matthew@byu.edu: [uug] Microsoft's "Competing with Linux"
Mailing List Account for Jason Runyan
jrunyan.lists at dms.nwcg.gov
Wed May 14 21:40:58 CDT 2003
On Wednesday 14 May 2003 16:21, Michael Brailsford wrote:
> Here is a little something that I thought might be of interest.
When MS, and the stat people they pay to stand up as independent resources
talk vulnerabilities, they do many things.
- They ignore severity, because most of the UNIX vulns have lower severity
- They lump UNIX core applications, and common applications together
- They lump all UNIX together
This is how they get thier numbers to be lower. I remember the zlib
vulnerability flagged so many applications and OSs on CERT it was ridiculous,
but fixing ZLIB in an environment with shared libraries fixed them all. The
apps weren't vulnerable, just a lib they used. Windows only had 2 or 3 items
affected by the vulnerability, and third party software wasn't counted in the
numbers. The real question to ask is, at your data center which machines
have given some or all of thier resources to an unauthorized user from
outside your firewall? That is really what matters, and I suspect the UNIX
variants will come out ahead in most homogenous networks.
--
You are only young once, but you can stay immature indefinitely.
More information about the Kclug
mailing list