Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : How high will Microsoft fly? -- Ignore unavailable to you. Want to Upgrade?

To: gao seng who wrote (56856)	3/26/2001 1:19:34 AM
From: Dave	Read Replies (2) \| Respond to of 74651

Gao, you're wrong about that worm. The fix for the security hole has been out for a couple of months, and the worm has just been found. And since it only affects DNS servers, which are typically only run by ISPs, who upgrade Linux security patches very regularly, I wouldn't be surprised if it affects almost nobody at all. As far as how ridiculous it is to compare an Outlook exploit to a DNS exploit, I would venture to guess that over the past few years, Outlook exploits have cost worldwide businesses at least hundreds of times, if not many thousands of times, as much as DNS exploits have. So if the comparison is ridiculous, that's only because of how very damaging Outlook's lax security is. Dave

To: gao seng who wrote (56856)	3/26/2001 5:17:39 PM
From: dybdahl	Respond to of 74651

Hi, Gao. Microsoft Outlook is a wonderful tool for hackers who want to get confidential papers from the CEO's computer. Remember that virus scanners only find the KNOWN viruses, whereas viruses that are special designed for a specific organisation is a serious hacker-threat which most organizations would nevery find out. In Linux, most worm fixes are released BEFORE the worm comes out. This worm was like that. Since I know that the vulnerabilities don't exist at our ISP customers, and because all the rest of our customers don't have public DNS servers, I know that they were not vulnerable to the worm. It's that easy. But I can tell you how fast it is to implement a fix for the worm. If you use Debian Linux I would say 10-15 seconds, depending on how fast you type. On Red Hat Linux I think it comes automatically if you use Red Hat Networks Services, which means ZERO seconds. On most other systems you will have to download a file and double click it, which means some minutes, depending on your internet connection etc. And yes, these are actual times for servers that are doing production, and it can be done without service interruption (there are always at least 2 DNS-servers). It is not relevant to talk about an upgrade from BIND 4 to the latest version in this case. That would compare to upgrading a Windows 4 server to Windows 2000 if a security issue arises. How fast can you do that on a production system? I bet you couldn't do that upgrade without a service interruption. You arguments would fit perfectly on Windows. Not Linux. Lars.