On Sun, 2003-11-02 at 22:02, David Demland wrote: > Remember the only reason that Microshaft is being hit with all the major > security problems is because it is the largest target. Before they became > the major security target it was Bind that was the target. Anytime there is > just one large target all the other targets will be overlooked. It is when > all the targets are close to the same size that it would be much harder for > any of the targets to be singled out. This is the point that needs to be > realized before the barrier to entry will be lowered enough that the > consumer will benefit. This is incorrect. Windows has a fundamentally bad security history on all fronts. They have and still do sacrifice security for various usability goals. Virii are domanent on windows platforms because of these bad decisions. Windows didn't even have user rights until windows NT4 (3?) however of course dos,win95,98,me were used by most until xp. And even now xp ships with the default user having full admin privs. The separation of root access and user access is most novice users first lesson and fundamental to any security. If this wasn't bad enough their email programs have been the prime enablement of email virii propagation. All the services run system level by default. Almost all of their server services have had continuing serious security problems. The sharing features default to no password and the messenger service allows unsolicited messages to be displayed, this has prompted almost all ISP's (including the one I run) to block all of this traffic to protect our customers from this software. Does this sound like a company that takes security seriously? Or perhaps they are so deep in crap code now they have just given up. So why would a Free Software system like Linux be in a much better position if the tables were turned? 1. Like organic life, diversity is a main player in minimizing catastrophic failures. Linux is distributed by many many companies and organizations. This in addition to the ability to easily modify your default configuration lead to a good up front software diversity. 2. Knowledge is power, Linux is an incredibly well known system thanks to being popular Free Software. This enables problems (not only security ones) to be fixed quickly, and more importantly correctly. 3. Choice. Don't like bind's issues? Don't like sendmail's problems? Then why are you using them? Use qmail, postfix or anything else. Or one of the many other dns servers. Granted you have this choice to some extent under windows also, however the good choices even under windows are also free software so why run windows at all ? 4. Unix has been from the start a multi user system, therefore most Linux programs have the multi user concept. Windows did not have this until recently, and therefore most programs have no concept whatsoever about users or security. Many very widely used apps rely solely on a simple share and drive map situation. Windows and most apps that run on it store individual user data in absurd places like the registry rather than in the users file based profile. Obviously I could go on forever how windows is inferior in design and policy. However I will wrap up with one quick concept. Microsoft a few months back stated that Linux had just as many security problems as windows had, of course this is inaccurate and twisted. However lets hypotheticly say this is true, if windows manages to come up with as many security problems as Linux does without being open source than just imagine what is left to be discovered. All things being equal which is more secure? I'll pick Linux. Entelin