|
On Tue, 14 May 2002, Leif Svalgaard wrote: > From: James Rich <james@eaerich.com> > > On Tue, 14 May 2002, Leif Svalgaard wrote: > > > The frequency of 'getting virused' is a function of how popular a product > is, > > > not of how 'good' it is. The product used the most is the most popular > > > target for viruses. Products nobody uses are much less targeted. > > > This is also the main reason OS/400 doesn't have many viruses. > > > > This is not completely true. Apache is the most popular web server on the > > planet, yet has far fewer security problems than IIS. > > Show me a study that lists all the security problems over the lifetime > of each product and we can compare facts rather than folklore. I don't have the actual study but I'm sure Gartner Group's recommendation to avoid IIS was not based on folklore. Come on, Leif, everybody knows that IIS is a steaming pile of crap when it comes to security. It is a target not because it is the most popular, but because it is so easy to break. Remember Code Red? Now to try to bring this thread back to where we got started: supporting browsers other than IE. Do we really want the same people who continuously create such awful software (as regarding security and reliability) as IIS, IE, and Outlook to be the company that decides how the internet should work? Should we allow *any* one company or individual to decide that? Absolutely not. That is the reason to code to open, published standards and avoid proprietary extensions and formats. What should have been learned from early Netscape browsers is that using proprietary extensions is bad. But if we use IE extensions then we ignore the lessons of the past. > I really meant my statement in the negative: a product that "nobody" > uses is rarely a target. This may be true. Targets are chosen for several reasons. Often (like Code Red, Nimba, and most other Microsoft targeting virii) any target will do that is vulnerable. Sometimes targets are chosen because of who they are. Government sites receive many attacks every day. You can bet that credit card companies also receive many attacks simply because of who they are, not what they are running. Sometimes a particular type of machine or service is a target, like backbone routers. And very often targets are chosen because they are easy. James Rich james@eaerich.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.