| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <444E79C2.8090907@sdf.lonestar.org>
Date: Tue Apr 25 20:34:41 2006
From: bkfsec at sdf.lonestar.org (bkfsec)
Subject: What is wrong with schools these days?
Bill Stout wrote:
>You know, having made a few NTexploit lists in the past, I wanted to
>make the point the M$ was less secure. Unfortunately the facts were
>against me.
>
>Two IIS 6.0 vulnerabilities reported from 2003-2006
>http://secunia.com/product/1438/
>Twenty-eight Apache 2.0 vulnerabilities reported from 2003-2006
>http://secunia.com/product/73/
>
>Paul is right.
>
>I would never suggest a Windows admin use UNIX, or visa-versa. A
>product is only as secure as it's configured.
>
>
>
Facts and statistics are two different things, my friend.
I'm not saying that Paul's specifically wrong... he's not. Just that
those statistics aren't the end of the road for the "facts". Lots of
other factors play into things.
What I usually say is that if run by a clueful administrator with an eye
to system audit, control, and security, a Free Software system _can_ be
made more secure than a proprietary system, particularly a Microsoft
based solution.
Now, given equal setup time, resources, and management backing for the
project -- well, that may be a different story. But you can't blame the
*nix systems for being hamstrung by a lack of resources. :)
I stand by that statement. And would happily point out that if you run
any system without configuring it with an eye to security, you're
probably going to have a problem.
-bkfsec
Powered by blists - more mailing lists