Get the ECT News Network Editor's Pick Newsletter » View Sample | Subscribe
Welcome Guest | Sign In
E-Commerce Times TechNewsWorld CRM Buyer LinuxInsider

E-Commerce Times Talkback

ECT News Community   »   E-Commerce Times Talkback   »   Re: Gartner Casts Doubt on MS Security Commitment

Re: Gartner Casts Doubt on MS Security Commitment
Posted by: Robyn Weisman 2004-02-14 00:51:49
See Full Story

In response to Microsoft's latest vulnerability announcement, a group of security analysts at Gartner has released a research note that advises enterprises against using Windows Server 2003 in mission-critical applications exposed to the Internet before the second quarter of 2004. The note also recommends that enterprises install the latest Microsoft patch on all PCs and servers, block vulnerable ports as they are identified, correctly configure enterprise firewalls, and install personal firewalls on all PCs and intrusion prevention software on all business-critical Windows servers.

Re: Gartner Casts Doubt on MS Security Commitment
Posted by: bangular 2004-02-14 01:20:54 In reply to: Robyn Weisman
Gartner is fickle. They will ride the waves. If MS is popular they will tout them as the inventors of democracy and the american way. When a new worm comes out they will shun them and say they invented tornados. It's good business for them. Almost every analyst out there today is full of crap anyway. What they want is the most print time. They say whatever is going to get them printed, because that's more money for them. The people who you should listen to the opinions of are programmers and hackers (and crackers ;) They sit in front of this code day in and day out. Without them there would be no computers. They are the most insightful people in the entire freakin industry, yet these idiot analysts get the print time.
Not to say I don't think MS isn't incompetent. They are in the 3rd year of their "secured computing initutive." These last years have been the worst in their history. And they don't care! It's cheaper for them to spin the stoy than it is to audit their code. If they _really_ cared about security, they could have secured windows. Something as simple as a non-executable stack and randomized memory address space would significantly slow down or even stop 99% of the buffer overflow-related worms. Instead, we see worms infecting tens of millions of computers in under five minutes.
I think what was found in one of the comments of the leaked source sums up their entire attitude towards security. "may be off by -1".
On the subject of how much of the total source code was leaked, it's 13 million lines. I don't care if that's 1% or 100%, 13 million lines of code is an obscene amount. Consider this: there is a generally accepted rule that there's about one mistake per thousand lines of code. Some idiot pundits are going around saying most of the win2k holes have been closed. This is simply not true. Some of these exploits are in code that dates back to the late '80s. Microsoft doesn't release new products, they slap new code on top of old products. So the current versions of windows share 90% of their code with each other. Much of this VERY old code. If they think most of win2k's buffer overflows have been found, I can't wait to see the look of surprise when winsock2 is pwnd and every application that uses it is pwnd along with it.
p.s. quit it with the flash ads. I practice what I preach and use linux on the desktop; and flash for linux is awful and uses a lot of cpu time. Especially for 5 flash ads in one page. gif animations aren't that bad. I can deal with those. What I don't want to deal with is cpu usage jumping to 30% every time I visit your site.
Jump to:
When considering the credibility of an article I read online, I am most influenced by...
The organization or operator of the website that published the article
The journalist(s) who wrote the article
The sources quoted in the article
The quality or style of the writing
The individual(s) who brought the article to my attention
Whether the article has myriad shares or social media activity
My own knowledge or intuition