Full Disclosure mailing list archives

RE: [inbox] Re: RE: Linux (in)security

From: Ron DuFresne <dufresne () winternet com>
Date: Thu, 23 Oct 2003 10:39:36 -0500 (CDT)

On Thu, 23 Oct 2003, Michal Zalewski wrote:

On Wed, 22 Oct 2003, Curt Purdy wrote:

http://www.linuxunlimited.com/why-linux.htm
``Properly configured and maintained, Linux is one of the
most secure operating systems available today.''


The key words here are "properly configured".


Well, once "properly configured", pretty much _any_ operating system would
make it to the top 0.01% of the most secure boxes in the world. I do not
know a single popular OS that would limit your abilities to harden it up
to a point where it is impossible to do it effectively.

I know plenty of systems that lack some nice features, and that make it
difficult to configure and manage overall system security features in a
reasonable manner to make it possible for a "seasoned novice" to find out
what has to be done, and to fine-tune his OS without breaking some stuff
or making it worse.

It's just a matter of how easy it is to properly configure and secure your
system (far beyond downloading most recent patches), and how much control
_and_ supervision you're given over this process.

Popular Linux releases do not score remarkably higher than other
well-known OSes in the above.


And yet, I think Bruce Edigar spoke well with his posting;

<quote>

And I guess you can generalize and ask why the Windows "culture" generates
so many problems of such a magnitude, that last so long?  My home office
web server got a Code Red hit on Sept 19th 2003, for example.  Other
computing cultures (Unix, Mac, etc) don't seem to exhibit this.  Why not?
Shouldn't we focus our efforts on figuring out what aspects of Linux or
Mac cultures keep epidemics from occuring?  It's certainly a waste of
breath to point out that OS X has horrendous security flaws when none of
them turn into grotesque epidemics like Sobig.f.

</quote>

Strong statement there, with solid easoning about questions that should be
answered.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: RE: Linux (in)security, (continued)
- Re: RE: Linux (in)security Thomas Binder (Oct 22)
  - RE: RE: Linux (in)security Edward W. Ray (Oct 22)
    - RE: RE: Linux (in)security Arcturus (Oct 22)
    - Re: RE: Linux (in)security Jeremiah Cornelius (Oct 22)
    - Re: RE: Linux (in)security Mr. Rufus Faloofus (Oct 22)
    - Re: RE: Linux (in)security Peter Busser (Oct 22)
    - Re: RE: Linux (in)security Cael Abal (Oct 22)
    - Re: RE: Linux (in)security Peter Busser (Oct 23)
    - RE: [inbox] Re: RE: Linux (in)security Curt Purdy (Oct 22)
    - RE: [inbox] Re: RE: Linux (in)security Michal Zalewski (Oct 22)
    - RE: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 23)
    - RE: [inbox] Re: RE: Linux (in)security Curt Purdy (Oct 23)
    - RE: [inbox] Re: RE: Linux (in)security Michal Zalewski (Oct 23)
    - RE: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 23)
    - Re: [inbox] Re: RE: Linux (in)security William Warren (Oct 23)
    - Re: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 24)
    - Re: [inbox] Re: RE: Linux (in)security Jeremiah Cornelius (Oct 23)
    - RE: [inbox] Re: RE: Linux (in)security Paul Schmehl (Oct 23)
    - RE: [inbox] Re: RE: Linux (in)security Andy Wood (Oct 23)
    - RE: [inbox] Re: RE: Linux (in)security Paul Schmehl (Oct 23)
    - Re: [inbox] Re: RE: Linux (in)security Dan Wilder (Oct 23)

(Thread continues...)