Full Disclosure mailing list archives
RE: [inbox] Re: RE: Linux (in)security
From: Ron DuFresne <dufresne () winternet com>
Date: Thu, 23 Oct 2003 10:39:36 -0500 (CDT)
On Thu, 23 Oct 2003, Michal Zalewski wrote:
On Wed, 22 Oct 2003, Curt Purdy wrote:http://www.linuxunlimited.com/why-linux.htm ``Properly configured and maintained, Linux is one of the most secure operating systems available today.''The key words here are "properly configured".Well, once "properly configured", pretty much _any_ operating system would make it to the top 0.01% of the most secure boxes in the world. I do not know a single popular OS that would limit your abilities to harden it up to a point where it is impossible to do it effectively. I know plenty of systems that lack some nice features, and that make it difficult to configure and manage overall system security features in a reasonable manner to make it possible for a "seasoned novice" to find out what has to be done, and to fine-tune his OS without breaking some stuff or making it worse. It's just a matter of how easy it is to properly configure and secure your system (far beyond downloading most recent patches), and how much control _and_ supervision you're given over this process. Popular Linux releases do not score remarkably higher than other well-known OSes in the above.
And yet, I think Bruce Edigar spoke well with his posting; <quote> And I guess you can generalize and ask why the Windows "culture" generates so many problems of such a magnitude, that last so long? My home office web server got a Code Red hit on Sept 19th 2003, for example. Other computing cultures (Unix, Mac, etc) don't seem to exhibit this. Why not? Shouldn't we focus our efforts on figuring out what aspects of Linux or Mac cultures keep epidemics from occuring? It's certainly a waste of breath to point out that OS X has horrendous security flaws when none of them turn into grotesque epidemics like Sobig.f. </quote> Strong statement there, with solid easoning about questions that should be answered. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE: Linux (in)security, (continued)
- Re: RE: Linux (in)security Thomas Binder (Oct 22)
- RE: RE: Linux (in)security Edward W. Ray (Oct 22)
- RE: RE: Linux (in)security Arcturus (Oct 22)
- Re: RE: Linux (in)security Jeremiah Cornelius (Oct 22)
- Re: RE: Linux (in)security Mr. Rufus Faloofus (Oct 22)
- Re: RE: Linux (in)security Peter Busser (Oct 22)
- Re: RE: Linux (in)security Cael Abal (Oct 22)
- Re: RE: Linux (in)security Peter Busser (Oct 23)
- RE: RE: Linux (in)security Edward W. Ray (Oct 22)
- RE: [inbox] Re: RE: Linux (in)security Curt Purdy (Oct 22)
- RE: [inbox] Re: RE: Linux (in)security Michal Zalewski (Oct 22)
- RE: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Curt Purdy (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Michal Zalewski (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security William Warren (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 24)
- Re: RE: Linux (in)security Thomas Binder (Oct 22)
- Re: [inbox] Re: RE: Linux (in)security Jeremiah Cornelius (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Paul Schmehl (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Andy Wood (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Paul Schmehl (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security Dan Wilder (Oct 23)