[CS-FSLUG] NI: Longhorn following Unix on security?
Frank Bax
fbax at sympatico.ca
Wed Jul 13 08:51:46 CDT 2005
At 06:31 AM 7/13/05, åç¢ Wei-Yee Chan (Made in Chinar) wrote:
>Microsoft's delayed Longhorn operating system appears to be taking a
>page from the Unix management book by curbing user's administration rights.
>
>http://www.theregister.co.uk/2005/07/11/longhorn_security/
>> Microsoft-sponsored Security Innovation study published in June
...[snip]...
>> The study, part of Microsoft's "Get the facts" campaign, claims SQL Server
>> had zero vulnerabilities over the course of the year compared to seven for
>> MySQL and 30 for Oracle 10g.
1) I found this a little hard to believe, so I did some searching. It
didn't take long to find this:
http://www.microsoft.com/technet/security/Bulletin/MS03-031.mspx
How is it possible that a "cummulative" security patch can be released the
month immediately following the study, and yet the software had no
vulnerables for the 12 months prior to study?? Is a vulnerability only
counted when the patch to fix it is released? Were patches leading up to
the "cumulative" patch all released after the study as well?
2) The whole issue of Admin rights in Windows appears to be distorted by
this article. WinXP already has the ability to create non-admin
users. The real problem is that many windows software packages require
admin rights to run properly. Until software developers test their
products using non-admin accounts, the problem will continue.
Frank
More information about the Christiansource
mailing list