Security Innovation's Microsoft/Linux web server security study
Posted Mar 25, 2005 23:38 UTC (Fri) by
job (subscriber, #670)
In reply to:
Security Innovation's Microsoft/Linux web server security study by wilreichert
Parent article:
Security Innovation's Microsoft/Linux web server security study
That is just not true. In many cases the operating system may expose
extra attack vectors. For example, in Microsoft Windows a process that
has access to the GUI system automatically has access to elevated
privileges, by design. This can't be fixed without breaking a lot of old
applications.
How do you stop the NetBIOS-over-IP processes in Windows? The answer is
you don't, not in a controlled way that update and repair tools won't
restore for you again. You block the ports in your firewall and cross
your fingers there is no unprivileged exploit on the local subnet.
But of course, these and many others well known peculiarities with
Windows will never be "fixed" and has no "report date". So you'll never
find them in Microsoft sponsored studies. But the facts speak for
themselves: security is much harder to attain with a poorly thought out
operating system.
(
Log in to post comments)
