The OS which is omnipresent, the discovery of the code being accessed by the HACKERS could be fatal, leading to more attacks , Microsoft whole business model is based on maintaining the secrecy to code have not only opened the debate how secure are our application / business are on WINDOWS platform. Unlike LINUX (being Open-source) there is no verify how susceptible is windows to brute-force attack, its TIME TO MAKE WINDOWS an OPEN-SOURCE
AFAIK, it�s only a couple of thousand lines of code, not the entire code base that�s stolen. This could give away how things hold together, but I doubt if that would be substantial enough to learn about the entire OS and do things around it (unless its some core/kernel stuff). Well, I wonder is it really possible for MS security issues to get any worse!?
If you look at Windows Server 2003, Microsoft have certainly cleaned up their act. There are a few critical updates, but far less than previous iterations. As far as making Windows open source, dont count on it. How exactly do you plan on forcing Microsoft to open the source to their operating systems?
Mark Fletcher - http://www.markfletcher.org/blog I had some Java certs, but they're too old now...
I wonder... Why is it such a critical weakness allowing crackers to invade every single Windows machine that a few thousand out of millions of lines of code of Windows were leaked by someone? Why at the same time do you claim it's a strength of Unix that millions of lines of code for that are available to those same crackers? Seems to me (and reality agrees) that there's a far greater threat from Unix exploits than there is from Windows exploits. Of course Windows exploits hit more people because more people run Windows, but the number of DIFFERENT exploits for Unix and their potential for causing trouble is larger simply because more core machines on the net run Unix. Packages like sendmail are so riddled with security holes they're a disgrace, yet the vast majority of Unix machines run them. There's regular attacks on them, but they don't seem to care...
Why is it such a critical weakness allowing crackers to invade every single Windows machine that a few thousand out of millions of lines of code of Windows were leaked by someone? Why at the same time do you claim it's a strength of Unix that millions of lines of code for that are available to those same crackers?
Because open-source code is inspected by people who want to find bugs and fix them, and then the fixes are incorporated into the distribution. Do you honestly think anyone is going to find a bug in that leaked MS code, send it to MS and say "I found a bug in the leaked code, it seems to still be in XP, here's the patch" and MS is going to patch XP and send out an update quickly? Doubtful, since MS has been sending threatening snail-mail letters to people it suspects of having downloaded the code in the first place. There are black hats looking at the open-source code too, of course, but they're outnumbered by the good guys. Microsoft is guaranteeing that there are no good guys. Despite what you said about sendmail (and sendmail is far from perfect, I agree,) UNIX server admins tend to apply patches with regularity, and patches for new security holes come out quickly. Also, there are many other MTAs available, so not all sites run sendmail. And of course, sendmail, qmail, and all the other open-source MTAs run on multiple hardware platforms, so there's quite a variety of different systems. This tends to slow trojans, viruses, and hackers down; any given security hole only affects a fraction of systems, just as biodiversity creates a healthy ecosystem. You can contrast this to the Microsoft monoculture in which a single virus can spread around the globe in hours. You know that saying about "If you outlaw guns, then only outlaws will have guns?" In open-source, everybody's got a gun. With MS, only the sheriff and the bad buys do -- everybody else is standing around, helpless, waiting to become a collateral damage statistic.