Full Disclosure mailing list archives

[OT] Re: Re: Knocking Microsoft

From: Robert Brockway <robert () timetraveller org>
Date: Sat, 28 Feb 2004 02:35:08 -0500 (EST)

On Fri, 27 Feb 2004, James F. Wilkus wrote:

and now they try to make it secure. UNIX was made to be secure, and
now they are adding colours.


This is not true.  UNIX was not  made to be secure.  Any UNIX security
history book will tell you that.

Just because you run UNIX does not make you immune to attacks.  Linux,
with it's world  domination kick, is recruiting more  and more windows
admins to it's  ranks.  You think that these same  windows, now linux,
admins are going to do a  better job at securing their systems?  These
same  admins who  can not  apply patches  before the  next major  worm
strikes?

apt-get update is easy, so is clicking on windows update...


Do you update MS-Windows production servers using windows update without
testing the updates first?  Plenty of people have done this to their
folly.

Debian (and Gentoo and Free/Net/OpenBSD as others have noted :) have a
robust system of updates.  Using Debian Stable I am confident to do live
security updates to production boxes.  I watch the services as they
restart and make sure all is ok but I won't even consider doing this with
most other Operating Systems because the security patch management is too
sloppy.

The Debian Security team backport security fixes into their source tree.
When you update a package you are only getting the update you expect - not
a bunch of other stuff as has become are to common on MS-Windows.  That is
the difference.  Even hotfixes have been known to break apparently
unrelated pieces of code in the system.

I  think people  are  doing a  disservice by  claiming  that linux  is
something it is not, or more accurately, generalizing all UNIX's to be
secure.


I agree with you here.  Many commercial Unix vendors have a long way to go
to catch up with the security that many free Unices (like Debian
GNU/Linux) have out of the box.

I regularly come across people in the computer industry who have only
second or third hand knowledge of what is available with Open Source
Software (still!).  Often they are amazed at the quality of OSS and the
stability and security inherent in many free versions of Unix.  Some
people do not know what they are missing :)

Cheers,
        Rob

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: [OT] Re: Knocking Microsoft, (continued)
- - - Re: [OT] Re: Knocking Microsoft Paul Schmehl (Feb 29)
- Re: Knocking Microsoft martin f krafft (Feb 27)
  - OT: Re: Knocking Microsoft gadgeteer (Feb 27)
    - Re: OT: Re: Knocking Microsoft Valdis . Kletnieks (Feb 27)
    - Re: OT: Re: Knocking Microsoft gadgeteer (Feb 27)
  - Re: Knocking Microsoft James F. Wilkus (Feb 27)
    - Re: Re: Knocking Microsoft Troy Solo (Feb 27)
    - Re: Re: Knocking Microsoft madsaxon (Feb 27)
    - Re: Re: Knocking Microsoft Luís Bruno (Feb 28)
    - Re: Re: Knocking Microsoft Denis Dimick (Feb 27)
    - [OT] Re: Re: Knocking Microsoft Robert Brockway (Feb 27)
    - Re: Knocking Microsoft martin f krafft (Feb 28)
- RE: [inbox] Knocking Microsoft Curt Purdy (Feb 27)
  - RE: Knocking Microsoft Steve Wray (Feb 27)
    - Re: Knocking Microsoft gadgeteer (Feb 27)
    - Re: Knocking Microsoft martin f krafft (Feb 28)
    - RE: Re: Knocking Microsoft Steve Wray (Feb 28)
    - Re: Re: Knocking Microsoft martin f krafft (Feb 28)
    - Re: Re: Knocking Microsoft Jan Lühr (Feb 29)
    - Re: Knocking Microsoft Dave Sherohman (Feb 28)
- RE: Knocking Microsoft David Vincent (Feb 27)

(Thread continues...)