Seems to me like the focus of the email about this was Microsoft email about
Linux having stolen code and legal issues arising from, which I don't believe.
Microsoft is trying to be sneaky and help fund SCO's lawsuit by means of a 3rd
party company (can't remember name). In addition where did Microsoft get it's AD
concept from? Can anyone say Novell's NDS...
slug@nks.net wrote:
> On Sun, 2004-11-21 at 21:19, jeff wrote:
> > I would just love to hear him explain why there are so many security
breaches
> > in their software if that is true. :)
>
> Inter-subsystem/service integration, MS IE distribution of new,
> Win32-ignorant features, etc...
>
> But ultimately it was the first "Chicago" influenced version of NT, 3.51
> "Daytona," and the eventual destruction of "Cairo" ("Consumer NT").
> Win32 wasn't a bad API, and _far_better_ than OS/2 from a security
> standpoint.
>
> One could even argue that .NET has an _excellent_ security model. I
> will _never_ fault Microsoft OS designers for not coming up with good
> APIs. The problem is that not even Microsoft's own application division
> adopts them! E.g., Microsoft modified the requirements of the "Designed
> for NT" logo 3 years after its introduction because Office 95 _failed_
> to pass even the _basic_ portions of it. And that was just
> Internet-ignorant Win32 to start.
>
> Now with .NET, Microsoft isn't using it at all -- surprise, surprise.
> So we have the continuing, sprawling "Win32 bastard" (that is nothing of
> what Win32 should have been). NT6/Longhorn is 100% Win32, with
> exception of Indigo, a .NET sandbox of Internet services atop of Win32
> (yes, this nothing more than what the JVM did 10 years ago! ;-).
>
> In fact, what is XP SP2? It's merely Microsoft closing all the "hacks"
> in the NT5.1 kernel/subsystems that were opened from NT5.0/2000 for
> compatibility. Surprise, surprise, all of the sudden, even many of
> Microsoft's own capabilities don't work because they were not written
> for Win32 either (hence why NT5.1/XP was "hacked" in the first place)!
>
> > There were six SP's for NT4, 3 (or is it 4) for Win2K,
>
> No, that's not a good argument at all. The product was out for several
> years. These are expected. Even RHEL and SLES have several, formal
> updates -- largely to emulate the "expected update model" of a
> traditional, shrink wrapped OS.
>
> > at least 2 for XP.
>
> Actually, the significant one is SP2 for XP. Again, as I mentioned
> above, SP2 for XP basically "re-closes" all the "hacks" made in NT5.1/XP
> for application compatibility versus NT5.0/2000.
>
> > Considering that a large proportion of the patches in those SP's were
> > for critical security issues,
>
> Actually, it's deeper than that. Unless it is in a SP, many "point
> patches" are _conflicting_. The biggest and most problematic one to
> date (that goes _underreported_) were the 2 that _silently_ uninstalled
> the patch that would have prevented SQL Slammer.
>
> At the Fortune 100 company I was at, a lot of people's "bocks were on
> clock" because management thought they weren't "keeping current." Thank
> God for the release notes (as well as one article, from IDG I believe?)
> that showed it wasn't because of "lack of patching."
>
> I think there is a lot to be said when Microsoft blamed SQL Slammer on
> "lack of patching" and did not even take responsibility in their
> conference call and follow-up press releases -- when they _knew_ their
> lack of "patch detail" caused it. Why? Because even their own
> departments with SUS/SMS were hit, and hit hard! Those running 3rd
> party patching solutions typically avoided getting hit.
>
> My #1 question to _any_ prospective Microsoft Solutions Provider is what
> patch management solution they deploy. Typically, the bigger they are
> (e.g., MS Gold Partners), the more they push SUS/SMS. Finding that
> rare, smaller integrator is _crucial_, because they know when to use the
> "Microsoft answer" and when not to -- just for 100% _Windows_ networks.
> ;->
>
> > I don't see how their software could be considered secure. To quote
> > Bugs Bunny, "What a maroon"!
>
> Pushing DLLs and new features through MS IE, features written for
> "Chicago" and not NT, from '96 until '02 -- that's their Achillies Heel
> right now. All those features, all _required_ by _any_ software written
> in Visual Studio 5 through even 7+ (2000+) products -- all totally
> _ignorant_ of the NT/Win32 security model.
>
> And .NET is virtually _no_where_ to be found. Except in, ironically,
> current GNOME 3 development. Yes, GNOME 3 is most likely going to be
> the most advanced .NET desktop when NT6/Longhorn client is released.
>
>
> --
> Bryan J. Smith b.j.smith@ieee.org
> --------------------------------------------------------------------
> Subtotal Cost of Ownership (SCO) for Windows being less than Linux
> Total Cost of Ownership (TCO) assumes experts for the former, costly
> retraining for the latter, omitted "software assurance" costs in
> compatible desktop OS/apps for the former, no free/legacy reuse for
> latter, and no basic security, patch or downtime comparison at all.
>
>
> -----------------------------------------------------------------------
> This list is provided as an unmoderated internet service by Networked
> Knowledge Systems (NKS). Views and opinions expressed in messages
> posted are those of the author and do not necessarily reflect the
> official policy or position of NKS or any of its employees.
>
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:56:19 EDT