| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200401181651.i0IGpWvV018297@ms-smtp-02-eri0.texas.rr.com> From: mailinglists at wjnconsulting.com (Wes Noonan) Subject: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause > On Sun, 18 Jan 2004, Wes Noonan wrote: > Why? Name one virus for Linux that AV software would have protected > against, that a noexec /tmp wouldn't have. Security isn't about protecting against old threats; it's about protecting against new threats. If running virus protection has the potential to protect against new threats, than it is worth running. If an IDS/IPS has the potential to protect against new threats, than it is worth running. If a personal firewall has the potential to protect against new threats, than it is worth running. Security is about a total process, not a specific product or application. > We're a 7-person shop with a budget of $0 for software. I'd love to > see a Microsoft shop with a similar software budget. I'd love you to show me a 700, 7000 or 70000 person shop that can say that. Frankly, you just illustrated a point here, whether you intended to or not. When you are a small shop that has the expertise, you can do anything you want. When you are a large shop, you no longer have that ability. You have to think big. You have to think about things like "what if David, who is the only person who really knows our systems, leaves. Where does that leave us"? This is especially true in cases where you have free software being offered with no support. Microsoft, whether you want to admit it or not, learned that long ago. They learned that the need was there for OSes and applications that are tremendously portable between people. They learned that not everyone in IT is a developer or has the skills or capabilities to write and compile custom code to suit there every need, and frankly not everyone needs to. They learned that companies want support and they don't want to have to rely on "Joe the admin" who is the only one who can recode and recompile the application if there is a problem. Some Linux companies are learning these lessons as well. You can see that in the tremendous leaps and bounds of usability and functionality that they have made. > Why should I spend money, time and energy trying to secure a basically > un-securable system, when I can not spend money, spend a whole lot > less time and energy, and have a more secure system? Microsoft is only un-securable for those who don't know how to secure it (the same can be said of Linux of course). Clearly, you seem to know Linux. Equally clearly, to me at least, you don't seem to know Microsoft very well. You claim, repeatedly, that Linux is so much easier to secure. I believe that this is directly related to your level of expertise on Linux. Similarly you claim, repeatedly, that Microsoft is impossible to secure. I believe, similarly, that this claim is directly related to your level of expertise on Microsoft. While to you it may take less time and energy to harden a Linux system compared to Microsoft, I would point out that there are a lot of other folks who would probably be able to argue and prove the opposite - that it is much easier and takes less time and energy to harden Microsoft than Linux. Heck, I can guarantee you that I can harden a Microsoft system infinitely better than I could a similar Linux system. Someone else pointed out that no OS is bug free, which is a truism. The ability to harden a system, if one knows what they are doing, is also a truism. > So unless you investigate alternative systems seriously, you're just > ensuring a monopoly situation, which guarantees bad software. > Complacency and defeatism have no place in the fight to secure our > computers. The more and more you post, the more things like this you write, the more clear it becomes that your position has little more than a religious passion for Linux and a religious dislike of Microsoft backing it with little other real substance. Protestants, Catholics. Muslims, Jews. Penguinistas and Microsofties. It isn't about securing our computers, it's about not using Microsoft. It's an old, tired, pointless argument. :shrug: Wes Noonan mailinglists@...consulting.com http://www.wjnconsulting.com
Powered by blists - more mailing lists