lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0310231037210.10050-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: [inbox] Re: RE: Linux (in)security

On Thu, 23 Oct 2003, Michal Zalewski wrote:

> On Wed, 22 Oct 2003, Curt Purdy wrote:
>
> >> http://www.linuxunlimited.com/why-linux.htm
> >> ``Properly configured and maintained, Linux is one of the
> >> most secure operating systems available today.''
> >
> > The key words here are "properly configured".
>
> Well, once "properly configured", pretty much _any_ operating system would
> make it to the top 0.01% of the most secure boxes in the world. I do not
> know a single popular OS that would limit your abilities to harden it up
> to a point where it is impossible to do it effectively.
>
> I know plenty of systems that lack some nice features, and that make it
> difficult to configure and manage overall system security features in a
> reasonable manner to make it possible for a "seasoned novice" to find out
> what has to be done, and to fine-tune his OS without breaking some stuff
> or making it worse.
>
> It's just a matter of how easy it is to properly configure and secure your
> system (far beyond downloading most recent patches), and how much control
> _and_ supervision you're given over this process.
>
> Popular Linux releases do not score remarkably higher than other
> well-known OSes in the above.

And yet, I think Bruce Edigar spoke well with his posting;

<quote>

And I guess you can generalize and ask why the Windows "culture" generates
so many problems of such a magnitude, that last so long?  My home office
web server got a Code Red hit on Sept 19th 2003, for example.  Other
computing cultures (Unix, Mac, etc) don't seem to exhibit this.  Why not?
Shouldn't we focus our efforts on figuring out what aspects of Linux or
Mac cultures keep epidemics from occuring?  It's certainly a waste of
breath to point out that OS X has horrendous security flaws when none of
them turn into grotesque epidemics like Sobig.f.

</quote>

Strong statement there, with solid easoning about questions that should be
answered.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ