lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <54420000.1066943057@utd49554.utdallas.edu>
From: pauls at utdallas.edu (Paul Schmehl)
Subject: RE: Linux (in)security

--On Thursday, October 23, 2003 02:34:35 PM -0500 Ron DuFresne 
<dufresne@...ternet.com> wrote:
>
> There's a vast difference in having to backout patches in complex
> production env;s and having a poor patch affect all or most every end
> desktop/home users system too though.
>
And I don't recall the last time that we had to back out a patch in an over 
3500 Windows machines environment.  In fact, in the last seven years, I can 
only recall two incidents where a patch had to be backed out, and both of 
those were servers with special applications on them.

I'm not saying that it doesn't happen.  It's just not as ubiquitous as some 
seem to think it is.  There isn't a vast difference between patching 
Windows and patching *nix.  At least not in my experience, which includes 
every version of Windows, RedHat 7-9, Solaris 7-9, OpenBSD 2.6-3.2, FreeBSD 
4.7-5.1, Mac 0S 6-X and Gentoo.  (I've installed others but don't have much 
patching experience on them because I usually dumped them quickly because I 
didn't like them.)

Every OS has its problems, and every OS has to be patched.  And patching is 
a PITA no matter what OS it is.  Some are just more of a PITA than others.

The myth of the vast superiority of *nix over everything else (WRT security 
and patching) is just that - a myth.

But this conversation has been going on for over 20 years and nothing has 
ever been settled.  Nor will it be.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ