From: Adam Flinton 

Rich wrote:

>    Do you consider all products with a word in product name in common to
> be a single product?

Gee MS obviously do coz it's an MS product, MS webpages, MS marketing etc.
Are you really dissing MS to that extent?

> I'm surprised.  This means that all products with
> Linux in the name are one.

You have in the past tried to claim products which don't have Linux in the
name nor which are linux only applications (e.g. GAIM) as part of linux so
please at least get your position straight & consistent.

>  Your vulnerablity numbers would be through
> the roof.  Is that really how you want to spin things now?
>

You are at the mercy of MS marketing. If they decide (like they did with IE
& WMP) that something should be part of Windows & covered by the
Windows moniker then the fault lies with them. As for vulns going through
the roof, best get onto MS marketing as they've obviously decided that
following the debacle of calling everything ".Net" now everything
has to live under "Windows" not me.

Adam


> Rich
>
>
>     "Adam Flinton"      > wrote in message
>     news:40c5bb5c$1{at}w3.nls.net...
>     Rich wrote:
>
>      >    Adam's claim, at least what you claim is Adam's, is bogus.
>     You want
>      > to count redhat vulnerbilities you count everything in the
>     product.  If
>      > you want to compare this count of redhat vulnerabilities to
>     something
>      > else that is fine too.  If you want to use this comparison to
>     support
>      > some conclusion, well, you better be comparing counts of something
>      > appropriate for the conclusion being made.  In the case of Russ, not
>      > only were his numbers inaccurate, they were misleading and didn't
>      > support his conclusion.
>      >
>
>
>     Rich, you're full of it. If you want to count "windows"
vulns then by
>     your own reckoning you are at the mercy of not the tech people in MS
>     but
>     the marketing people e.g. hummmm let's have a look at say:
>
>     http://www.microsoft.com/windowsserver2003/sbs/default.mspx
>
>     or even:
>
>     http://www.microsoft.com/windowsserversystem/default.mspx
>
>     & gee guess what....there's lots of stuff which come under
"Windows"
>     e.g. the "Windows Small Business Server" & the
"Microsoft Windows
>     Server
>     System".
>
>     Would you like me to list what is included within
"Windows" in those 2?
>
>     On the Windows Server system you can get:
>
>     "• Windows Server 2003
>     • Application Center
>     • BizTalk Server
>     • Commerce Server
>     • Content Management Server
>     • Exchange Server
>     • Host Integration Server
>     • Identity Integration Server
>     • ISA Server
>     • Live Communications Server
>     • Operations Manager
>     • SharePoint Portal Server
>     • Speech Server
>     • SQL Server
>     • Systems Management Server
>     • Windows Small Business Server 2003
>     • Windows Storage Server"
>
>
>     & gee it looks like as part of the "Windows Small
Business Server 2003"
>     you get such "OS features" as SQLServer & Exchange.
>
>
>     Adam
>
>
>      > Rich
>      >
>      >
>      >     "Geo."      > wrote in message
>      >     news:40c3b7f4{at}w3.nls.net...
>      >     Adam claimed only the Linux kernel counted when counting
>     vulns since
>      >     embedded
>      >     linux (or whatever it's called) was nothing more than that. You
>      >     claimed that
>      >     whatever was included in the distribution RedHat counted as a
>     RedHat
>      >     vuln.
>      >
>      >     Now I'm claiming that if MS included sendmail and bind in Windows
>      >     2006, any
>      >     sendmail or bind exploits would count as security issues thus
>     making
>      >     Windows
>      >     2006 less secure than previous versions. It appeared to me you
>      >     disagreed with
>      >     that logic, do you?
>      >
>      >     Geo.
>      >
>      >     "Rich"  wrote in message
news:40c3abe5{at}w3.nls.net...
>      >        I have no idea what your "least common demoninator"
>     approach is
>      >     so I can't
>      >     comment.  I never suggested anything with that name or to which I
>      >     would apply
>      >     that name.
>      >
>      >     Rich
>      >
>      >       "Geo."      > wrote in message
>      >     news:40c389bf{at}w3.nls.net...
>      >       "Rich"  wrote in message
news:40c363bd{at}w3.nls.net...
>      >       >>   Not when trying to make apples to apples comparisons
>     such as
>      >     claiming
>      >     one
>      >       version is more or less secure than another version.  If
>     you just
>      >     want to
>      >     count
>      >       things, and you can tell from this discussion there isn't
>      >     agreement on what
>      >     or
>      >       how to count, then including bind and sendmail would result in
>      >     more things to
>      >       be counted.<<
>      >
>      >       I see, so saying that one version of Linux is more secure
>     than another
>      >     version
>      >       of Linux must then take the least common denominator
>     approach? I'm
>      >     sure Adam
>      >       will be overjoyed to hear you have finally come over to his
>     line of
>      >     reasoning.
>      >
>      >       Geo.
>      >
>      >
>      >

--- BBBS/NT v4.01 Flag-5