TIP: Click on subject to list as thread! ANSI
echo: nthelp
to: Adam Flinton
from: Rich
date: 2004-06-08 09:04:10
subject: Re: Spin
From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_0026_01C44D37.8FDCF8A0
Content-Type: text/plain;
        charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

   Do you consider all products with a word in product name in common to =
be a single product?  I'm surprised.  This means that all products with =
Linux in the name are one.  Your vulnerablity numbers would be through =
the roof.  Is that really how you want to spin things now?

Rich

  "Adam Flinton"  wrote in message =
news:40c5bb5c$1{at}w3.nls.net...
  Rich wrote:

  >    Adam's claim, at least what you claim is Adam's, is bogus.  You =
want=20
  > to count redhat vulnerbilities you count everything in the product.  =
If=20
  > you want to compare this count of redhat vulnerabilities to =
something=20
  > else that is fine too.  If you want to use this comparison to =
support=20
  > some conclusion, well, you better be comparing counts of something=20
  > appropriate for the conclusion being made.  In the case of Russ, not =

  > only were his numbers inaccurate, they were misleading and didn't=20
  > support his conclusion.
  >


  Rich, you're full of it. If you want to count "windows" vulns then by=20
  your own reckoning you are at the mercy of not the tech people in MS =
but=20
  the marketing people e.g. hummmm let's have a look at say:

  http://www.microsoft.com/windowsserver2003/sbs/default.mspx

  or even:

  http://www.microsoft.com/windowsserversystem/default.mspx

  & gee guess what....there's lots of stuff which come under
"Windows"=20
  e.g. the "Windows Small Business Server" & the
"Microsoft Windows =
Server=20
  System".

  Would you like me to list what is included within "Windows" in those =
2?

  On the Windows Server system you can get:

  "=95 Windows Server 2003
  =95 Application Center
  =95 BizTalk Server
  =95 Commerce Server
  =95 Content Management Server
  =95 Exchange Server
  =95 Host Integration Server
  =95 Identity Integration Server
  =95 ISA Server
  =95 Live Communications Server
  =95 Operations Manager
  =95 SharePoint Portal Server
  =95 Speech Server
  =95 SQL Server
  =95 Systems Management Server
  =95 Windows Small Business Server 2003
  =95 Windows Storage Server"


  & gee it looks like as part of the "Windows Small Business Server =
2003"=20
  you get such "OS features" as SQLServer & Exchange.


  Adam


  > Rich
  > =20
  >=20
  >     "Geo."  wrote in =
message
  >     news:40c3b7f4{at}w3.nls.net...
  >     Adam claimed only the Linux kernel counted when counting vulns =
since
  >     embedded
  >     linux (or whatever it's called) was nothing more than that. You
  >     claimed that
  >     whatever was included in the distribution RedHat counted as a =
RedHat
  >     vuln.
  >=20
  >     Now I'm claiming that if MS included sendmail and bind in =
Windows
  >     2006, any
  >     sendmail or bind exploits would count as security issues thus =
making
  >     Windows
  >     2006 less secure than previous versions. It appeared to me you
  >     disagreed with
  >     that logic, do you?
  >=20
  >     Geo.
  >=20
  >     "Rich"  wrote in message news:40c3abe5{at}w3.nls.net...
  >        I have no idea what your "least common demoninator"
approach =
is
  >     so I can't
  >     comment.  I never suggested anything with that name or to which =
I
  >     would apply
  >     that name.
  >=20
  >     Rich
  >=20
  >       "Geo."  wrote in =
message
  >     news:40c389bf{at}w3.nls.net...
  >       "Rich"  wrote in message news:40c363bd{at}w3.nls.net...
  >       >>   Not when trying to make apples to apples comparisons such =
as
  >     claiming
  >     one
  >       version is more or less secure than another version.  If you =
just
  >     want to
  >     count
  >       things, and you can tell from this discussion there isn't
  >     agreement on what
  >     or
  >       how to count, then including bind and sendmail would result in
  >     more things to
  >       be counted.<<
  >=20
  >       I see, so saying that one version of Linux is more secure than =
another
  >     version
  >       of Linux must then take the least common denominator approach? =
I'm
  >     sure Adam
  >       will be overjoyed to hear you have finally come over to his =
line of
  >     reasoning.
  >=20
  >       Geo.
  >=20
  >=20
  >
------=_NextPart_000_0026_01C44D37.8FDCF8A0
Content-Type: text/html;
        charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable








   Do you
consider all =
products with a=20
word in product name in common to be a single product?  I'm=20
surprised.  This means that all products with Linux in the name
are =

one.  Your vulnerablity numbers would be through the
roof.  Is = that=20
really how you want to spin things now?
 
Rich
 

  "Adam Flinton" <adam_NO_{at}_SPAM_softfab.com=">mailto:adam_NO_{at}_SPAM_softfab.com">adam_NO_{at}_SPAM_softfab.com=
>=20
  wrote in message news:40c5bb5c$1{at}w3.nls.net...Rich=20
  wrote:>    Adam's
claim, at least what you =
claim is=20
  Adam's, is bogus.  You want > to count redhat =
vulnerbilities you=20
  count everything in the product.  If > you want
to compare =
this=20
  count of redhat vulnerabilities to something > else that is =
fine=20
  too.  If you want to use this comparison to support
> some =

  conclusion, well, you better be comparing counts of something > =

  appropriate for the conclusion being made.  In the case of Russ, =
not=20
  > only were his numbers inaccurate, they were misleading and =
didn't=20
  > support his
conclusion.>Rich, you're
full =
of it.=20
  If you want to count "windows" vulns then by your own
reckoning =
you are at=20
  the mercy of not the tech people in MS but the marketing people =
e.g.=20
  hummmm let's have a look at say:http=">http://www.microsoft.com/windowsserver2003/sbs/default.mspx">http=
://www.microsoft.com/windowsserver2003/sbs/default.mspxor=20
  even:http:/" target="new">http:/=">http://www.microsoft.com/windowsserversystem/default.mspx">http:/=
/www.microsoft.com/windowsserversystem/default.mspx&=20
  gee guess what....there's lots of stuff which come under "Windows" =
e.g.=20
  the "Windows Small Business Server" & the
"Microsoft Windows =
Server=20
  System".Would you like me to list what
is included within=20
  "Windows" in those 2?On the Windows Server
system you can=20
  get:"=95 Windows Server 2003=95
Application Center=95 =
BizTalk=20
  Server=95 Commerce Server=95 Content Management
Server=95 =
Exchange=20
  Server=95 Host Integration Server=95 Identity Integration =
Server=95 ISA=20
  Server=95 Live Communications Server=95 Operations =
Manager=95 SharePoint=20
  Portal Server=95 Speech Server=95 SQL
Server=95 Systems =
Management=20
  Server=95 Windows Small Business Server 2003=95 Windows =
Storage=20
  Server"& gee it looks like as
part of the "Windows =
Small=20
  Business Server 2003" you get such "OS features"
as SQLServer =
&=20
 
Exchange.Adam>
Rich>  >=20
  >    
"Geo." <georger{at}nls.net">mailto:georger{at}nls.net">georger{at}nls.net
<mailto:georger{at}nls.net>>">mailto:georger{at}nls.net">mailto:georger{at}nls.net>>
=
wrote in=20
  message>     news:40c3b7f4{at}w3.nls.net...>=
    =20
  Adam claimed only the Linux kernel counted when counting vulns=20
  since>     =
embedded>    =20
  linux (or whatever it's called) was nothing more than that.=20
  You>     claimed=20
  that>     whatever
was included in the =
distribution=20
  RedHat counted as a
RedHat>     =
vuln.>=20
  >     Now I'm
claiming that if MS included =
sendmail=20
  and bind in
Windows>     2006,=20
  any>     sendmail or
bind exploits would =
count as=20
  security issues thus
making>    =20
  Windows>     2006
less secure than previous =

  versions. It appeared to me
you>     =
disagreed=20
  with>     that
logic, do you?>=20
  >     Geo.> =
>    =20
  "Rich" <{at}> wrote in message news:40c3abe5{at}w3.nls.net...>=
       =20
  I have no idea what your "least common demoninator" approach=20
  is>     so I =
can't>    =20
  comment.  I never suggested anything with that name or to which=20
  I>     would =
apply>    =20
  that name.>
>    
Rich>=20
 
>      
"Geo." <georger{at}nls.net">mailto:georger{at}nls.net">georger{at}nls.net
<mailto:georger{at}nls.net>>">mailto:georger{at}nls.net">mailto:georger{at}nls.net>>
=
wrote in=20
  message>     news:40c389bf{at}w3.nls.net...>=
      =20
  "Rich" <{at}> wrote in message news:40c363bd{at}w3.nls.net...>=
      =20
  >>   Not when trying to make apples to apples =
comparisons such=20
  as>     =
claiming>    =20
 
one>      
version is more or =
less secure=20
  than another version.  If you =
just>     want=20
  to>    =20
 
count>      
things, and you can =
tell=20
  from this discussion there
isn't>     =
agreement on=20
  what>    =20
 
or>      
how to count, then =
including=20
  bind and sendmail would result
in>     more =
things=20
 
to>      
be =
counted.<<>=20
 
>      
I see, so saying that one =
version=20
  of Linux is more secure than
another>    =20
 
version>      
of Linux must then =
take=20
  the least common denominator approach? =
I'm>    =20
  sure
Adam>      
will be =
overjoyed to=20
  hear you have finally come over to his line =
of>    =20
  reasoning.>
>      
=
Geo.>=20
  > >

------=_NextPart_000_0026_01C44D37.8FDCF8A0--

--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
SEEN-BY: 633/267 270
@PATH: 379/45 1 633/267
SOURCE: echomail via fidonet.ozzmosis.com

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.