[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] [OT] Security (Re: Managing Innovation)
Dare Obasanjo wrote: > > From: Joe English > > True, Unix has had a fairly good track record of security -- > > there have only been a handful of Code > > Red/NIMDA/Blaster/Sobig/SWEN/ etc., etc., etc., > > bring-down-the-entire-internet scale security breaches that I > > can think of -- the Morris Worm in 1988, that Apache exploit > > in 2002 -- > > True, most people who exploit Unix machines prefer to use them as zombie > machines for DDos attacks instead of the network abusing type of > exploits that tend to show up on the Windows platform. [ Actually, it looks like SOBIG-infected machines are also being used as DDoS attack zombies. That and open relays for spam. ] > Like I said, this > reflects more on the level of sophistication of its users and market > share than about the quality of its security model. The fact that one of those systems has traditionally *had* a security model counts for something too, I suspect. Also: when a Unix box gets rooted, it's usually -- not always, but usually -- because of an exploitable bug found in poorly-written system software. Windows boxes suffer their share of the same kind of problem, but they are also subject to things like SWEN and Word macro viruses, which are able to spread because *the system is working exactly as designed*. (And don't give me the usual crap about how SWEN et al. are merely social engineering exploits. It is the design of Windows in general, and Outlook in particular, that makes it possible for SWEN-style attacks to be as wildly successful as they have been. Social engineering can only get SWEN onto a naive user's hard drive, or a virus-bearing document into Word. Once there they can take over the host, and that's because of Microsoft engineering.) --Joe English jenglish@f...
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|