[Coco] Re: OS Vulnerabilities (Was: Paypal )

James Ross jr at webross.com
Tue Mar 2 01:46:04 EST 2004


Dennis B-+athory-Kitsz wrote:

>[Aren't] all OSes vulnerable because they are complex, multi-purpose systems
>written by many people under varying testing conditions and, most
>importantly, systems intended to handle massive quantities of unpredictable
>external activity?

Absolutely. Not because it "should" be that way though.  IMO, they are
that because of rapid growth with the bottom line being, don't
re-invent the wheel.  The foundation on what the current OS's are
based on comes from an age where security was not even a blip on the
radar. If it was, it was security through obscurity; something that
does not work. The same principles that were in place 10 - 30 years
ago, in many cases, still are.

>The difference is desirability. Why waste your time creating a virus for an
>OS few people actually use or ...

I would not think that one would want people knowing about their
Trojan Horse silently collecting passwords in the background, if they
planned to use that information.  To these people, the goal is for how
long can it go undetected?

JR




More information about the Coco mailing list