Barry Shein uttered, in the course of one of his boring anti-MS rants, the
following:-
To my mind there's a difference between, say, a sendmail vulnerability
which is discovered and a patch issued within hours and a virus which
can infect Windows95/98/NT/XP/2000/ME and probably other versions
which are releases spanning several years. See:
http://www.symantec.com/avcenter/venc/data/pf/backdoor.jeem.html
I realize you want to attack MS for some reason and just launch into these
rants as opportunity knocks, but might I suggest that if you compare time
from detection to fixing (in the sendmail case) with time from issue of the
first system that could be vulnerable up to present date in the Microsoft
case you are comparing two very different things.
Jeem was first detected Nov 15 2002. So you can't measure a span of years
from discovery. *nix buffer overruns were first detected long before that
and many remained unfixed for years.
Tom Thomson
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg