Searching \ for '[OT]: Which Is Tastier - Apples or Oranges? (was:' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=
Search entire site for: 'Which Is Tastier - Apples or Oranges? (was:'.

Exact match. Not showing close matches.
PICList Thread
'[OT]: Which Is Tastier - Apples or Oranges? (was: '
2003\05\29@043830 by M. Adam Davis

flavicon
face
One of the nice things about NT is that if you are hacked, quite a bit
of the time you'll never know unless the attacker wants you to know (or
perhaps you are watching the detailed logs very carefully for strange
patterns, if they are even turned on.)

But to rebut your point about RH 7.2 having 158 security vulnerabilities...
Those listed include issues from the very beginning with
squid (Windows includes nothing comparable)
OpenSSH (Windows includes nothing comparable)
mod_auth_pgsql (comparable to a plugin for IIS)
Webalizer software
iptables
Two are fairly similar updates (kernel 2.4), one for early adopters, and
one for easier config

So of the first ten listed, perhaps only 3 would have been easily
compared to windows security vuilnerabilities:
New util-linux for a specific type of login program (not used by default)
Update kernel (2.4)
Updated Comprehensive Printing

Now if you extrapolate that out through the 158 vulnerabilities, then
you have 47 security vulnerabilites which could possibly have parallels
to windows XP.

Of course these aren't comparable to windows XP even after removing
those which would have no parallel to the windows software.  The reason
for this is simple:
Linux is multi-user, and is used more frequently in multuser
environments than windows is.

/Most/ of the security vulnerabilities you'll see in linux have to do
with preventing a user -which already has access to the system- from
gaining any greater access.

This would be akin to me having a basic account on one of your windows
NT or XP servers, and trying to crash it, gain greater access, run my
own services, etc.

You probably realize that windows was not designed to prevent attacks
from within the computer, and this is almost a trivial task.  Microsoft
has made little effort to prevent these types of attacks with anywhere
near the ferocity of those maintaining the hundreds of commonly used
open source packages/applications/kernels/systems/etc.

If you /really/ want to compare apples and oranges, then let's count the
number of security vulnerabilities which allow an external attacker to
gain /complete/ access to your computer for windows XP with its standard
configuration, and redhat -whatever- loaded with its standard
configuration.  Of all the security vulnerabilities listed I've seen
none (I'm sure there are some that I haven't seen) from the linux camp
which say "Exploit may allow remote code execution" whereas a ton of the
security updates from MS have that exact warning

In fact, you rarely ever see MS put any affort into a patch unless it's
/really bad/.  I suspect you could probably even take out outlook
express and IE as a source and windows would still have a greater list
of 'bad' vulnerabilities.

Microsoft has built a nice, single user system (finally!) in windows
XP.  2K server is a decent server, and the newly released (or soon to be
released) advanced server (XP or 2003, or whatever the name is) is going
to be even better.  I use windows XP exclusively for the desktop,
because I have to use applications available for it that are not
available for FreeBSD (or Linux, or, or, or) and dual booting simply
takes too long, and I don't see any reason (other than having less disk
space) to have two operating systems on my computers when one will do
all I need.  I use Novell for the servers at work, and linux for
internet services because there are so few problems with them -
maintenance is extremely low.

You have a valid point however - to those who don't understand the
differences between linux and windows and the differering views of what
is a security vulnerability it can certianly seem like linux is worse
than windows.  This is a PR problem, and MS has much more PR power than
linux, so I doubt we'll ever be rid of this particular disparity.  As
far as your anecdotal reference to being hacked, I think it would be
instructive to request information from several hosting companies with
both types of servers about succesful hacking attempts.  Given the
larger percentage of linux/unix-like servers hosted out there I would
expect more hacking on them than on windows (just as one expects more
windows viruses for desktop windows because it's used more on the desktop).

Anyway...

-Adam

James Newton, webmaster wrote:

{Quote hidden}

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2003\05\29@204410 by James Newton

face picon face
source= http://www.piclist.com/postbot.asp?id=piclist\2003\05\29\043830a

Adam, that was a well written and educational response. I guess in summary, the answer is "Linux may have more bug reports because it trys to do much more, for more people, and has more levels of access."

So... I was given an older machine (Celeron 500, 96M RAM, 20G HD) some month or so ago: If I wanted to give *nix another try, and I want to avoid being hacked... again... what flavor, version, etc... should I load? I want to offer:
1) email accounts (free to all piclist members on request)
2) list hosting (of the list if MIT ever dumps us)
3) news hosting (feed from the list with ALL emails removed)
4) fax gateway (free fax delivery to my local area)
5) minimal web hosting (for members who request *nix hosting)
6) maybe minimal SQL and scripting (PHP or PerlScript) support

---
James Newton: PICList.com webmaster, former Admin #3
.....jamesnewtonKILLspamspam@spam@piclist.com  1-619-652-0593 phone
http://www.piclist.com/member/JMN-EFP-786
PIC/PICList FAQ: http://www.piclist.com

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2003\05\29@223841 by Tal

flavicon
face
Oranges of course.

This was an easy one.

;-)

Tal


{Quote hidden}

9&e=1&u=/p
{Quote hidden}

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2003\05\31@195820 by M. Adam Davis

flavicon
face
Well, I'm not in a good position to recommend a distribution.  Were I
doing it I'd choose FreeBSD instead of Linux since they are more focused
on providing a solid server, rather than being compatible with every bit
of hardware out there and making a good desktop (though either can be
used either way and still be a good system).

However, you may want to choose something with an easier setup and
update.  Toward that end I'd recommend Suse, which has a fairly polished
setup and configuration interface, is geared towards business needs, and
has a nice package (manual, 5 CDs and 2 DVDs, etc).  I believe many
distributions have utilities to check for and install security updates
fairly painlessly for all the programs that are distrubuted with them,
not just the OS.

All of the main stuff you want below should be fairly detailed in any
good linux book.  You will want to look up Hylafax for the faxing - it's
very nice.  Other than that everything should be pretty straightforward.

I'd expect you'll need to set aside several hours for the first setup
period, then 2-3 hours a week for a month or two getting everything
settled.  After that it shouldn't require more than an hour a month to
keep ahead of most issues.

You may even want to consider a CD based distribution, where the OS and
all programs are on CD, and the user data on HD.  That way hackers would
have a very difficult time doing anything with the system once they got
in.  These are still immature, however, and would take a great deal of
time to configure just right.

Anyway, I hope these thoughts help.  The start up time costs are
non-trivial, but I suspect you may be surprised at how little
maintenance you need to spend afterwards.

-Adam

James Newton wrote:

{Quote hidden}

--
http://www.piclist.com hint: To leave the PICList
@spam@piclist-unsubscribe-requestKILLspamspammitvma.mit.edu>

More... (looser matching)
- Last day of these posts
- In 2003 , 2004 only
- Today
- New search...