nightjar nightjar@ wrote:

However, it is their relative obscurity that protects them much better than
their relative security. If there were serious money to be made from
breaking them, as there is with MS products, it is unlikely that they would
fare a great deal better.

Not sure that adds up... The large installed base of MS products will
make them an attractive target, but I don't think you can cite that as
the only reason for their apparent lack of security. MS has only
recently jumped on the security bandwagon, prior to that they paid it
little attention at all, preferring to concentrate on adding features.

Remember that MS do not dominate in the server space. One of the most
common OSs about must be IOS from Cisco. As deployed in critical
internet routers and gateways the world over. Highly attractive (and
profitable) target for the black hat community, but in comparison
relatively few compromises despite a massive installed user base.

There are far more internet servers out there running Solaris or Dead
Rat with Apache, Tomcat, PHP etc, but the vast majority of the
compromises affect the less common Windows / IIS setups.

--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/