> We need to distinguish between Linux/Apache and other-UNIX/Apache.
> Specifically, there's at least Solaris, Tru64 and AIX besides Linux in this
Yes, IIRC total apache = 60%, linux/apache = 33%
> It isn't just IIS; the Nimda beast exploited, IIRC, 18 separate
> vulnerabilities in the Windows / IIS complex, including shared files.
Sure are a lot of vulnerabilities there...
> I've actually heard of cases where *Linux* systems exporting filesystems
> with Samba had Nimda code stuffed down their throats!
Define "stuffed down their throats".
We have samba servers here (Linux, Solaris, HPUX)
and while the windows clients stored infected files on
the samba fileservers, the servers themselves were
> If this code had been
> Linux-executable rather than Windows-executable -- if the virus had been
> smart enough to know it was dealing with a Samba rather than a Windows share
> and had been able to differentiate between Windows executables and Linux
> executables --
Yes, the command most likely would fail, since
it would run as the remote samba user, not
> hmmm ... do you see what I'm getting at??? In other words,
> UNIX systems of *all* stripes that export filesystems with Samba need to
> track mods to executables just like a virus scanner does on a Windows
> system. *That's* what I mean by vigilance.
Oh yes, vigilance is indeed due, but please let's
not lump all OSes together and pretend there
are no differences!
> The security features are there in Windows if the users and sysadmins are
> willing to implement them.
Shipped very unsecure, and most windows
programs would cease to operate or could
not be installed if the security measures
> Windows NT has had C2 available for quite some
> time; they couldn't sell to DOD if they didn't.
Ah yes, the checklist item - C2, as long as there is
no floppy disk, and no network interface - you install
either of those items, and no more C2 for windows.
The difference is, there are Unix systems that are
both secure, and fully functional.
> I don't see any such advantage.
We are not living in the same world.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to email@example.com
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/