<div dir="ltr">Dan, I agree. If you have the technical skill you can select and maintain any platform that is a less likely target of mainstream attackers, as long as in still attends to your business needs. On the Microsoft side that would be Windows 2000 I believe, maybe in 2 years Windows XP.<div>
<br></div><div>On the other hand, if you have that technical capability you could evaluate running on another OS altogether, be it Mac OS X, Chromebooks or Linux. Actually I do not understand why large organizations (governments) do not have their own version of an operating system. How many people can it take to audit and maintain a version of Linux, for example? The only effort I know of along these lines is/was in Brazil.</div>
<div><br></div><div>For normal IT organizations I think is technically and commercially easier to support the business and increase security by being on the latest versions of OS and applications. Then use any remaining technical resources to introduce variations (EMET, additional sandboxing) and invest into early detection. </div>
<div><br></div></div><div class="gmail_extra"><br clear="all"><div>-<br>Wolfgang<br></div>
<br><br><div class="gmail_quote">On Wed, Sep 18, 2013 at 6:23 AM, <span dir="ltr"><<a href="mailto:dan@geer.org" target="_blank">dan@geer.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Wolfgang, Once upon a time it was shown that the most attacked<br>
versions of software tended to be one revision off of current,<br>
leading to the strategy that you should keep up or stay well behind<br>
(like a herd animal either staying in the center of the herd or<br>
hiding in the bush but *never* being in the trailing edge of the<br>
herd as that's where the predators were). Coupled with the observed<br>
propensity of so many software houses to have upgrades that add<br>
all-but-gratuitous features, it seemed almost preferable to take<br>
the hide-in-the-bush strategy if you had any technical skill at<br>
all.<br>
<br>
Expand on this in whatever direction you can, if you like.<br>
<br>
--dan<br>
<br>
</blockquote></div><br></div>