I agree, that interviews should (mostly) be good questions from the interviewer and (hopefully better) answers from the interviewee. But, when your question is formulated like a conclusion with a question attached: "In order to take advantage of the most security features, users need to be running NTFS and Windows Vista. What specifically about FAT32 and Windows XP make them more vulnerable to attack?", it's not any more an interview, it's biasing the discussion towards a desired response. Adam's answer was quite clear: there is no pratical difference between xpire and vi$hta "security". As for the FAT32 question, Adam was more than polite, by pointing out the obvious.
What an uninformed reader would understand, is that he
needs to run vi$hta, to be secure - the direct implication for him is, the other OS-es are insecure, except m$'s one. That's what I call bias.
Of course, no OS is fully secure, but m$'s are notoriously unsecure - there is no benefit for consumers to paint it in a different light. Your statements were not at all neutral, and it's obvious, and I don't hide it, that I have a very critical attitude towards the business practices of m$ and their so called OS, which is geared solely to generate profit for themselves.
I also am critical on every other OS's aspects that affect it's security or functionality, and that includes OS X and unnecessarily dumbed down linuxes. The way some software vendors try to "make it easy" to the user, has direct negative implications on the security of their products, and their ecosystem. The lu$er has no clue about how it works and to what dangers he exposes himself and others. For a moment, try to conceptualize an environment in which car drivers with the equivalent average knowledge of m$ product users, were let loose. I shiver at that thought.
Your genetic variability argument would have more validity in an heterogeneous threat environment, but in our real world we have mostly a single endangered species, with almost no variability, artificially sustained by a monopolistic economic behavior. The most damaging contribution of m$ is to create the lu$er the illusion to be in control of the machine. Sadly, other vendors followed suit.
Your BIOS hack example is just another aspect of the wrong evolution caused by ignoring the KISS principle. As there are a lot of chipsets and Flash/EEPROM chips, with different programming interfaces, it's still very difficult to write a universal BIOS malware. Also, the boot block should always be write protected, to enable BIOS recovery, even if the rest of the BIOS is corrupted. CIH/Chernobyl opened the way, but it only hosed the HDD and BIOS on select M/B (TX), over a decade ago - 26 april is just a few days away
. Lessons learned? Almost none, it seems. For some penny pinching, the same chip is still used to store and update system configuration data, so it can't be easily HW write-protected.
That's small fish, you forgot the failed attempt to insert a backdoor in the linux kernel source...
I'd rather trust an open entity - linux folks are much more open on disclosing such blunders - than a corporation, who's first, and usually only, reaction is to push it under the rug.
Remember the Cisco IOS blunder? Their "solution" was litigation and gagging.
I would be more worried by trendy HW RA technologies, like intel's AMT and vPro - a single critical point of failure. If it's hacked, the damage would be incommensurable.
Facebook
Twitter
Instagram