Common problems with Ubuntu

Thu Jun 3 00:31:46 IDT 2010

Some random links about the topic of MS security I ran into, and
reminded me of this discussion:
Marc Maffier (cofounder of eEye) on Windows security
http://news.cnet.com/8301-27080_3-20002317-245.html
"Now when you look at Microsoft today they do more to secure their
software than anyone. They're the model for how to do it. They're not
perfect; there's room for improvement. But they are definitely doing
more than anybody else in the industry, I would say."
"And you think Apple is taking it seriously too now?
Maiffret: Oh yeah. It's even a little scarier with them because they
try to market themselves as more secure than the PC, that you don't
have to worry about viruses, etc. Anytime there's been a hacking
contest, within a few hours someone's found a new Apple vulnerability.
If they were taking it seriously, they wouldn't claim to be more
secure than Microsoft because they are very much not."

Cisco on using MS SDL development process to secure their code
http://blogs.cisco.com/security/comments/the_cisco_secure_development_lifecycle_an_overview/
"Microsoft has also been a valuable partner as both a model for SDL
and also as a sounding board for Cisco as we developed and adapted
their concepts to meet the unique attributes of our development
environment and needs."

On Wed, May 12, 2010 at 7:54 AM, Elazar Leibovich <elazarl at gmail.com> wrote:
> I think you have to make a distinction between older MS software (such as
> XP) and newer ones (such as 7). For example you defenitely don't run as
> administrator in Windows 7, and you've got a built-in sudo like system.
> I, like some people who replied, had bad experience managing Windows
> machines, and it was usually viruses. However in recent versions I noticed
> that even at the hands of the inexperienced users, and without any virus
> scanner, the system stays relatively clean.
> The point about Windows complexity and background compatability is true and
> taken. It is against security, and maybe it tips the balance against MS and
> Windows related products security-wise.
> The other remark which I highly disagree is that there's no need to convince
> me. I'm discussing here in order to be convinced, and I'm usually glad when
> someone enlightens me.
>
> On Tue, May 11, 2010 at 3:17 PM, Micha Feigin <michf at post.tau.ac.il> wrote:
>>
>> On Tue, 11 May 2010 04:08:39 -0700
>> Elazar Leibovich <elazarl at gmail.com> wrote:
>>
>> > Not at all!
>> > Google for "Microsoft SDL", it was not always the case, but nowadays
>> > they
>> > have excellent security awareness.
>> > For example, see evidence for the change here:
>> >
>> > http://blogs.msdn.com/david_leblanc/archive/2010/04/16/don-t-use-office-rc4-encryption-really-just-don-t-do-it.aspx
>> >
>>
>> Lets start with the problem that Microsoft encourages all users to be set
>> as
>> administrators by default. It's almost impossible to be a regular user
>> usually
>> and just switch momentary to administrator for small administration tasks
>> ...
>>
>> Managing simple folder / file permissions is also a difficult task (doing
>> complex permissions is complex on unix as well though)
>>
>> > On Mon, May 10, 2010 at 3:17 PM, Gilboa Davara <gilboad at gmail.com>
>> > wrote:
>> >
>> > > On Mon, 2010-05-10 at 22:10 +0300, Elazar Leibovich wrote:
>> > >
>> > > > For example, Microsoft is now known for excellent security review
>> > > > practices. Whichever MS software I choose, I can rest assured that
>> > > > it
>> > > > will be relatively on the high end of security.
>> > >
>> > > Hidden sarcasm?
>> > >
>> > > - Gilboa
>> > >
>> > >
>> > >
>> > > _______________________________________________
>> > > Linux-il mailing list
>> > > Linux-il at cs.huji.ac.il
>> > > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>> > >
>>
>> _______________________________________________
>> Linux-il mailing list
>> Linux-il at cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>