Void's Forums

hi all,

I found this to be a bit funny...A security expert says,

The evangelical Linux view of Unix as being immune to malware because of its intrinsic security is based more on wishful thinking than on fact. A well-secured and properly patched Windows installation (I'm thinking NT and its derivatives here, of course) is more secure than the average out-of-the-box Linux machine, especially a desktop machine used by a single individual who always runs as root. Unix is not and never has been automatically secure. Looking at vulnerabilities lists and vendor advisories, we see a constant stream of security patch releases.

Why on earth would he compare Windows users to a person running r00t in GNU/Linux??


Read the article here:-
http://www.securityfocus.com/infocus/1695

007

Well, I don't plan on reading the article because your quote pretty much sums it up that it's probably not worth reading. Duh, let's see.....an OS patched and kept up to date and buttoned down security wise vs an OS that's out of the box and run by an idiot...the idiot will lose every time. On the other hand if you want to keep both of them patched and up to date, I'll take the one with the steady stream of patches to fix vulnerabilities that are merely days or hours old no matter how trivial they may seem vs the OS that hides vulnerabilities for periods of months/years. And I prefer having the source so if that above isn't fast enough I can come up with a patch myself. I hate waiting on other people to determine whether my priorities fall in line with theirs.

The biggest security problem with Windows is not the OS; it's the idiots who believe in it.

True story:

A while back I got an attachment to an e-mail. Windows showed the attachment to be a .txt file. I saved it to floppy (without opening it) and poked it a bit. Turns out that it was a .txt.bat file. For my "convenience" Windows hid the extra extension. This was at work. Our sysadmin is a true windroid. He has our freaking network so locked down that it's barely usable from off-site. So I thought that he might have some interest in this attachment, which with a bit more poking turned out to be a W32 script.

I brought the floppy up to this idiot who then put it into his (networked Windows) computer and he executed it. At that moment this moron sysadmin unleashed the Klez virus onto our network. I wanted to warn him of a threat to his system, a probable virus that had penetrated his "defenses" but because I don't like Windows, he considers me to be computer illiterate, or at least seriously misguided. He's the same jerk who more recently told me to "grow up and learn to appreciate Windows."

It isn't the OS. It's the idiots who believe in it. The OS is just a mediocre way for people who don't need or want to work with computers to interface with them on some level. The real problem is with people, especially sysadmins and IT directors and people who write articles like this one who really believe the slop that Redmond feeds them.

Just my $.02

Jim

well all I know is this. My system is safer than it was. I have no trojans on my system (to the best of my knowledge), Trojans will have a difficult time getting out even if they make it on to my system, my security programs do not decide that the fact that a Quake II file mentions the word gun it is a malicious piece of code, and that since installing Linux I have not had one single occurance of a security breach, unlike on windows where I had people trying to beat their way onto my system all day long. Trojans constantly appearing and viruses.

No I would have to say that GNU/Linux is simpler to secure, simpler to update security, and anyone stupid enough to run their system out of the box without paying attention to security deserves everything they get.

And I have no idea where his secure M$ Windows comes from. A three year old security flaw in the NT system that is vulnerable even after being patched, cannot even patch part of the NT range, and has so many attack vectors that they don't even know if it can be patched properly without a complete redesign of the system.