lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: robert at timetraveller.org (Robert Brockway)
Subject: [OT] Re: Re: Knocking Microsoft

On Fri, 27 Feb 2004, James F. Wilkus wrote:

> > and now they try to make it secure. UNIX was made to be secure, and
> > now they are adding colours.
>
> This is not true.  UNIX was not  made to be secure.  Any UNIX security
> history book will tell you that.
>
> Just because you run UNIX does not make you immune to attacks.  Linux,
> with it's world  domination kick, is recruiting more  and more windows
> admins to it's  ranks.  You think that these same  windows, now linux,
> admins are going to do a  better job at securing their systems?  These
> same  admins who  can not  apply patches  before the  next major  worm
> strikes?
>
> apt-get update is easy, so is clicking on windows update...

Do you update MS-Windows production servers using windows update without
testing the updates first?  Plenty of people have done this to their
folly.

Debian (and Gentoo and Free/Net/OpenBSD as others have noted :) have a
robust system of updates.  Using Debian Stable I am confident to do live
security updates to production boxes.  I watch the services as they
restart and make sure all is ok but I won't even consider doing this with
most other Operating Systems because the security patch management is too
sloppy.

The Debian Security team backport security fixes into their source tree.
When you update a package you are only getting the update you expect - not
a bunch of other stuff as has become are to common on MS-Windows.  That is
the difference.  Even hotfixes have been known to break apparently
unrelated pieces of code in the system.

> I  think people  are  doing a  disservice by  claiming  that linux  is
> something it is not, or more accurately, generalizing all UNIX's to be
> secure.

I agree with you here.  Many commercial Unix vendors have a long way to go
to catch up with the security that many free Unices (like Debian
GNU/Linux) have out of the box.

I regularly come across people in the computer industry who have only
second or third hand knowledge of what is available with Open Source
Software (still!).  Often they are amazed at the quality of OSS and the
stability and security inherent in many free versions of Unix.  Some
people do not know what they are missing :)

Cheers,
	Rob

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ