[PLUG] Dealing with security

[Ed Sawicki]

On Mon, 2003-02-03 at 17:52, Steven A. Adams wrote:

> > I'm thinking that the solution is to shift the emphasis
> > away from Linux as a secure operating system to the
> > administrator. It's the administrator who makes a system
> > secure - not an operating system. When security problems
> > occur, we should not complain about Windows, we should
> > complain about administration. If company management puts
> > the pressure on their administrators to solve security
> > problems, more secure solutions, like Linux, should
> > eventually bubble to the top.
>  
> But Ed, the administrator can not force Microsoft to produce any
> security fixes. In fact, even discussing vulnerabilities in that OS
> could force one to fall prey to DMCA heart-ache, head-ache and possible
> prosecution. Just as a vague example of the attitude that those
> unfortunate individuals have to deal with, read the EULA (quite the
> fancy acronym for End-User License Agreement) for the Microsoft .NET
> Framework - it clearly states that by accepting this License Agreement
> you will NOT discuss any benchmark findings with .NET to anyone without
> the express written consent of Microsoft (I ran into that one over the
> weekend while setting up my dual boot workstation).

But that's the point. Windows administrators can't solve many
of the security problems. It's beyond their control.If company
management insists that they do, they'll be forced to search
for better solutions and tell management that changes must occur
if their demands are to be met. As it is now, most Windows
administrators are silent co-conspirators.


>  With an arrogant,
> publish only the good, attitude like this, would it be possible that the
> opinion of an administrator is going to make a difference when the CFOs
> of the world just keep signing checks for more Windows? I'm sorry, I
> think not.

Than what's the solution?

-- 
Ed Sawicki <ed at alcpress.com>
ALC