075)

if you get rid of MSIE, Outlook Express, MSN Messenger, and Windows altogether, you could be the worst systems administrator ever and you still wouldn't have 1/10 the security breaches and incidents.
You've almost put your finger on it. It's not the products themselves, but Microsoft's love of having applications do whizzo shit that looks great in demos, but shouldn't be done in the first place. Think Active-X webpages, auto-preview in Outlook, .WMV files that can perform system-level operations, macros that execute on load in Word and Excel, executing code from files when viewing directories in thumbnail mode, etc., etc., etc.

The problem is one of balance (1, Interesting)

PFI_Optix (936301) | more than 6 years ago | (#19020849)

Microsoft is insecure because they try to juggle security, performance, and being idiot-friendly. Windows is largely the dominant OS because people found it easier to use and more available than the alternatives in the mid-90s when the computing boom took place.

Now, MS is having to balance coddling those users who don't know jack about their OS and keeping the OS secure. Added security generally means more steps (or the same number of more complicated steps) to accomplish the same task.

I would contend that it was Windows' lack of security that made PCs accessible to the masses in the first place, in that during the 90s Windows was the *only* operating system for the "I just want it to work" crowd. Unless you want to argue that OS 7/8/9 was equally functional...in which case I'd argue that you haven't had to deal with it enough and didn't live in an area where Mac software simply wasn't sold in the days prior to commonplace broadband.

Re:The problem is one of balance (1)

MECC (8478) | more than 6 years ago | (#19021001)

in that during the 90s Windows was the *only* operating system for the "I just want it to work" crowd

Well for the "I just want it to work for a short time before rebooting" crowd, anyway.

Re:The problem is one of balance (1, Insightful)

Anonymous Coward | more than 6 years ago | (#19021007)

"Microsoft is insecure because they try to juggle security, performance, and being idiot-friendly."

No, windows is insecure because they put backwards compatibility over secure design, and as such have perpetuated several major insecure design flaws because fixing them would shatter all their legacy apps.

proper memory protection, and actual multi-user protection would go leaps, bounds, and miles to fixing a large number of their problems.

Re:The problem is one of balance (1)

PFI_Optix (936301) | more than 6 years ago | (#19021253)

backwards compatibility is part of the idiot-friendly "feature" set. It's so that Granny's PrintShop 95 still works ten years later, because she'd rather just not have a computer than buy a new copy of PrintShop.

Re:The problem is one of balance (2, Insightful)

jedidiah (1196) | more than 6 years ago | (#19021233)

No, Windows is the dominant OS because MS-DOS was the dominant OS. That happened because of the association between Microsoft and IBM back when IBM was the computer industry bogeyman.

The "ease" of Windows 3.1 or Windows 95 had nothing to do with it.

Win/DOS was already being pushed by Dell and the rest of his friends.

Better question: (1)

maynard (3337) | more than 6 years ago | (#19020863)

What would life on the Internet be without scriptable office documents/spreadsheets, email, web sites, and be like? A whole lot safer, regardless of the Operating System.

More secure? (4, Insightful)

Himring (646324) | more than 6 years ago | (#19020915)

Since all other OSes/NOSes have/had the model of "everything is denied unless specifically given otherwise" and Microsoft's has always been, "everything is allowed unless specifically given otherwise," to say the least, things would be more secure.

Things were more secure when Netware was the NOS for businesses. Create a user, and they could see nothing unless you flipped a switch. Fire up bitchx and doesn't it say, if using as root, "using bitchx as root is stupid." Su, denial of anonymous access or even read access across the network ... on and on. Please try disabling anonymous access on a windows domain controller. Users, suddenly, cannot see shares, change their passwords, etc. It is a registry setting that has to be left unsecured or else the windows NOS stops working.

This says nothing for the hall-of-shame when trying to remove root access for users on their local boxes.

If not for microsoft, consumers might have saved billions on hardware by removing the microsoft tax. Dozens of smaller companies might still be in business.

If not for microsoft, I might still be managing a Netware NDS which, some dozen years ago now, was a far better directory service for a network than active directory is today, (I can only apply security settings at the domain level?). Oh for the days of right clicking anywhere -- I mean anywhere -- in the tree and setting a differnt password policy....

If not for microsoft, the first thought on computer security might be something other than a virus....

If not for microsoft, the word "rootkit" might not exist?

Re:More secure? (4, Informative)

Corporate Troll (537873) | more than 6 years ago | (#19021335)

If not for microsoft, the word "rootkit" might not exist?

Is this a joke I hear whooshing past my head or are you being serious. You know that "root" part of "rootkit", it talks about the Unix superuser known as "root". The roots (pardon the pun) of a rootkit are most definitely in the Unix heritage. Look it up for yourself. [wikipedia.org]

Re:More secure? (1)

Himring (646324) | more than 6 years ago | (#19021359)

I actually wasted time typing today on /. What was I thinking? ...I'm doing it again!

Lemme rephrase:
Would it make CNN? (or popular media)

Yes, it's Monday. This is my 10th "whoosh" experience today....

Re:More secure? (2, Informative)

Corporate Troll (537873) | more than 6 years ago | (#19021513)

Most security issues do not make popular media. I have heard the occasional big virus scare (ILoveYou, CodeRed) on the radio, but something like "Remote ANI vulnerability found in Windows - Patch your systems"? Never....

It doesn't make good mainstream news...

Monoculture. (2, Insightful)

Door in Cart (940474) | more than 6 years ago | (#19020957)

Sure Windows is a security nightmare, but the real problem is that just about everyone is content to use the same system as everyone else. Diversity is required for culture-wide strength. As much as the internet's proclivity for niche marketing has encouraged everyone to explore their individuality, most of us remain oddly content to behave nearly identical to everyone else. In a hypothetical world where 285 most-used operating systems compete on a wide variety of creatively different architectures, the issue of security of any one of those systems would be greatly diminished, and, as an added bonus, walking in to an average computer store would actually be exciting.

Re:Monoculture. (1)

tomstdenis (446163) | more than 6 years ago | (#19021025)

Granted, but part of the problem with MSFT is they have a vested interest in pandering to morons. Most individuals aren't totally stupid, and certainly feeding that cycle will be a self-fulfilling prophecy.

Maybe if Linux or another UNIX was the commonplace desktop we could expect our users to be a bit more intelligent about their security.

Essentially MSFT makes money by calling their users stupid and selling them software to make the bad scary computer go away. Which is, oddly enough, also why OSS users tend to look down upon MSFT users.

Tom

Being a part of any monoculture is bad... (1)

rthille (8526) | more than 6 years ago | (#19021003)


If you're just another corn stalk in a huge field, when the stalk 3 rows down breeds a new virus/bacteria/mold that you and the rest of the monoculture have no defence for, you're screwed.

That's part of why I run my home server with NetBSD on MIPS, and without the 'leading' servers for DNS, Mail, & http.

Wrong assumption (1)

valentyn (248783) | more than 6 years ago | (#19021013)

The author says ... there would just be a different vendor peddling the dominant operating system. Networks in a world in which Apple had won the operating systems wars would still be insecure. That's where the author goes wrong in the first place. Look outside: how many car brands do you see? There's no "dominant car brand" there, is there? Look at your collegues' cell phones. There are some "dominant brands" but none of them has a 90% market share. By the way, interconnection is their purpose, but there's no security issues there, are there?

A 90% dominant market share is simply wrong and will cause problems in almost any situation.

information security training and awareness progra (1)

Joe The Dragon (967727) | more than 6 years ago | (#19021017)

information security training and awareness programs for people like janitors may be hard to do as some of them work for out side janitorial services and even then some of them don't speak English that well.

Dreck! (3, Insightful)

99BottlesOfBeerInMyF (813746) | more than 6 years ago | (#19021053)

This article is complete and utter rubbish. It makes random claims with no support. For example, "How would life without Microsoft be different? It wouldn't be in any meaningful way for those in charge of network security; there would just be a different vendor peddling the dominant operating system. " makes the assertion that it would not be any different and makes the implicit statement that there would be a single dominant operating system, all completely without any support for either of those statements. First, why would there be a single dominant OS and second, why, if that OS was Linux, would the same problems that occur with MS's monopoly not be completely undermined by Linux's licensing?

Networks in a world in which Apple had won the operating systems wars would still be insecure.

Sure it would, but that's again assuming someone had to "win" and establish a monopoly. No evidence that this is the case has been provided. I know it is hard to imagine a world with multiple OS's and vendors that interoperate via these crazy things called "standards" but that is how most markets operate. Yeah if someone else had an abusive monopoly we'd still have a broken market, that's why we want to restore the market to a non-monopolized state.

If you put computers on a network and open that network to the outside world via the Internet, you're going to have security problems, regardless of whether you're running Windows, Mac OS, Linux or an operating system you created in your spare time.

Except right now if you do that with Linux or MacOS you have a whole lot fewer problems, to the point where it takes no significant time.

User errors have long been the bane of security.

No they're not. Most malware infections by number are still the result of automated attacks with no user interaction. Such malware is harder to write, but it spreads faster and further than other malware. As for user error, sure it will always be an issue, that is no reason to ignore other aspects of security or to implement ways of mitigating user error. You seem to think (like MS) that the user element should be isolated from the security mechanisms. You cannot ignore the user when planning security and the examples you point out are where that is exactly what failed. If the Nazis had planned realistically for what their users would do, they would have built a system that verified which keys were used and that they were unique.

So, what needs to be done? You must require users to attend formal information security training and awareness programs.

Sure if you want to spend the money, go for it. It won't help very much though. Until the security of OS's is up to snuff and simple enough, the training will be mostly ineffective. What is a user supposed to do if they have a binary and aren't sure if it is safe? Windows has basically no mechanism for determining the trust level or for running it in a sandbox if it is not trusted enough. Until it does and it is brought to the user in a functional way, education will help very little. The OS actually has to have an easy way to let the user do what they want, or they will take risks out of laziness.

Education is the last step, but first we need to fix the OS and fix the market to motivate the fixing of the OS's. Right now you need the equivalent of a 4 year degree to have a good chance of safely running a Windows box and accomplishing all the tasks you want to. That is simply not good enough. It needs to be down to a couple hours or training before we will see a widespread difference.

So Instead Of Ballmer Screaming (1)

Skeetskeetskeet (906997) | more than 6 years ago | (#19021071)

"Developers developers developers developers"

We'd hear

"Ding fries are done ding fries are done ding fries are done!"

Security Isn't Just Avoiding Microsoft (1)

gmuslera (3436) | more than 6 years ago | (#19021101)

... but is a very good starting point. Is the main major vendor that somewhat, in a way or another (design choices, big implementation holes, monoculture, etc) always been the "weak point" of internet, the unsafe by default case study.

But even with a secure environment from the start you can make things very unsafe (i.e. using trivial passwords in open services)

How silly (3, Insightful)

WindBourne (631190) | more than 6 years ago | (#19021121)

It is NOT about market share. It is about ease of penetration. There are MORE than enough *nix system that if they were easy to crack, than they would be. If nothing else, notice the .php/.asp world. Most php runs on *nix. They are attacked because it has been easy. Fortunately, the damage is limited, but it still allows such things as stealing information including credit cards and individual information via sql injection.

Holy crap, my CISSP value just went down! (3, Insightful)

harris s newman (714436) | more than 6 years ago | (#19021203)

This guy has one fault: faulty logic. Systems are not being attacked more under Windows because of user error, it's because of the holes in the OS. Training is not the main issue with security today, it's an operating system which continues to have a paradigm of an insecure kernel. Layering is a mantra of security, it's not by Microsoft

Finally, this "theory" should be quantitative, I question if sites which are linux only have the same number of vulnerabilities as Windows only. Why doesn't he give us some examples?

My summary: I am ashamed to have the same certification as the author.

Re:Holy crap, my CISSP value just went down! (0)

Anonymous Coward | more than 6 years ago | (#19021495)

And I'm ashamed to have the same certification as you. Every day I have to explain to clueless system admins that the technology they use is less important than HOW THEY USE IT. Malware problems are nothing compared to stupid users who don't understand the implication of their decision and actions. A lot of companies have good A/V and IPS infrastructures in place because the technology is relatively mature and well-known, but how many have a good security awareness program, integrated with the corporate culture? How many takes the time to explain to their employees how the incident management process works, what constitute a potential incident, and what do to if they spot something suspicious? There's no product to buy to face these problems. Training and awareness is definitively one of the biggest challenge of information security in the corporate world. Unfortunately, too many glorified network admins still believe that security is putting a OpenBSD firewall and getting rid of Windows no matter what, and too many companies still rely on their misguided advices.

Another slashdot post... (1)

sarkeizen (106737) | more than 6 years ago | (#19021223)

Where the uninformed wax on about something that can't be known with a useful degree of certainty. The whole "market share" argument is difficult if not impossible to demonstrate. Sure if you gave Linux, etc.. the same exposure to hackers (which in the case of servers I would argue that Linux has had this) you might have people might be complaining in the same way that people complain about MS. However that is both a) A red herring - it's not how much people complain but how much more secure they would be and b) It's a sub-moronic argument. You can just as easily say "In that case it might be so much better than there would be no real market for people like Ben Rothke". Hard to demonstrate one way or the other isn't it?

Ugh and this is from a CISSP? How does someone become a senior security consultant without knowing squat about logic?

But... (2, Interesting)

PhotoGuy (189467) | more than 6 years ago | (#19021287)

"Security isn't just avoiding Microsoft..."

Sometimes a double negative can sum it up best: "but it isn't *not* avoiding Microsoft..."

But what do you do first? (0, Redundant)

wonkavader (605434) | more than 6 years ago | (#19021323)

True, "Security Isn't Just Avoiding Microsoft", but that's a helluva good start.

When we optimize code, we don't look in the part of the code that the program spends 5% of it's time doing, we look where it spends 80%. Microsoft stuff is incredibly insecure, both because of bad design and because there's little in the way of restrictions on amount of crap those boxes do.

Scrub them out, and a huge amount of security issues go away.

Then, THEN, you worry about the other stuff. ANd yes, then you actually DO worry about that other stuff.

M$ lack of Security comes from (3, Informative)

Joe The Dragon (967727) | more than 6 years ago | (#19021425)

Apps that where design back in the 9X and 3.1 days where there was little to no multi user, admin vs user, common dirs, and so.
Apps that need admin so they can auto update them selfs
A/V apps like Norton home that needs a admin users logged in for it to be able to get the updates.
Games copy protections that needs admin to run that should be other ways to do this with messing the the ide drivers or needing admin just to check if you have a good copy of the game.

It would be a big help if MS came out with a common update system that is easy for games and other apps to use and is free for developers to use. Then you can at lest get rid of having to deal with games and other apps having there own built in updates and needing admin just to run them as some force you to get the updates to use them. This system can also make it easy to keep your whole system up to date. You will just need to be an admin to run that common update system or even let it be setup to auto run in the back round at system level. Also MS needs to let get the all of the updates form windows update using auto update. Runas does not work for windows update in windows xp and 2000 and you need to run that to get the Optional updates.

Also put the full video drivers on windows / M$ update.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...