From owner-freebsd-chat Thu Mar 2 11: 8:17 2000 Delivered-To: freebsd-chat@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 930C037BD75; Thu, 2 Mar 2000 11:08:15 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 9062A2E815C; Thu, 2 Mar 2000 11:08:15 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Thu, 2 Mar 2000 11:08:15 -0800 (PST) From: Kris Kennaway To: Jonathon McKitrick Cc: freebsd-chat Subject: Re: any news on w2k in the world? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 2 Mar 2000, Kris Kennaway wrote: > Security isn't a matter of options, it's a process. All of the security > knobs in the world won't help you if the product has a poor implementation > of the security model. After 5 years in the field, they're STILL finding > and fixing security bugs in Windows NT 4. Actually, I should amend the above for the sake of accuracy. Microsoft doesn't, and have never really done, much in the way of finding their own security bugs in released products. They usually rely on outside people to discover the hole, spend a while denying it exists (probably to cover themselves while they furiously try to fix it), then eventually release a patch (the first version of which isn't properly regression tested and breaks a lot of other things), eventually (sometimes months later) releasing a security bulletin which takes all the credit for finding the bug themselves. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message