Ok.. but has BSD been attacked on the scale that MS code has? I would argue no, not even close. Do you believe BSD is invulnerable to attack? Hardly..

I don't believe anybody is claiming that. However, the BSD code has been out *and* has been publicly scrutinized for quite a bit longer than Windows.

Unless you want to go back to text based browsers and kernals that fit on a floppy, it is extermely difficult to eliminate all vulnerabilities in the code of a sophisticated OS. The more complex the system, the easier it is to break, and with the level of automation currently expected by most users, this requires a very complex build.

However, Microsoft creates complexity by design, because they integrate more and more stuff into the basic OS, and because all the various applications gain more features with each new release.

Could MS be made more secure, of course. Do I think they are actively working on the problem, yes.

Looks to me like they are actively working in two directions: - Trying to make the systems more secure by teaching developers to think about security, etc. - Trying to make the systems less secure, by making them steadily more complex. (And please don't try to tell me the *users* are demanding all the new features that MS put into the systems.) It will be interesting to see which direction wins out in the long run.

If Novell or Mac had risen to the top of the OS heap, would they be catching all the viruses now? I think they would.

They would certainly be catching viruses. Would they be catching *as many* viruses as MS? We don't know.

Really, my point was not to argue this, but that there is no justification for malicious code, that you can't simply pawn it off on MS as being the real problem.

However, you can certainly argue that MS is *part of* the problem, or that they have *created* a large part of the problem themselves. Steinar Haug, Nethelp consulting, sthaug@nethelp.no