SRO: Microsoft’s Not The Only Security Foul-Up

“Microsoft gets all the red ink, but that’s not fair. Yes, I
just said that we’re not being fair to Microsoft. (That was not a
typo.) …of the latest 10 problems as of March 8 on
Security-Focus’ listing of security vulnerabilities, only one
the Clip Art, rests completely on Microsoft’s doorstep. Of the
others, only one
, a problem with Internet Security Systems
(ISS) RealSecure products, is Windows-centric. Of the others,
three of them are Linux problems.”

“Shocked? Don’t be. All of the Unixes, including BSD, Linux, SCO
and Solaris, have more than their share of security problems. Think
about it. The recent rash of distributed denial-of-service (DDoS)
attacks were all launched from unsecured Solaris systems. And, much
as I rag on Outlook, the all time champion application for security
holes must be that Unix mail transfer agent, which still sends most
e-mail along its way: Sendmail.”

“To do security right, you have to be updating your programs and
operating systems constantly. … Windows, Linux, whatever. If you
want your systems to be trouble-free, you need to take a lot of
trouble. Hard work and due diligence are the only real security