Re: IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs. IBM monopoly

From: J. Clarke (nospam1@nospam.invalid)
Date: 04/20/03

• Next message: J. Clarke: "Re: IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs. IBMmonopoly"
• Previous message: J. Clarke: "Re: IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs. IBM monopoly"
• Maybe in reply to: J. Clarke: "Re: IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs. IBM monopoly"
• Next in thread: David Froble: "Re: IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs. IBM monopoly"
• Reply: David Froble: "Re: IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs. IBM monopoly"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: J. Clarke <nospam1@nospam.invalid>
Date: Sun, 20 Apr 2003 11:40:03 -0400

In article <00A1BAF7.D4960A23@SSRL.SLAC.STANFORD.EDU>,
winston@SSRL.SLAC.STANFORD.EDU says...
> In article <b2tin001p3s@enews2.newsguy.com>, J. Clarke <nospam1@nospam.invalid> writes:
>
> >> Meanwhile, I can still see NIMDA, Code Red, and that latest port 1433
> >> virus still slamming their way around the internet. Windows was designed
> >> for private networks, and then jury-rigged to work with the internet.
> >
> >Uh, those virii are not relying on anything inherent in Windows.
> >
> >A virus similar to the Port 1433 virus could be written to attack the
> >System/390 or the AS/400 or VMS just as easily--it depends on the
> >administrator failing to put a password on the administrator account for
> >SQL Server. Since (a) SQL Server is not a part of Windows, it is an
> >applications that runs under Windows, and (b) any administrator who
> >doesn't at least put an effing password on the root account deserves
> >what happens. Putting _any_ password, even "password" on the SQL Server
> >sa account should block that particular virus. And the SQL Server
> >installation procedure _does_ give an opportunity to rename the account
> >and to put a password on it during the initial installation. Further,
> >for SQL Server to do damage to anything except itself, it has to be run
> >at a higher privilege level than is necessary.
>
> But, see, this is why software monoculture is bad. Even if it's the fault of
> incompetent sysadmins that Port 1433 has SQL/Server listening on it and not
> requiring a password, the fact that there are _so many_ systems like that, and
> so high a percentage of the IT substructure is affected, that it's a bad thing
> in itself.

The undesirability of a software monoculture doesn't really have
anything to do with Microsoft per se, so it's not really relevant. If
God decreed that there never was a Microsoft then some other vendor
would likely establish market dominance after a while and you'd have the
same situation.

> >NIMDA spreads using Outlook, Outlook Express, and/or IIS, none of which
> >are fundamental parts of Windows. Microsoft has issued patches for
> >their products which address this particular issue and any administrator
> >who has not installed them is remiss. In any case, NIMDA can be
> >completely blocked by running a mail client other than Outlook or
> >Outlook Express, a Web browser other than Internet Explorer, and using a
> >Web server other than IIS.
>
> Microsoft claimed in court, at length, than Internet Explorer was a
> fundamental part of the operating system. Who should we believe about that
> - them or you?

Why do you suddenly want to believe them on _this_ issue?

In any case, they never claimed that Outlook or IIS was a part of the
OS.

> >Code Red exploits a known vulnerability in IIS, for which there is a
> >patch available. Again, this is not anything fundamental to Windows.
>
> Only kind of. Windows doesn't easily enforce a distinction between code
> and data space - as VMS does - so buffer overflow vulnerabilities can more
> easily introduce executable code. In VMS, it's likelier that a buffer
> overflow will result in an access violation, which does allow a denial of
> service attack but keeps VMS boxes from participating in spreading the
> virus further, or from being compromised with no external trace.

This may be the case, however an undetected buffer overflow is a bug,
and a bug in privileged code is always undesirable no matter what the
OS.

> >And for "uninformed users", there is no excuse whatsoever to not keep
> >your patches current--Windows annoys the Hell out of you with messages
> >about needing patches any time there is a patch available.
>
> People ill-advisedly running 24x7 mission-critical infrastructure on
> Windows have trouble shutting down to install patches.

So when did IIS or Outlook or Outlook Express become part of 24x7
mission-critical infrastructure? And why is 24x7 mission-critical
infrastructure not properly firewalled? And why did the database
administrator on this 24x7 mission-critical infrastructure not bother to
put a password on the administrative account on his SQL servers? And if
this 24x7 mission-critical infrastructure can't support a phased
deployment then what happens when it loses a node?

> >There are problems with Windows, but blame it for what it does, not for
> >what applications running under it do.
>
> I blame Microsoft in general, but Windows both has vulnerabilities of its
> own and enables vulnerabilities in application software.

Every OS has vulnerabilities. If you think they don't you are deluding
yourself.

> -- Alan
>
> ===============================================================================
> Alan Winston --- WINSTON@SSRL.SLAC.STANFORD.EDU
> Disclaimer: I speak only for myself, not SLAC or SSRL Phone: 650/926-3056
> Paper mail to: SSRL -- SLAC BIN 99, 2575 Sand Hill Rd, Menlo Park CA 94025
> ===============================================================================
>
>

-- 
--
--John
Reply to jclarke at ae tee tee global dot net
(used to be jclarke at eye bee em dot net)

---

• Next message: J. Clarke: "Re: IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs. IBMmonopoly"
• Previous message: J. Clarke: "Re: IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs. IBM monopoly"
• Maybe in reply to: J. Clarke: "Re: IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs. IBM monopoly"
• Next in thread: David Froble: "Re: IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs. IBM monopoly"
• Reply: David Froble: "Re: IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs. IBM monopoly"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Administrator account logon ... MS-MVP Windows XP/ Windows Smart Display ... >>the Administrator account on the new Windows XP logon ... >>for Enable Administrator Account ... MS-MVP Windows XP/ Windows Smart Display ... (microsoft.public.windowsxp.security_admin) Re: Password Protected Screen Saver and Administrative Password ... the console is routinely locked by administrator ... is to give them a local administrator account, ... There are versions of winexit.scr available for windows 2000 and 2003 ... > release a server password protected screen-saver ... (Focus-Microsoft) [Full-Disclosure] Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows l ... Windows XP home edition hides the administrator account and disables access ... Subject: Vulnerability in IBM Windows XP: default hidden Administrator ... > In previous versions of Windows, the install would allow you to ... (Full-Disclosure) Re: Outlook errors ... security issue, a "Standard User" cannot install the software, an ... "Administrator" can. ... I just need to reinstall Outlook ... Error Messages When You Try to Run Office Setup on Windows XP ... (microsoft.public.outlook.installation) Re: Administrator Privileges ... HOW TO Take Ownership of a File or Folder in Windows XP: ... > administrative profile for Administrator. ... >>>> In XP Pro edition, run GPEDIT.MSC, and look for a policy setting. ... >>>>> administrator account became a partial administrator. ... (microsoft.public.windowsxp.help_and_support)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)