Full Disclosure mailing list archives
Re: RE: Linux (in)security
From: Peter Busser <peter () adamantix org>
Date: Thu, 23 Oct 2003 11:11:24 +0200
Hi!
You're investing a significant amount of time into convincing us that linux boxes sitting on the internet (even when completely up to date and reasonably locked down) aren't 100% secure. Rest easy, each and every one of us knows this.
I would certainly hope so. :-) What I try to point out (and fail to do so it seems) is that there are relatively simple methods that can already help quite a bit to improve secutity of a Linux box. If you read the following URL: http://groups.google.com/groups?selm=20030525190037%2470c6%40gated-at.bofh.it You'll see that one box got hacked 37 times in a year. The other box 0 times. The difference: A kernel patch called PaX. It seems to me that not all insecurity is created equal.
The point raised by others in this thread (which you seem to object to, although you haven't really responded to) is that linux (operated by a knowlegable user) is 'stronger' than a similar Microsoft box.
How relevant, the wooden house vs. the grass house argument. The fact that MS-Windows is less secure does not make Linux more secure. I think it is even counter productive. If MS-Windows was perceived as more secure than Linux, people would spend a lot of time improving the security of Linux systems. Now there is the idea that it is not worth the effort, because Linux is after all secure. Groetjes, Peter Busser -- The Adamantix Project Taking trustworthy software out of the labs, and into the real world http://www.adamantix.org/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Linux (in)security Schmehl, Paul L (Oct 22)
- Re: RE: Linux (in)security Thomas Binder (Oct 22)
- RE: RE: Linux (in)security Edward W. Ray (Oct 22)
- RE: RE: Linux (in)security Arcturus (Oct 22)
- Re: RE: Linux (in)security Jeremiah Cornelius (Oct 22)
- Re: RE: Linux (in)security Mr. Rufus Faloofus (Oct 22)
- Re: RE: Linux (in)security Peter Busser (Oct 22)
- Re: RE: Linux (in)security Cael Abal (Oct 22)
- Re: RE: Linux (in)security Peter Busser (Oct 23)
- RE: RE: Linux (in)security Edward W. Ray (Oct 22)
- RE: [inbox] Re: RE: Linux (in)security Curt Purdy (Oct 22)
- RE: [inbox] Re: RE: Linux (in)security Michal Zalewski (Oct 22)
- RE: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Curt Purdy (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Michal Zalewski (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security William Warren (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 24)
- Re: RE: Linux (in)security Thomas Binder (Oct 22)
- Re: [inbox] Re: RE: Linux (in)security Jeremiah Cornelius (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Paul Schmehl (Oct 23)