Quote:
Originally posted here by nihil
[B]Where did you get that erroneous assumption from? It is actually at SP4 and still tries to run IIS by default (OK IIS has been patched somewhat). My point is that users have been exposed to IIS running by default for a
considerable period of time
Win2K Pro SP4? It's only a major OS release out of date. Perhaps it was rather assumptive to say Service-packless (but then, that brings to my mind the question of whether or not your "built up default install" is actually a default install anymore), however my principal point about comparing like systems still stands.
Quote:
My objection to MS is that they release things running by default that are not required neccessarily. The user should be prompted to select or reject these before installation.
Actually, quite a few other people do this as well. Microsoft is learning too. Does IIS come with XP Pro turned on by default? Judging a piece of software's present by its past is a fruitless effort.
Quote:
We are not talking about linux distributions here? so what is the relevance of this comment?
Your statements were about what OSes do as a default install. For a long time RedHat was a prime example of a corporate linux with a horrid security record because of its on by default policy.
Quote:
I would have thought the issue was whether you understood the difference between an "exploit" and a "vulnerability" . A vulnerability is only a problem if:
1. You actually use that stuff (remember I have noted that you may be doing so unwittingly with MS)
Again, in OLD operating systems. Let's dredge up NT's problems and claim Microsoft's stuff now is utter crap why don't we? I mean, that's what you are doing. I have a suggestion for you. Try actually using these newer versions of operating systems before you start slagging a company for being shitty security wise.
Quote:
Now, let me explain a few realities to you ;) there are in this World, a large number of people who do nothing other than search for vulnerabilities in Microsoft Operating Systems........that is how they earn their living or hope to gain glory. Some even go to the lengths of producing POCs.............so, you have unwittingly produced another flaw in your own argument....... :D
These security firms ALSO research vulnerabilities in other operating systems such as Linux, MacOS, etc... The concept that it can't be more secure because it doesn't have as large an audience fails when you compare the facts. Windows is attacked a larger percentage of the time than it has market share, almost to the exclusion of other operating systems. IIS was attacked FAR more (hundreds of times so) than it had market share, and it sits in the minority in webserver market share. Following your flawed line of thinking, Apache should have far more vulnerabilities in it than IIS should, and yet since 2003 (IIS6) both have had decent records. IIS 5 had its issues, and as a result was attacked still far more. If there are already industry examples where your argument fails, how can you reliably say it will apply to another example -- in this case, current MacOS vs current Win2K3?
I'm sorry, but *that* is called pulling stuff outta your ass.
Quote:
I really do wonder what would happen if the same attention was given to another OS?
You'd probably find the disparity isn't what you assume, and that other operating systems are more secure through design. I think MacOS is perfectly capable of being a decent, hardened desktop operating system.
Quote:
A bit like the old military dialogue "very pretty, but can they fight?".....MS have been in the "front line" for years. No-one else has, in terms of being attacked.
That's entirely debatable.
Quote:
If you do not believe me, please take a trip on the "dark side"........they do not leave MAC and *nix alone because they are too difficult they do it because they do not consider it worth the effort........at this moment in time :eek:
Now that's a good laugh.
Quote:
Finally, you have chosen not to answer my question as to why you introduced an IIS vs Novell argument into a thread that was patently about OPERATING SYSTEMS ...........you are aware that neither of those are operating systems?
Quote:
And yes, I can read, so I do not need to learn.......perhaps you should consider some brushing up of analytical thought processes?
You know nihil, you are a funny guy. Not sure where the hell you got Novell from, but maybe you should rethink whether you need to learn to read.
As for why I brought APACHE into this thread, it was for the simple purpose of pointing out there are already industry examples of software that has dominant market share and yet has far fewer vulnerabilities than another smaller contender (IIS). This can translate into quite an obvious commentary on how flawed it is to assume that MacOS has as many or more vulnerabilities simply because it has smaller market share.
Quote:
Originally posted here by The Duck
People running Redhat are not soft users... Most of them know about those services running by default and will turn it off if they don't need it... But let's keep on topic here...
Sweeping generalizations that are assumed to be 100% true are always good to fall back on eh?
The fact of the matter is that that was FAR from true at the time. It was actually due to clueless Redhat users that a quasi-infamous linux worm got to spread.
Quote:
If you've never heard that windows is attacked more because there is more windows computers... Then you have to get out of that rock your hiding under... You think we're pulling this out of thin air??
I've heard the concept, and frankly think it's BS. I think you are pulling it out of your ass that MacOS will prove to be as or more vulnerable (as in, not anymore secure) than Windows 2003 or Windows XP (depending on Server or Desktop versions).