Dark Bilious Vapors

But how could I deny that I possess these hands and this body, and withal escape being classed with persons in a state of insanity, whose brains are so disordered and clouded by dark bilious vapors....
--Rene Descartes, Meditations on First Philosophy: Meditation I

Home » Archives » August 2004 » This brings a new meaning....

[« From Juan Cole today:] [Ron Reagan lays out the case against Bush.... »]

08/18/2004: This brings a new meaning....

to the term "total cost of ownership". From The Evil Empire:

Microsoft has been waiting for security researchers to say that its Windows operating system has a lower total cost of ownership. One finally has, but that's not good news.

On Friday, David Aitel, a noted security professional and managing director of vulnerability assessment firm Immunity, published a paper stating that "owning" a computer--hacker-speak for compromising a system--is easier if the target computer runs Windows. While couched in puns and jokes, the paper takes a serious stance on the security of Windows compared with modern Linux, Aitel said.

The Aitel paper marks the first time that a security professional with hands-on experience of hacking both Linux and Windows systems has weighed in on the issue. His conclusion: The security of Windows computers is easier to breach than modern Linux computers, despite more than two years of work by Microsoft to secure its operating system under its Trustworthy Computing initiative. Microsoft declined to comment on the paper.
I said it the moment I first heard about the "Trustworthy Computing" initiative.

Trustworthy Computing my ass.

Len on 08.18.04 @ 12:49 PM CST


Replies: 4 comments

on Wednesday, August 18th, 2004 at 2:34 PM CST, josh said


Hasn't this pretty much seeped into the common conscience by now?

I read an article the other day that the lifespan of an unpatched MS computer in the wild these days is 20 minutes.

on Wednesday, August 18th, 2004 at 2:59 PM CST, Len Cleavelin said

It's seeped into common consciousness, but the significance is, I think, that this is the first acknowledgement in a formal paper by a security professional who has experience with securing both Windows and Linux.

And the scary thing about the 20 minute figure is that it's going to take a lot longer than 20 minutes connected to the 'net to download the appropriate patches. Better to get them on a CD, and get the first level of patch (W2K SP4/XP SP1) installed *before* connecting the machine to the 'net.

on Thursday, August 19th, 2004 at 12:17 AM CST, bryan@dumka.com">Bryan said

The 20 minutes assumes a "bare" Windows machine, without the firewall or virus software. Manufacturers now enable both when they shop the machines to give the owner a prayer of downloading fixes before they get attacked.

I run XP because my clients do, but I use Mozilla and Pegasus. I would be much happier if I could delete IE, but they won't let you do that.

The XP update is supposed to be available with several magazines, so I won't be downloading it.

on Thursday, August 19th, 2004 at 8:20 AM CST, Len Cleavelin said

I'm hearing that XP SP2 breaks a whole bunch of programs. Big surprise, I know. Another proof of the principle that no Microsoft software is out of beta until v. 3.1 at least....

True that the 20 minute figure does assume lack of a firewall (I don't know if anti-virus software would stymie those worms that do network probes to find unpatched machines). Fortunately for me, I do run my home boxen behind a hardware firewall; not all home users are that savvy, alas.

At my work, I've been fighting a rearguard action against XP for a couple years now, but of course that's a losing battle, since new hardware comes with XP pre-installed. Still, I go Firefox and Eudora (paid mode--if I could I'd marry the spam filter in that one) for my default browser/email.

Anybody remember "Windows 98 Lite"?--some hacker developed a way of stripping IE from Win98 and had it out there for download/general use. Why hasn't some enterprising hacker done the same for Win2k/XP?

New Comment

August 2004

Archives of Blogger site

Powered by gm-rss

Len's sidebar:
About Len (The uncondensed version)
Memorial to a dear friend
Frederick W. Benteen
The Web of Leonards
The St. Louis Cardinals
The Memphis Redbirds
The St. Louis Browns
The Birdwatch
Hey! Spring of Trivia Blog
BlogMemphis (The Commercial Appeal's listing of Memphis blogs)
The Guide to Life, the Universe, and Everything

Len's extended blogroll:

Brock's Sidebar:
About Brock
Boing Boing
Crooked Timber
Dispatches from the Culture Wars
Heretical Ideas
John and Belle Have a Blog
Jon Rowe
Letters of Marque
Literal Minded
Marginal Revolution
Matthew Yglesias
Oliver Willis
Political Animal
Positive Liberty
Signifying Nothing
Unqualified Offerings

Karen's Sidebar
About Karen
The Ig-Nobel Prizes
The Annals of Improbable Research
The Darwin Awards
EBaums World
Real Clear Politics
U.S. News Wire
Foreign Affairs
The Capitol Steps
Legal Affairs
Nobel Laureates for Change
Program On International Policy
Law of War
Sunday Times
Media Matters
Is That Legal?
Andrew Sullivan
Literal Minded
Jon Rowe
Freespace Blog
Thought Not
Publius Pundit
Blog Maverick
Rosenberg Blog
Crooked Timber

The Rocky Top Brigade:

Rocky Top Brigade Sampler

A New Memphis Mafia

The liberal alternative to Drudge.

Get Firefox!

Cardinals Countdowns:
Days until pitchers and catchers report:
Your browser doesn't support Java applets.

Days until first Grapefruit League game (3/3/05; @ NYM):
Your browser doesn't support Java applets.

Days until Opening Day (4/5/05; @ HOU):
Your browser doesn't support Java applets.

Days until Home Opener (4/8/05; vs. PHI):
Your browser doesn't support Java applets.

How many visitors are here:

Blogrings/Blog indexes/Blog search:
« ? Verbosity # »

Listed on Blogwise
Popdex Citations
Blog Search Engine

Greymatter Forums
template by linear