Re: [OT] News readers (was Re: A missing feature of APL expressed

Stefano Lanzavecchia wrote: 
>
>
> If you try hard enough you'll find that many e-mail readers can be forced 
to
> do that. Microsoft is not the only software producer whose products contai
n
> code that suffers from buffer overflow exploits. Microsoft is only the mos
t
> targeted because it's the most popular. If one day Solaris dominated the
> market you can rest assured that hackers would find it much more interesti
ng
> for their games. And would discover many interesting ways to make
> everybody's lives a bit miserable.
> If one runs a web server written in APL, he won't fall prey of all the IIS
5
> exploits. But if somebody wanted to ruin his day it wouldn't take long to
> discover ways for this to happen.

Aaarrggghhhh!!!! Bollocks Stef.

1. Microsoft was the one that started this whole business of automatic execu
tion of
content in emails. They were convinced that the average user wanted the conv
enience
and disregarded the warnings that they were given by many people. I know of 
no other
company (I may be wrong) who produce email readers that will, by default, ex
ecute any
damn thing that is presented to it. Not content with that, this blanket
execution-by-default was also included in word processors, spreadsheets, etc
 without
any thought given to security. Bloody ridiculous. Only relatively recently h
ave a
rash of security patches come out. Amazing how they are now the company seen
 as
"security aware" when they caused problems that they were warned about repea
tedly.

2. Microsoft operating systems are targeted most frequently by crackers (not
 hackers)
is because they are the easiest to break into. In fact, the majority of thes
e
breakins are performed by script kiddies. As far as larger web sites (and em
ail
servers, ftp servers, etc) go, UNIX-like operating systems _do_ dominate: on
ly Mickey
Mouse web sites (and desk tops) run on Mickey Mouse operating systems. Plent
y of
people attack UNIX-based sites. Their success rate is lower because UNIX is
inherently more secure/stable/whatever. To illustrate this, NovaWeb's 3 (Sol
aris) web
servers have now been running for 917, 843 and 232 days (the last was a cont
rolled
shutdown, not a system failure, to replace a failed disk). During that time 
we have
not had a single successful attack or any other stop or delay in our service
. We have
had many hits.

3. If you run ANY web server other than IIS (whatever version) you won't fal
l prey to
IIS (whatever version) exploits. I have been running apache for years and ha
ve never,
AFAIK, fallen prey to any exploit. True, I'm not a prime target, but my web 
server
was getting hit by many of the viruses that have spread havoc amongst PCs ov
er the
last few years, at one point to the tune of several hundred hits per day, wi
thout any
concern on my part other than the size of the log files.

4. We always get around to the same thing. Try reading the "In This Issue" o
f the Dec
2003 ;login: (http://www.usenix.org/publications/...3-12/index.html),
particularly from the CyberInsecurity section on page 3, for the scary truth
 about
Windows, Microsoft, and Security. This is an unbiased editorial.

Now please reread my previous posting. I have no intention of turning this i
nto yet
another tiresome argument, but I have to respond to blatant ignorance.

Bob H

--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GO/! d- s++:+ a+ C++(++++) US++++$ UB++ U*++ P+++ L+++ E--- W+++ N++ w--- O-
M+ V- PS+ PE+ Y+ PGP t+ 5++ X R* tv+ b+ DI++ D G e(*) h++/-- r+++ y?
------END GEEK CODE BLOCK------

-----------------------------------------------------
Bob Hoekstra: APL & Unix Consultant
Telephone:    +44 1483 771028
Mobile:       +44 7710 562345
Email:        Bob.Hoekstra@HoekstraSystems.ltd.uk
-----------------------------------------------------