Some random links about the topic of MS security I ran into, and reminded me of this discussion: Marc Maffier (cofounder of eEye) on Windows security http://news.cnet.com/8301-27080_3-20002317-245.html "Now when you look at Microsoft today they do more to secure their software than anyone. They're the model for how to do it. They're not perfect; there's room for improvement. But they are definitely doing more than anybody else in the industry, I would say." "And you think Apple is taking it seriously too now? Maiffret: Oh yeah. It's even a little scarier with them because they try to market themselves as more secure than the PC, that you don't have to worry about viruses, etc. Anytime there's been a hacking contest, within a few hours someone's found a new Apple vulnerability. If they were taking it seriously, they wouldn't claim to be more secure than Microsoft because they are very much not."
Cisco on using MS SDL development process to secure their code http://blogs.cisco.com/security/comments/the_cisco_secure_development_lifecycle_an_overview/ "Microsoft has also been a valuable partner as both a model for SDL and also as a sounding board for Cisco as we developed and adapted their concepts to meet the unique attributes of our development environment and needs." On Wed, May 12, 2010 at 7:54 AM, Elazar Leibovich <elaz...@gmail.com> wrote: > I think you have to make a distinction between older MS software (such as > XP) and newer ones (such as 7). For example you defenitely don't run as > administrator in Windows 7, and you've got a built-in sudo like system. > I, like some people who replied, had bad experience managing Windows > machines, and it was usually viruses. However in recent versions I noticed > that even at the hands of the inexperienced users, and without any virus > scanner, the system stays relatively clean. > The point about Windows complexity and background compatability is true and > taken. It is against security, and maybe it tips the balance against MS and > Windows related products security-wise. > The other remark which I highly disagree is that there's no need to convince > me. I'm discussing here in order to be convinced, and I'm usually glad when > someone enlightens me. > > On Tue, May 11, 2010 at 3:17 PM, Micha Feigin <mi...@post.tau.ac.il> wrote: >> >> On Tue, 11 May 2010 04:08:39 -0700 >> Elazar Leibovich <elaz...@gmail.com> wrote: >> >> > Not at all! >> > Google for "Microsoft SDL", it was not always the case, but nowadays >> > they >> > have excellent security awareness. >> > For example, see evidence for the change here: >> > >> > http://blogs.msdn.com/david_leblanc/archive/2010/04/16/don-t-use-office-rc4-encryption-really-just-don-t-do-it.aspx >> > >> >> Lets start with the problem that Microsoft encourages all users to be set >> as >> administrators by default. It's almost impossible to be a regular user >> usually >> and just switch momentary to administrator for small administration tasks >> ... >> >> Managing simple folder / file permissions is also a difficult task (doing >> complex permissions is complex on unix as well though) >> >> > On Mon, May 10, 2010 at 3:17 PM, Gilboa Davara <gilb...@gmail.com> >> > wrote: >> > >> > > On Mon, 2010-05-10 at 22:10 +0300, Elazar Leibovich wrote: >> > > >> > > > For example, Microsoft is now known for excellent security review >> > > > practices. Whichever MS software I choose, I can rest assured that >> > > > it >> > > > will be relatively on the high end of security. >> > > >> > > Hidden sarcasm? >> > > >> > > - Gilboa >> > > >> > > >> > > >> > > _______________________________________________ >> > > Linux-il mailing list >> > > Linux-il@cs.huji.ac.il >> > > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> > > >> >> _______________________________________________ >> Linux-il mailing list >> Linux-il@cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
