lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200311121532.hACFWXXQ004563@ns2.mmicman.com>
From: support at mmicman.com (Edward W. Ray)
Subject: Microsoft prepares security assault on Linux

 What the MS marketing machine fails to understand is that it is easier
(IMHO) to make Linux more secure.  Pardon me while I illustrate with a
personal example:

I bought Red Hat v7.1 in April 2001.  Having no experience with the OS, I
was able to get it up and running rather easily.  As I added functionality
(DNS, e-mail, SSH, HTTP) I was greeted with a helpful user community and a
plethora of on-line documentation on how to make each service more secure,
i.e. djbdns instead of bind, postfix instead of sendmail as well as other
tools and ideas.  I finally bit the bullet a few months a go and hardened my
kernel with SELinux.  With the exception of the NSA having access, I believe
I have a more secure stable system.  And I learned a lot from my Linux
experience.

I have been experimenting with Windows 2003 for about six months now.  My
goal is to IPSec encrypt my LAN traffic.  This can be done, but you would
not know it from the conflicting knowledge base articles on the MS web site.
Tech support was little help either.  Every time I got into a network bind,
their solution was to "rebuild."  Each time I was able to fix the issue with
little or no help from tech support.  The supposed "experts", otherwise
known as MVPs in the MS newsgroups, were useless.  They know the GUI, but
they haven't a clue about the code and how it works.  From my knowledge of
IPSec gleaned from other sources (Linux and OpenBSD user groups and
documentation, IPSec newsgroups) I was able to figure out my issues and get
it to work properly.

My conclusion is this; for a newbie willing to learn and concerned about
security and stability, Linux represents a better solution than the unknown
that is MS Windows.  Other than upgrades from RH v7.1 to v7.3 to 9.0, I have
had to reboot the system three times in the past 2.5 years.  I just rebooted
all of my Windows machines for the umpteenth time last night.  Maybe if MS
marketing would have let ICF enabled by default instead of Messenger, and
Automatic Updates enabled instead of File Sharing, home as well as pro users
would have a lot less grief.

My $0.02 (and then some).

Edward W. Ray
SANS GCIA, GCIH, GCFW

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Helmut Hauser
Sent: Wednesday, November 12, 2003 5:54 AM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Microsoft prepares security assault on Linux

And another Halloween from MS, this time a bit too late this year ...

http://www.infoworld.com/article/03/11/11/HNmsassault_1.html

Hmm today is patch day for Windows or should we call it "Day of Risk" ?!
 
just my 0.002 cents,
 
Helmut Hauser
Systemadministration EDV

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ