At security conferences and events, I have noticed that the distribution of operating systems seems to differ somewhat from what I read in the papers. As my last post showed, the Internet Identity Workshop skewed decidedly in the Mac direction.
I thought it would be fun to put together a quick poll asking the members of the securitymetrics.org mailing what operating systems they used. I sent out a note asking the membership to respond to two simple questions:
ZDNet’s Ryan Naraine blogs about Joanna Rutkowska’s blog post on Vista security. Joanna pointed out that Vista’s Mandatory Integrity Control feature has a few implementation flaws and seems to default to prompting for admin credentials whenever setup apps run. EWeek’s Joe Wilcox asked me to comment on the imbroglio which I was happy to do. I also posted a lengthy comment on Joe’s story, which for posterity I reprint here.
Rudolph Araujo, a contributor to the securitymetric.org mailing list, forwarded on a link to a Red Herring article about a new Cybertrust study on the impact of the Zotob worm by Russ Cooper.
Cybertrust has an interesting model… when major security incidents happen, they make a habit of canvassing a wide group of companies that have agreed to participate. Looks like they are up to about 700 or so participants, not all of which are their customers. I actually really like and appreciate that Cybertrust takes the time to do this, although in this particular example I think they raised more questions than they answered.