[windows2000] Re: OT: I've Had it with Outlook
- From: Chris Berry <chris_berry-list-windows2000@xxxxxxxxxxxxxxxxx>
- To: windows2000@xxxxxxxxxxxxx
- Date: Thu, 25 Mar 2004 18:35:09 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ray at home wrote:
|>-----Original Message-----
|>From: Chris Berry
|
|>You're really stretching here. *shrug* Outlook has consistently come
|>out in the top ten of security problems, that's enough for
|>me but maybe you have different priorities. Just because it's
|>everywhere doesn't mean it's good, sendmail for example.
|
|
| Okay, here we go with this again...
Hey, I have an obligation to keep you entertained somehow.
| And why does Outlook have security
| problems? Because it's a program.
Because it's a poorly written program that was designed without security
as an objective, it's the perfect example of featurism at all costs.
| All programs have flaws, some of which have implied security concerns.
True.
| Does sendmail have security problems? Of course it does.
Yes! As a matter of fact I was attempting to hold it up as an example
that bad programming isn't limited to Microsoft products (and not all of
those are bad either).
| Have they all been found? No.
Of course not.
| Why?
Because there are SO MANY OF THEM.
| Who's going to waste his time trying to find them?
Security professionals looking to make a name for themselves,
disgruntled employees, criminal hackers, etc.
| If I'm a malicious person looking for
| security holes in an application that I can exploit, I'm going to use
| whatever's most popular. You hear about Ford Explorers rolling over
and all
| that, right? Does that mean that 79 International Scouts don't roll over
| ever? Sure they do, but how often do you even see one on the road? Just
| because it's not everywhere, doesn't mean it doesn't have security
problems.
That is also true, obcurity can buy you time but not safety.
| When you can create an operating system or a powerful e-mail program that
| has no flaws, please let me know. Then I'll install your application on
| your operating system. Until then, please rethink your security by
| obscurity policy.
Well no flaws I can't do, but here is some interesting data:
In a recent survey of MTA market share:
~ 1. Sendmail 37.1% - 31 vulnerabilities
~ 2. qmail 17.0% - 3 vulnerabilities
~ 3. Microsoft (Exchange, etc) 15.4% - 21 vulnerabilities
~ 4. imail 6.0% - 29 vulnerabilities
~ 5. unknown 5.1% - Unknown
~ 6. Postfix 4.1% - 4 vulnerabilities
~ 7. Exim 3.9% - 6 vulnerabilities
Email Clients (sorry, couldn't find market share data for this one)
Outlook - 63 vulnerabilities
Mozilla Email Client - 2 vulnerabilities
Mutt - 7 vulnerabilities
Eudora - 20 vulnerabilities
Pine - 14 vulnerabilities
Pegasus Mail - 3 vulnerabilities
So basically my Mozilla on qmail system would be 16.8 times less likely
to come out with a new vulnerability over the next year than your
Outlook on Exchange one. Now, statistics can be misleading at times,
but come on, the sheer scale of the difference has to be saying
something don't you think?
| P.S. I'm not good at analogies! I say that at least once a day in
| conversation. I'm not sure why. I think I used to be okay at them,
but now
| I suck. So, you don't have to say that Explorers vs. Scouts is a stretch.
| I already know that! :P
Actually I though that was a pretty decent analogy, however you'd need
to look at the number of rollovers per vehicle. You're on kind of a
slippery slope though because physical problems don't replicate as easy
as software ones.
- --
Chris Berry
chris_berry@xxxxxxxxxxxxxxxxx
Systems Administrator
JM Associates & Coast Business Service
"He who laughs last probably made a back-up." --Murphy's Seventh law of
computing
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAY5bdkAS13ByzgbsRAixCAJ9vxEsqfjGpP/2PURK9NAg/tvGZYwCgrmF4
HsOyHqqYL+2wiSPlJAg5s04=
=GBMM
-----END PGP SIGNATURE-----
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
