how-to block ads
|
BosstonesOwn
join:2002-12-15
Everett, MA
clubs:
 ·Comcast
| Re: WHY.... Actually thier code is quite good.
It is not really intended to be used over such small pipes and even the white sheets admit that. But it is very secure now and the people buying it are finding the security is a big part of the bloat.
I guess you can't have it both ways eh ?
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!" | |
|  
Fatal Vector
join:2005-11-26 | Re: WHY....
If their code is "quite good" why is every application they put put out full of holes, exploits and problems? | |
| | BosstonesOwn
join:2002-12-15
Everett, MA
clubs:
·Comcast
| Re: WHY.... said by Fatal Vector  :If their code is "quite good" why is every application they put put out full of holes, exploits and problems? Not every application MS puts out is full of holes. And the code is very clean and concise the bloat they are having issues with is authentication based and codec based.
Those themselves are 2 separate problems, you don't understand the whole system so you lump it all together.
Also the reason they are "full of holes" is because their applications reach further then any company. They have more of a foothold then other companies and are a wide target.
Why does MS money not have many holes ? Even when it is integrated with their passport system ? Why is it that MS map point doesn't have holes ? Simple they haven't been scrutinized enough because they are not wide spread enough.
Oh heres another for you ! Why is linux so full of holes , exploits , and problems also ? It's all about reach , understand the market and then you will understand reach.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!" | |
| | | itguy05
join:2005-06-17
Camp Hill, PA
| Re: WHY.... quote:
Also the reason they are "full of holes" is because their applications reach further then any company. They have more of a foothold then other companies and are a wide target.
The most widely used Web server is Apache. The most hacked is IIS. MS code just sucks period. Has little to do with market share.
quote:
Why does MS money not have many holes ? Even when it is integrated with their passport system ?
Last I heard, Money was more popular than Quicken. And neither really have holes. Last time I looked at Money, it was very tightly integrated into IE, so that alone makes it full of holes.
quote:
Why is it that MS map point doesn't have holes ?
Yeah, let's hack MapPoint. | |
| | | | BosstonesOwn
join:2002-12-15
Everett, MA
clubs:
·Comcast
| Re: WHY.... Apache has its flaws as well as IIS don't try and say they don't.
If ms code sucks period then tell me what OS you use ? And please feel free to admit you use windows.
For an application so tight to IE then why hasn't some one come to light with a hack to get into Money to steal personal info ? I know when we use money in my department we track everything from our corporate cards, to what we buy from staples, yet never an issue with it, weird I thought most flaws were from activex and java, ohh lets not forget idiot user syndrome.
Why not hack map point ? You do realize that it drives many of the fortune 500's vehicle tracking systems right ? Like when we track every vehicle in all our fleets , we do it with map point on a server cluster with enough bandwidth to completely saturate a 10 gig link, that is motivation for any hacker that wants to pump out pirated material , or pump out a crap load of virii or bots in a short period.
Let's not forget also that map point is the driving force for many real estate web sites and some banking sites direction services.
Now let's keep going with why not hack map point. Any flaw that can allow control of the system is a serious threat no matter what app even if it's map point, if it gives the attacker a chance for any entrance it's a bad thing. Maybe if more IT people would realize this then we would have less virii in the wild tearing down networks.
Wanna go any more off topic ?
and by the way if your anti MS then just uninstall windows and no excuses about how your kid uses it for games or such. Sorry bunch of hypocrites that bash ms yet fail to install any alternative. Better yet go buy a mac.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!" | |
| | | | | itguy05
join:2005-06-17
Camp Hill, PA
| Re: WHY.... quote:
Apache has its flaws as well as IIS don't try and say they don't.
Never said it was flawless. All software has flaws. Point is the criticality of the flaws. MS software has more critical flaws on average than their competitors.
quote:
I thought most flaws were from activex and java, ohh lets not forget idiot user syndrome.
Hello? What do you think makes Money's stuff so pretty? Activex, which thanks to MS's wy of thinking is now inseprably bundled into the core of Windows. So any A|X control that gets installed can have escalated privelages.
quote:
Why not hack map point ? You do realize that it drives many of the fortune 500's vehicle tracking systems right ? Like when we track every vehicle in all our fleets , we do it with map point on a server cluster with enough bandwidth to completely saturate a 10 gig link, that is motivation for any hacker that wants to pump out pirated material , or pump out a crap load of virii or bots in a short period.
I just don't see that - a quick Google search for Vehicle tracking systems and the few I visited didn't require Map Point. Then again, I don't work in a business that does vehicle tracking. But I have a hard time believing (other than from a MS PR paper) That most F500 companies use MP.
Certainly you guys picked the inferior solution since according to MS, Mappoint is more a desktop solution than a server solution.
quote:
Now let's keep going with why not hack map point. Any flaw that can allow control of the system is a serious threat no matter what app even if it's map point, if it gives the attacker a chance for any entrance it's a bad thing.
But why hack the crappy MapPoint app when it's easier to hack the OS it runs on - Windows. And since you can only run MP on Windows, it's guaranteed that every MP installation will also contain a highly exploitable OS it makes sense to inject your code in the OS.
quote:
Maybe if more IT people would realize this then we would have less virii in the wild tearing down networks.
No, as an IT professional myself, what we need to do is educate people on 2 things:
1) Dangers of Windows - it is a very dangerous OS
2) Dangers of a "standardized environment" - When everything is the same, a common vulnerability has the potential to wipe out your entire business. If you run your ship on Windows (scary thought) and some new worm comes out, you could loose all your critical apps. If you had a mix of Win, Linux, Mac, Solaris, AIX, etc you would only potentially loose the whole thing.
quote:
and by the way if your anti MS then just uninstall windows and no excuses about how your kid uses it for games or such. Sorry bunch of hypocrites that bash ms yet fail to install any alternative. Better yet go buy a mac.
Bzzt, wrong. I make my living fixing Windows and educating on the downfalls of the OS. Also certified in RedHat and soon to be AIX. And guess what, I have owned Macs exclusively for the past 4.5 years. So, no hypocrite here. | |
| | | |
|
