lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040228171104.GA12437@sherohman.org>
From: esper at sherohman.org (Dave Sherohman)
Subject: Knocking Microsoft

On Sat, Feb 28, 2004 at 02:18:34PM +1300, Steve Wray wrote:
> Most of the nice, friendly, easy to use package management
> systems (rpm and apt for two) usually run the daemon
> in its default configuration, immediately its installed.
> And if they don't actually run them at install time, they
> set them up to start at the next reboot (having set up the
> default symlinks in /etc/rc[1-5].d), yes, in its default configuration.
> 
> IMO this *sucks* and is every bit as bad as any M$ offering.

I will agree with you that "this *sucks* and is every bit as bad as any
M$ offering", in cases where apt/rpm installs the service by default.
Debian may run mysql and watchdog in single-user mode when they are
installed (or it may not - I've never used either of these packages,
so I don't know one way or the other), but it does not install them
unless explicitly asked to do so.

Even if we assume that every service is activated when installed
under Debian, a base Debian install still has very few active services
because very few services are installed by default.  And, as Martin
has pointed out, even when they are activated automatically, they use
a configuration which has been secured by the package's maintainer.
This is significantly different from Microsoft's historical tendency
to install and activate every service any user might ever think about
wanting by default and set most of them up with wide-open configurations.

-- 
The freedoms that we enjoy presently are the most important victories of the
White Hats over the past several millennia, and it is vitally important that
we don't give them up now, only because we are frightened.
  - Eolake Stobblehouse (http://stobblehouse.com/text/battle.html)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ