Most Unsecure OS?
Chris Kelly
http://www.wininformant.com/Articles/Index.cfm?ArticleID=27428
-----
http://www.lonewacko.com/blog
The Lone Wacko Blog: bitter, twisted, and ready to rock
Ben Tels
> Yep, It's Linux:
>
> http://www.wininformant.com/Articles/Index.cfm?ArticleID=27428
Hardly, but the article is an instructive lesson in how to misuse security
advisories -- and why you have lies, damned lies and statistics. Fact of
the matter is that most of these advisories are not for one OS or another
but for specific packages that run on one OS or another -- or many
different OS'es, as the case may be. The advisory for "several SSH
implementations" is a typical example, including vulnerabilities that occur
on HP systems as well as in PuTTY (a Windows client). So is that a Windows
fault, a Unix fault, both, neither? Or the OpenSSH advisory? That isn't an
OS-specific advisory either -- OpenSSH can be compiled on Linux, other
Unices and even WinNT with Cygwin, as far as I know. So at the very least
these advisories do not support any conclusions with repect to any specific
operating system or group of OS'es.
--
Ben Z. Tels
b...@bentels.dyndns.org
opti...@stack.nl
http://www.stack.nl/~optimusb/
UIN:2474460
"The Earth is the cradle of the mind, but one cannot stay in the cradle
forever."
--Tsiolkovsky
Tim Smith
> Yep, It's Linux:
>
> http://www.wininformant.com/Articles/Index.cfm?ArticleID=27428
Wow...got any more interesting articles that were already posted nearly
two months ago and torn to shreds?
--
Evidence Eliminator is worthless: "www.evidence-eliminator-sucks.com"
--Tim Smith
Ares
"Chris Kelly" <ab...@tolstoy.com> wrote in
news:3e247d0f...@news.concentric.net...
>from http://www.wininformant.com/:
from wininformant.com, that's all we need to know.
Next.
Ares
JTK
> Yep, It's Linux:
>
> http://www.wininformant.com/Articles/Index.cfm?ArticleID=27428
He-Men Micro$oft Haters say: "WAAAAAAAAAAHHHH!!! NO IT ISN'T!!!".
On the other hand, if that read:
The He-Man Micro$oft Haters would say: "OF COURSE IT IS!!!!! SCOOTER
SAID SO!!!!!".
Ares
"Could Windows be the most secure mainstream OS available today?"
The next time Code-Red, Nimda, Melissa, I-love-you, etc (I have lost count)
wreck havoc on your computers, your networks, your data, you can always read
articles like these (if you are able to log in to the net again) and soothe
yourself with : "if it had been Linux, it would have been much, much worse"!
HAAAAAHAHAHAHAHAHAHAHAHAHAAAAA!!!!
To quoate someone from someplace:
"Irrational hype by ignorant people -- the key to MicroSoft's success!"
How does it feel to be ignorant, JTK?
Ares
Christian Gross
>Yep, It's Linux:
>
> http://www.wininformant.com/Articles/Index.cfm?ArticleID=27428
>
YEAH RIGHT....
This right after I paved my Windows 2000 Server machine with Linux.
Consider the following. I have a hardware router with most ports
blocked. Yesterday I *think* a hacker got into my system. NO IDEA
HOW... I could not perform a post mortem.
Well one would say lock down the computer so that it is secure. I did
and turned on auditing. But I think I received a denial of service
attack focusing on my adminstrator account. Result, my adminstrator
account was locked. I checked the documentation and the Internet and
learned that an administrator account (system one) will never be
locked. Well I got news, boys and girls, mine was and all of the
other accounts had their security levels reduced... In other words I
could log in to my user account, but because of reduced access rights
could not fix up the administrator account. A lock out time out did
not work because my security policies are set to lock out an account
once it is locked. Of course I assumed according to the documentation
that at the worst case I can still access my administrator account.
HA!
So I tried to recover the system using boot tools, etc. NOTHING
worked because the root account was locked. Result I had to pave the
machine.
Moral of the story, sure Windows is more secure. It is so secure that
I could not even get access to it. So I guess I will use an insecure
Linux instead....
Christian Gross
Exile In Paradise
> Chris Kelly wrote:
>> Yep, It's Linux:
>> http://www.wininformant.com/Articles/Index.cfm?ArticleID=27428
> He-Men Micro$oft Haters say: "WAAAAAAAAAAHHHH!!! NO IT ISN'T!!!".
Linux
-----
Sure, Linux is insecure.
However, I feel better running it than Windows
because I know the bugs are being found and fixed, not hidden by the
vendor.
Having the source available allows security reviewers the
opportunity to discover *all* of the bugs, as well as fix them.
IMHO, when it comes down to it... Linux doesn't have to ask the U.S.
Gov't for a legal ruling to keep its source closed "for national security"
reasons because the makers are so afraid the number of holes that will be
discovered and exploited if the source is ever revealed.
I want an OS I can boot without fear... and that's Linux.
Realistically, everyone knows that every program has bugs... some can be
exploited.
At least I can actually take a small amount of comfort in KNOWING that
Linux problems are being actively found and fixed, instead of booting
an OS with any number of "mystery meat" problems lurking that no one
can even start looking for.
> On the other hand, if that read:
> http://www.sun.com/propaganda_slash_business_plan/i_hate_microsoft_so_very_much/according_to_mcnealy_windows_is_the_most_insecure.html
> The He-Man Micro$oft Haters would say: "OF COURSE IT IS!!!!! SCOOTER
> SAID SO!!!!!".
Windows
-------
Truth is, NO ONE can say how insecure Windows is.
Some things are pretty evident... after nearly 20 years, you STILL have
to have an anti-virus program.
I will only believe Microsoft claims to security when they deliver an
OS that can be safely run for extended periods of time without one.
Windows, being closed source, hides a great number of its bugs that
way, forcing security experts to locate bugs through "black box" testing.
Bugs will be missed this way, and Microsoft has made it obvious that it
is only interested in fixing vulnerabilities that cause them to look bad
in the media. Don't take my word for it, read BugTraq.
If I had been running Windows, and heard that the maker themselves was so
afraid of how many exploits could be developed if people saw the source
that they have to ask the gov't for special dispensations, I would
switched to something else then.
The Real Question
-----------------
The real issue in OS security (or lack thereof) is the base language
its programmed in and the hardware it runs on.
Face it, C's power as a language is the very thing that makes it insecure.
Any OS written in C (Linux and to an extent Windows) is going to inherit
those vulnerabilties unless programmers take extra-ordinary efforts.
Linux programmers generally don't make the effort because its a handful
of programmers and they can't be bothered, or they are neophyte coders
who don't really understand how to prgram securely, there's what almost
all of your winformant-referenced exploits come from.
Does this mean Microsoft creates better code because they have
"professional" programmers?
No, because secure programming costs time and money, neither of which
a big company Microsoft is readily willing to spend developing, or
securing an existign codebase numbering many millions of lines of code.
Editorializing
--------------
Not to mention that Linux has a few more exploits than Windows, yet Linux
is coded by "just whoever stops by and adds some code" versus Microsoft which
(supposably) uses formal methods and QA testing and all that.
Wait... in that comparison, shouldn't all we about are Linux exploits and NEVER
hear of a Windows exploit?
Doesn't the fact that there are almost as many Windows exploits (found by
black boxing alone) as are found in an OS whose every line of source is plainly
visible demonstrate that Windows less secure? What about all of the bugs
researchers can't find because they can't see the source?
Plus, in my personal viewing of the BugTraq traffic, the Windows exploits
are almost ALL remotely exploitable through web browsing and the like...
using a problem in a BASE DLL that is part of the core OS and cannot be
"optionally" deinstalled vs. UNIX exploits where many are local only, only
affect one optional package that had to be installed extra in the first place,
or require the system admin to knowingly explose a service that turns out to
be vulnerable.
The Answer?
-----------
When it comes to programming Java, it runs on many different platforms,
making the choice of personal OS a moot one at best. Why worry about it?
One of the reasons I switched from C to Java was so that I would NOT
have to deal with structs and pointers directly again.
Java's very design makes it a more securable programming platform,
right out of the box, with the JVM playing cop to make sure I and
everyone else "play right".
Java gives you a platform to develop, deliver, and execute code in such
a way that the end-user can be more than reasonably assured that the
programmer ISN'T writing exploitable code.
The OS that the JVM runs in may be easily exploitable, but the platform
environment created BY that JVM is not so easily exploitable.
--
Exile In Paradise
I am a computer. I am dumber than any human and smarter than any administrator.
AltKey
you really are one hell of a sad sack :-)
AltKey
Ares
"AltKey" <myal...@msn.com> skrev i melding
news:3e262a81$0$78...@echo-01.iinet.net.au...
I'm lost, you must clarify:
1. A sarcastic remark (due to the :-)) implying that I'm really a lucky guy
being a Linux user? or
2. You really mean I'm a sad sack, but due to what, my name, being a Linux
user, a Windows basher, or....?
3. You meant I'm a helluva guy, top-notch, as good as they get? (I agree
with you there)
4. Or, ..................... what the hell did you mean?
Ares
Ares
"AltKey" <myal...@msn.com> wrote in
news:3e262a81$0$78...@echo-01.iinet.net.au...
HEY FUCKHEAD, KEEP YOUR GODDAMN INSULTS TO YOURSELF, ASSWIPE!