Full Disclosure mailing list archives
[OT] Re: Re: Knocking Microsoft
From: Robert Brockway <robert () timetraveller org>
Date: Sat, 28 Feb 2004 02:35:08 -0500 (EST)
On Fri, 27 Feb 2004, James F. Wilkus wrote:
and now they try to make it secure. UNIX was made to be secure, and now they are adding colours.This is not true. UNIX was not made to be secure. Any UNIX security history book will tell you that. Just because you run UNIX does not make you immune to attacks. Linux, with it's world domination kick, is recruiting more and more windows admins to it's ranks. You think that these same windows, now linux, admins are going to do a better job at securing their systems? These same admins who can not apply patches before the next major worm strikes? apt-get update is easy, so is clicking on windows update...
Do you update MS-Windows production servers using windows update without testing the updates first? Plenty of people have done this to their folly. Debian (and Gentoo and Free/Net/OpenBSD as others have noted :) have a robust system of updates. Using Debian Stable I am confident to do live security updates to production boxes. I watch the services as they restart and make sure all is ok but I won't even consider doing this with most other Operating Systems because the security patch management is too sloppy. The Debian Security team backport security fixes into their source tree. When you update a package you are only getting the update you expect - not a bunch of other stuff as has become are to common on MS-Windows. That is the difference. Even hotfixes have been known to break apparently unrelated pieces of code in the system.
I think people are doing a disservice by claiming that linux is something it is not, or more accurately, generalizing all UNIX's to be secure.
I agree with you here. Many commercial Unix vendors have a long way to go to catch up with the security that many free Unices (like Debian GNU/Linux) have out of the box. I regularly come across people in the computer industry who have only second or third hand knowledge of what is available with Open Source Software (still!). Often they are amazed at the quality of OSS and the stability and security inherent in many free versions of Unix. Some people do not know what they are missing :) Cheers, Rob _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: [OT] Re: Knocking Microsoft, (continued)
- Re: [OT] Re: Knocking Microsoft Paul Schmehl (Feb 29)
- Re: Knocking Microsoft martin f krafft (Feb 27)
- OT: Re: Knocking Microsoft gadgeteer (Feb 27)
- Re: OT: Re: Knocking Microsoft Valdis . Kletnieks (Feb 27)
- Re: OT: Re: Knocking Microsoft gadgeteer (Feb 27)
- OT: Re: Knocking Microsoft gadgeteer (Feb 27)
- Re: Knocking Microsoft James F. Wilkus (Feb 27)
- Re: Re: Knocking Microsoft Troy Solo (Feb 27)
- Re: Re: Knocking Microsoft madsaxon (Feb 27)
- Re: Re: Knocking Microsoft Luís Bruno (Feb 28)
- Re: Re: Knocking Microsoft Denis Dimick (Feb 27)
- [OT] Re: Re: Knocking Microsoft Robert Brockway (Feb 27)
- Re: Knocking Microsoft martin f krafft (Feb 28)
- RE: Knocking Microsoft Steve Wray (Feb 27)
- Re: Knocking Microsoft gadgeteer (Feb 27)
- Re: Knocking Microsoft martin f krafft (Feb 28)
- RE: Re: Knocking Microsoft Steve Wray (Feb 28)
- Re: Re: Knocking Microsoft martin f krafft (Feb 28)
- Re: Re: Knocking Microsoft Jan Lühr (Feb 29)