On 2006-12-23, Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> posted something concerning:
> __/ [ Nick Ballard ] on Saturday 23 December 2006 11:20 \__
>
>> On Sat, 23 Dec 2006 01:13:30 +0100, Roy Culley wrote:
>>
>>> http://www.eweek.com/article2/0,1895,2073611,00.asp
>>>
>>> Underground hackers are hawking zero-day exploits for Microsoft's
>>> new Windows Vista operating system at $50,000 a pop, according to
>>> computer security researchers at Trend Micro.
>>>
>>> The Windows Vista exploit - which has not been independently
>>> verified - was just one of many zero-days available for sale at an
>>> auction-style marketplace infiltrated by the Tokyo-based
>>> anti-virus vendor.
>>>
>>> This was discussed on a mailing list, full disclosre I think. Someone
>>> mantioned who would pay that amount of money for an exploit to an OS
>>> that won't be widely adopted for momths if not a year or more. The
>>> response was it was cheap. 0-day exploits for XP can bring in $100,000
>>> or more.
>>>
>>> Is there no end to MS 'innovation'! :-)
>>
>> I guess Vista really will be profitable for third-party developers...
>
> The humorous side of it is great, but we ought to be worried, no matter what
> software or O/S we use. Yesterday I had a very long discussion with a
> colleague of mine. E-mail has been rendered useless to many, the UK economy,
> he says, loses around 50 billion pounds (dollars?) due to 'security' issues,
> so sometimes I just think that we, as Linux advocated, should be happy(ier)
> to find that Windows is becoming /more/ secure. In any event, I convinced
> him to start using his Linux partition (everyone has one around here, but
> surely Microsoft counts that as a Dell/Windows PC... one more for the stats
> arguments).
I *am* happy that Windows becomes more secure. The problem is it can
never become secure enough. So I look forward to the day when it's no
longer a problem infecting all of us.
But I'm not really worried about the current situation. Yes it's bad.
Yes it bothers me. But it's going to end up being a self-correcting
problem. Eventually businesses and users will be fed up enough with the
crappy situation and demand a real change. Once that happens, Windows
is histoire.
--
The reason I view security as a binary value is that if your level of
security can change, without the the code changing (ie, someone discoevers
a hole), then the code was never secure in the first place.
-- Erik Funkenbusch Message-ID: <181oxog41hplq.dlg@xxxxxxxxxxxxxxx>
|
|
