Catch:
Quote:
Giving us the same system would demonstrate nothing on the importance of the system type
I dunno if there is a typo there - I'm reading it as "nothing _of_ the importance" since it seems more logical in the context and am answering my reading of it..... If I'm wrong - Oh well.... I was wrong once before..... ;)
Er... No. It proves nothing regarding system type. If I was skilled on your AITOS6 system and we went head to head the system is just as irrelevant as if we used Win98. Then it comes down purely to the Admin. The better admin will produce the more secure system given the same systems. All you prove by putting your AITOS6 systems against a real-world system is that you have more dollars and more time - and then were back to the uneven playing field again. With all things equal then it is the human that makes the difference in the long run.
Quote:
Having a secure system configured as badly as damn near possible be more secure than another system heavily locked down proves my point soundly
But your bad admin on your super-secure box _will_ be bitten in the @$$ someday by someone with the time and the talent - which is my point. You appear to be moving the question away from the use of an admin towards a "better" OS. Our original difference was the fact that a good admin on any system is _not_ irrelevant to the security of the box - it was subsequent to that that you brought up the fact that system matters..... That isn't the point since the discussion is about the real-world rather than the super secure/dollar cost/time invested systems to which you are now referring. Plainly, if I'm using a system written by a moron and your using a system written by the most talented and security conscious group of programmers on the planet then the question of admins making any difference becomes moot. And again, that is not the subject I took issue with.
Quote:
If your argument was correct, it wouldn't matter what systems we used, yours would be configured better and would therefore be more secure by your logic on how it all comes down to the admin.
Now that statement is simply flawed logic on your part. Look at it like this: There's a building with 50 floors. You have a ladder that is 500 feet long and you give me a ladder that is 50 feet long and challenge me to reach the same level as you by using only the ladder. What chance do I have?????? That's what you are giving me in your example - a fifty foot ladder. Now if we both start with a 500 foot ladder and you get vertigo before I do then I will attain a higher level on the building than you. You had a chance - but you were not as able to use the same equipment as successfully as I did. Hence, ladders being equal, the ladder climber is more important - which is what I am arguing, and have been all along.
Quote:
This would be a myth except for your use of the very vauge terms "normal" and "general."
Which you promptly followed with:-
Quote:
The only way you can tell it is different is my using a normal exploit against it.
Well, you got me on that one..... Sorry, I found it very funny...... ;) But with regard to the point you are making I really don't fear the "normal" exploits..... Because I know about them, they are published and my systems are either mitigated against them or patched against them or both. The problem comes from the "abnormal" exploits - and yes, your going to tell me that your on super-secure box it is easier to pick up on the fact that it has been exploited - but the reality is it was exploited just like my poor little Win98 box..... Exploited is exploited, period, and just like the fact that no matter how tough you think you are there is always someone tougher out there the same applies here - no matter how good you think your OS and security measures are if someone can get to the box then they can find a way in eventually. All you are doing by using your system as an example is to put off the inevitable longer than I can.
