In message <HBEHIIBBKKNOBLMPKCBBIENPDNAA.znmeb@aracnet.com>, "M. Edward Borasky
" wrote:
>2. The Linux community should *not* believe that we are less vulnerable than
>Microsoft! We are less vulnerable *now* only because Linux is not as
I need not believe - I just see it now.
>widespread as Windows. Were Linux, say, half of the market, the
>vulnerability would be equal. The difference is strictly the number of
Plain simply wrong - Linux has more than 50% in the "Internet
server market" (even if some company's propaganda department's do not
admit this).
Attacker choose the weakest target (this is usually also the largest,
but not necessarily).
>available hosts for these parasitic codes, not anything inherent in the
>details of Windows or Linux, or in the organizational mechanisms (corporate
>giant vs. "brutal meritocracy", closed source vs. open source, etc.).
It is "the details" that matter in this area.
M$ sells their software with the "everyone can install it, use, etc.
because it is user-friendly[0], it does exactly what the user needs,
it does everything automatically, etc." argument (which is plain simply
wrong[1]).
Therefore lots of people install and run servers on the web without really
knowing what they are doing. Apparently they think that they install
it and it runs on its own (which is wrong).
The learning curve on a U*ix system with some appropriate server
software on it s much steeper. So if you get such a system on the web
you are forced to know more about it (and usually at one point
you get to people who basically force you to think about security or
other areas).
You could run a "secure" Win*server or workstations on the Net, but his means
that
-) you install all relevant patches immediately (not ASAP - immediately).
-) you disable all kinds of automatic code execution features (which
means disabling all the nifty features, setting all hosts to
"internet zone", disable Active-X and JavaScript[2] completely, etc.).
If you would do this, you could as well run the service on a U*ix
system because the functional features are the same and you get
patches much earlier (how long took the tear-drop patch for WinNT ?).
>In fact, I suspect that the open source for Linux gives creators of vicious
>attack codes a *slight* advantage, since the vulnerabilities are there for
You should also list the disadvantages, not only one argument if you
you want to be serious.
>anyone to read and exploit before they are found by an alert Linux
>community. And if Linux is to succeed in the enterprise, we in the community
>owe it to ourselves to *enhance* that alertness -- indeed, to be more
>vigilant on security issues -- even if it's at the expense of some of our
>more favorite activities, like performance tweaking.
Read the usenet and you will see a significant difference.
Until then you are trolling.
[ TOFU-Mail deleted ]
Bernd
[0] : Does anyone know why there are that much Win*-Books on the
shelves if the software is so easy to use ?
[1] : If a server is badly administered the sysadmin of that server is
also partly guilty (even if he didn't have a clue) - you should
also blame them.
[2] : This should actually be disabled on all browsers on the world.
Actually this should be removed completely.
--
Bernd Petrovitsch Email : bernd@gams.at
g.a.m.s gmbh Fax : +43 1 205255-900
Prinz-Eugen-Straße 8 A-1040 Vienna/Austria/Europe
LUGA : http://www.luga.at
This archive was generated by hypermail 2b29 : Sun Oct 07 2001 - 21:00:13 EST