Common problems with Ubuntu

Common problems with Ubuntu

Steve G. wordz2u at gmail.com
Wed May 12 02:29:38 IDT 2010


I left windows on my last remaining because I got tired of having to wait
hours for the virus scans every time I turned on the machine. True that was
with XP, but a company that thrives on market domination, corruption to
accomplish said domination, and is known to have bugs around for years, is
not someone who I trust with security. It is simply that security and
everything but the kitchen sink in the code, including legacy compatibility
and legacy code, do not go together.

I worked for a while at a software house, and we had to write code around MS
bugs because they would not fix them, even though we were a development
partner. These were not security bugs, but regardless, they were not
sensitive to the needs of their developers, except maybe the largest
customers.

I have never had any problems with any of my Linux installations, and only
one virus was ever found with my OS-X machines. In contrast, I had numerous
problems with my windows machines, even after fresh installs and updates.

That said, I don't think in this forum we should try and convince people or
convert them to what we think. If the gentleman is content with MS security
(and I am taking his words at face value, not a bait), let him use it and
enjoy the outcome.

Just my two cents.

Zvi.

On Tue, May 11, 2010 at 4:21 PM, Micha Feigin <michf at post.tau.ac.il> wrote:

> On Tue, 11 May 2010 23:50:49 +0300
> Elazar Leibovich <elazarl at gmail.com> wrote:
>
> > I guess we'll stay divided, but still, for the sake of the completion I
> want
> > to clarify my argument.
> > My point is, that some security decisions (for example, the "Tuesday
> patch"
> > you mentioned), even if they are very wrong (and obviously, MS security
> guys
> > would beg to differ) doesn't play a very big role in the overall security
> of
> > your products.
> > However good software engineering practices plays a big role, and MS is
>                        -----------------------------------------------
>
> you're joking, right?
>
> They are still at the point of let's get it into the market and worry about
> making it work right later on
> (see windows Vista, or Fichsta as I like to call it for example. Win 7 is
> still
> not half there either, see the new graphic driver model for examples which
> you
> won't believe how much trouble it causes, virtual memory on the video card
> handled by the operating system behind the drivers back ...)
>
> > doing that big time, and putting a lot of resources for secure software
> > development. So the question whether or not the Tuesday Patch is a good
> > idea, and whether or not full disclosure is a good idea matters much less
> > than the question whether or not they have security expert evaluating the
> > security of each and every software signed by MS.
> > About the complexity of Windows and backwards compatibility, it is indeed
> an
> > issue which any company which develops for Windows need to handle with. I
> > really don't see how is it related. Keep in mind that MS is making much
> more
> > software than just the windows OS.
> >
> > On Tue, May 11, 2010 at 8:49 PM, Gilboa Davara <gilboad at gmail.com>
> wrote:
> >
> > > On Tue, 2010-05-11 at 20:23 +0300, Elazar Leibovich wrote:
> > > > Why do you think that MS believe in security by obscurity? I believe
> > > > that security problems in MS products are generally speaking being
> > > > released to the wild.
> > > > Why I think MS products has better chance to be secure than your
> local
> > > > Joe Software shop, because they're having strict policies which are
> > > > supposed to enforce that:
> > > > 1) The SDL development process, which includes fuzz testing the
> > > > software specifically against security breaches. Every MS software
> > > > must undergo that. Do regular software you use do?
> > > > 2) Cryptography awareness. Every product which uses crypto must be
> > > > authorized by a specialized crypto group. Crypto is a thing which is
> > > > easy to create and hard to verify. Is Winzip encryption algorithm
> > > > being reviewed by crypto expert? I'd rather know that the software I
> > > > use had a strong peer review.
> > > > Correct me if I'm wrong, but this two processes are hardly seen in
> > > > other places of the software industry.
> > >
> > > ... I doubt that any of the above has anything to do with the points I
> > > raised in my previous post, but never-mind, lets agree no to agree.
> > >
> > > - Gilboa
> > >
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Linux-il mailing list
> > > Linux-il at cs.huji.ac.il
> > > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> > >
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 
Check out my web site - www.words2u.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20100511/5fd2febe/attachment-0001.html>


More information about the Linux-il mailing list