Re: How To Abandon Microsoft
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: How To Abandon Microsoft

From: Anne & Lynn Wheeler <lynn@garlic.com>
Date: Tue Sep 27 2005 - 07:15:17 CEST



Mxsmanic <mxsmanic@gmail.com> writes:


> Being lean does not make an OS secure, although it often makes it


> easier to _verify_ that an OS is securely _configured_.


>


> For example, in UNIX, if a server is being used for a few specific


> purposes, it's usually easy to figure out exactly what openings there


> are into the machine from the network, and secure them.  Windows has a


> lot of undocumented network openings that must be found and closed to


> lock down the machine.



succinct & KISS may not only make it easier to verify but also 


contribute to higher integrity implementations.



as an undergraudate, i gave presentation on the subject at a mainframe


user group meeting in aug68 held in boston. technology was widely used


on secure mainframe deployments in the 60s & 70s.



there have been some number of conferences over the past year


speculating that security for current environments might have to wait


on widespread deployment of the same technology (back to the future).



random sprinkling of misc. references mentioning the issue


http://therealadam.com/weblog/archives/2005/01/09/virtualization-as-security-savior/


http://www.networkworld.com/news/2004/112204ecbriefs.html


http://www.infoworld.com/article/04/11/15/HNamdvirtual_1.html


http://www.infoworld.com/article/05/08/22/34TCvmware_1.html


http://castlecops.com/article-6242-nested-0-0.html


http://storage.itworld.com/4620/050804emcceo/


http://www.hp.com/products1/unix/operating/sep05.html


http://www.intel.com/technology/computing/vptech/


http://www.forrester.com/Research/Document/Excerpt/0,7211,36574,00.html


http://www.internetnews.com/dev-news/article.php/3462351


http://www.securitypark.co.uk/article.asp?articleid=24207&CategoryID=11


http://www.virtual-strategy.com/article/articleview/1130/1/6/


http://www.vmware.com/community/thread.jspa?threadID=21676&tstart=0


http://www.xbitlabs.com/news/other/display/20040908094339.html


http://www.softricity.com/news/webinar-archive.asp?eventID=coresecurity


http://www.veritest.com/services/virtualization.asp


http://www.hardwarecentral.com/hardwarecentral/reports/5798/1/



you can get a lot more hits by using terms security, virtualization



old past with small part of the aug68 presentation ... mostly about


significant thruput performance I had obtained by rewritting major


portions of the kernel over the previous couple months (vendor was


picking up the changes and turning around and shipping in standard


product).


http://www.garlic.com/~lynn/94.html#18



back in the old days of free software ... before the transition for


charging ... misc. postings on some of the transitions from the old


days of free software and the age of charging for software


http://www.garlic.com/~lynn/subtopic.html#unbundle



-- 
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/


Received on Thu Sep 29 21:58:11 2005