[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Anti-Virus Software ?



On Fri, 2004-10-08 at 16:39, John Thompson wrote:
> Matthew Miller wrote:
> 
> > On Fri, Oct 08, 2004 at 02:32:02PM -0500, John Thompson wrote:
> > 
> >>exploits.  If this were true, however, we would expect that in markets 
> >>where Windows has less penetration -- e.g. internet severs, where 
> >>Windows servers comprise ~40% of the market -- that Windows should only 
> >>suffer ~40% of the exploits in this arena.  That is not what we see, 
> >>however: even with ~40% of the internet server market, Windows still 
> >>suffers ~95% of the significant exploits.  One can conclude from this 
> >>that Windows is inherently less secure than other platforms.
> 
> > One can conclude all sorts of things. :)
> > 
> > But the one you've picked doesn't necessarily follow. 95% of desktop share
> > might lead to increased incentive and ability to develop exploits, which
> > then _happen_ to also work when the same OS is used in other markets --
> > leading to more exploits there than you would expect by looking at that
> > segment in a vacuum.
> 
> But the vast majority of desktop exploits involve Internet Explorer and 
> Outlook and/or Outlook Express.  Neither of these should be doing much 
> on internet *servers* and conversely, IIS and other Windows server 
> exploits should have little relevance to desktop users. So I think my 
> point still stands...
> 
> -- 
> 
> -John (john os2 dhs org)

It stands only when you consider my statements earlier about being all
things to all people.  You are exactly right, those items should _never_
be on a server.  However, have you ever tried to use SQLMail in SQL
Server?  It _requires_ Outlook installed for certain (MAPI?) dlls.  I
have maintained all along that there is no reason for any Windows server
to run a GUI by default.  (Totally irrelevant to my point though...). 
This is going to be MS's undoing.  Total integration is not a good
thing.  Unless you build completely separate codebases for server and
workstation.


--------------------------------------
Mark Haney
Network Administrator
InterAct Public Safety Systems
mhaney interactsys com
Fedora Core release 2 (Tettnang) Kernel: 2.6.8-1.521 GNU/Linux 
16:40:15 up 8:58, 2 users, load average: 10.16, 9.14, 8.57 

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]