In message <HBEHIIBBKKNOBLMPKCBBIENPDNAA.znmeb@aracnet.com>, "M. Edward B=
orasky
" wrote:
>2. The Linux community should *not* believe that we are less vulnerable =
than
>Microsoft! We are less vulnerable *now* only because Linux is not as
I need not believe - I just see it now.
>widespread as Windows. Were Linux, say, half of the market, the
>vulnerability would be equal. The difference is strictly the number of
Plain simply wrong - Linux has more than 50% in the "Internet =
server market" (even if some company's propaganda department's do not =
admit this).
Attacker choose the weakest target (this is usually also the largest, =
but not necessarily).
>available hosts for these parasitic codes, not anything inherent in the
>details of Windows or Linux, or in the organizational mechanisms (corpor=
ate
>giant vs. "brutal meritocracy", closed source vs. open source, etc.).
It is "the details" that matter in this area.
M$ sells their software with the "everyone can install it, use, etc. =
because it is user-friendly[0], it does exactly what the user needs, =
it does everything automatically, etc." argument (which is plain simply
wrong[1]). =
Therefore lots of people install and run servers on the web without reall=
y
knowing what they are doing. Apparently they think that they install =
it and it runs on its own (which is wrong).
The learning curve on a U*ix system with some appropriate server =
software on it s much steeper. So if you get such a system on the web
you are forced to know more about it (and usually at one point =
you get to people who basically force you to think about security or =
other areas).
You could run a "secure" Win*server or workstations on the Net, but his m=
eans
that
-) you install all relevant patches immediately (not ASAP - immediately).=
-) you disable all kinds of automatic code execution features (which
means disabling all the nifty features, setting all hosts to =
"internet zone", disable Active-X and JavaScript[2] completely, etc.).=
If you would do this, you could as well run the service on a U*ix =
system because the functional features are the same and you get =
patches much earlier (how long took the tear-drop patch for WinNT ?).
>In fact, I suspect that the open source for Linux gives creators of vici=
ous
>attack codes a *slight* advantage, since the vulnerabilities are there f=
or
You should also list the disadvantages, not only one argument if you =
you want to be serious.
>anyone to read and exploit before they are found by an alert Linux
>community. And if Linux is to succeed in the enterprise, we in the commu=
nity
>owe it to ourselves to *enhance* that alertness -- indeed, to be more
>vigilant on security issues -- even if it's at the expense of some of ou=
r
>more favorite activities, like performance tweaking.
Read the usenet and you will see a significant difference.
Until then you are trolling.
[ TOFU-Mail deleted ]
Bernd
[0] : Does anyone know why there are that much Win*-Books on the
shelves if the software is so easy to use ?
[1] : If a server is badly administered the sysadmin of that server is
also partly guilty (even if he didn't have a clue) - you should =
also blame them.
[2] : This should actually be disabled on all browsers on the world.
Actually this should be removed completely.
-- =
Bernd Petrovitsch Email : bernd@gams.at
g.a.m.s gmbh Fax : +43 1 205255-900
Prinz-Eugen-Stra=DFe 8 A-1040 Vienna/Austria/Europe
LUGA : http://www.luga.at
--==_Exmh_-1382517796P
Content-Type: application/pgp-signature
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Exmh version 2.2 06/23/2000
iQBVAwUBO7g3I6/rvrblD00BAQI/hwH+IDHY8chP2hvzORybIaFWid9sLQspjtKw
SI3tEfJs9gBjRtNZ6ZjfxknvJnohMX2t97Pfty6QnoRx9DxoNHbrIA==
=kLn/
-----END PGP MESSAGE-----
--==_Exmh_-1382517796P--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/