[rescue] New worm?

Greg A. Woods rescue at sunhelp.org
Wed Sep 19 22:10:52 CDT 2001


[ On Wednesday, September 19, 2001 at 18:15:39 (-0700), Jon wrote: ]
> Subject: Re: [rescue] New worm?
>
> I'd love to take this same mindset regarding NT but it's flawed. *nix is
> full of it's own bugs/worms.

Unix and Unix-alikes have fewer than an order of magnitude fewer lines
of code than NT.  Probably two orders of magnitude fewer than M$-Windoze
2000 Server Edition.  (that ratio's only even that close by including
X11, fonts, documentation, *EVERYTHING* in your average *BSD line count!!!!!)

That means even at the same fault-density there are at least an order of
magnitude fewer bugs in any Unix or Unix-alike, right from the get go.

Then you add on third-party software to M$ systems, almost all of it
designed with the very same cavalier attitude to security that M$ leads
the pack with, and you've got more bugs than all the citizens of China
could ever swat down!  ;-)  [Or as a famous American said more than
once:  "Billions and Billions!"]

However with at least the *BSDs there's been more critical peer review
on every single line of code than all of Microsoft and their few source
licensees could ever afford to hire to do on their own code.  Indeed
there have undoubtably been more bugs fixed, even weighted by code
density, in the *BSDs over the past couple of years than M$ could ever
afford to do (I'm not talking $$$ but rather the "total cost" of
managing such an effort).

All in all the *BSDs collectively are probably the least buggy operating
sytems on the planet outside of what NASA run on the space shuttles
(except maybe a few of the IBM mainframe systems that have been around
for decades and have been maintained with almost the same scrutiny and
care the NASA developers use) -- y'all have read that bit about how NASA
develops the shuttle software, right?  REAL engineering that is!

Unfortunately the number of bugs in M$ software is not even the real
root of the problem here.  Even without the "bugs" M$ software has not
been securely designed.  They have fundamental flaws in their very most
basic assumptions of how to compute and network safely -- they lost the
race before they even got to the track.  Until they learn that security
is important no matter what it does to market share, they'll never even
have a starting position.

Until more software "engineers", and expecially M$ management, learn to
be *real* Professional Engineers (TM), the M$ marketplace is doomed to
suffering from virii, worms, trojans, and maybe soon worse.  I know this
is a horrible thought to consider, and maybe still too sensitive a
subject to use as an example, but what if the planes that rammed the WTC
and Pentagon had done so due to software bugs and/or software design
flaws (just as several early Airbus crashes were most certainly caused)?

> The only reason NT get's more attention
> regarding this sort of thing is due to it's "popularity" (I'm using that
> term loosely)

Well, the "popularity" of M$ systems certainly does have an effect on
the weighting of the statistics, but it doesn't change the bottom line:

> On Wed, 19 Sep 2001, Dave McGuire wrote:
> > 
> >   I wish these idiots would learn that connecting Windoze to the
> > Internet is NOT a good idea.
> > 
> >   "But I NEEEEEEEEEED it!"  ...morons.

I couldn't have said it better Dave!  ;-)

(My SO got called "bitchy" for immediately pulling the Ethernet patch
cords out of all the M$ servers at her office yesterday at 9:30am.  Then
was asked why she didn't install a stolen version of some anti-viral
crap that wouldn't have protected them anyway.  She spent all day helping
the Windoze admin re-install and dis-infect servers.  Makes you wonder....)

Friends don't let friends use M$ software.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods at acm.org>     <woods at robohack.ca>
Planix, Inc. <woods at planix.com>;   Secrets of the Weird <woods at weird.com>



More information about the rescue mailing list