Jon Lasser, 2002-05-15
Unix and Linux security owes much to openness and public disclosure, but Microsoft is too far gone for sunshine to do any good.
Colapse all |
Post comment
...Until Microsoft redesigns from the ground up
2002-05-16
Matthew Kauffman (2 replies)
Matthew Kauffman (2 replies)
...Until Microsoft redesigns from the ground up
2002-05-16
Anonymous (2 replies)
Anonymous (2 replies)
Really...
The premise that Linux is more secure is fundementally a flawed argument. What is the basis for this statement? Maybe the number of reported deficiencies/incidents?
What are the authors qualifications with regard to operating system design?
If product A has 100 users and 10 repor...
[ more ] [ reply ]
The premise that Linux is more secure is fundementally a flawed argument. What is the basis for this statement? Maybe the number of reported deficiencies/incidents?
What are the authors qualifications with regard to operating system design?
If product A has 100 users and 10 repor...
[ more ] [ reply ]
...Until Microsoft redesigns from the ground up
2002-05-18
Anonymous
Anonymous
>Additionally the more widely used a platform the more third >party applications that will be developed for it. The more >third party applications the greater possibility of >vunerabilites.
But you forgot apache and IIS...
>Along the same lines, the more widely used the platform the >more peop...
[ more ] [ reply ]
But you forgot apache and IIS...
>Along the same lines, the more widely used the platform the >more peop...
[ more ] [ reply ]
...Until Microsoft redesigns from the ground up
2002-05-20
manually adding html tags to be safe (1 replies)
manually adding html tags to be safe (1 replies)
Good argument.. except blackhats aren't targeting thier own boxen. Blackhats at least used to target servers much more than home machines. The prize is much bigger. You get a lot more when you crack a server. Look at the latest Netcraft survey:
Developer March 2002 Percent April 2002 Percent...
[ more ] [ reply ]
Developer March 2002 Percent April 2002 Percent...
[ more ] [ reply ]
...Until Microsoft redesigns from the ground up
2002-05-16
Anonymous (1 replies)
Anonymous (1 replies)
Really...
The premise that Linux is more secure is fundementally a flawed argument. What is the basis for this statement? Maybe the number of reported deficiencies/incidents?
What are the authors qualifications with regard to operating system design?
If product A has 100 users and 10 repor...
[ more ] [ reply ]
The premise that Linux is more secure is fundementally a flawed argument. What is the basis for this statement? Maybe the number of reported deficiencies/incidents?
What are the authors qualifications with regard to operating system design?
If product A has 100 users and 10 repor...
[ more ] [ reply ]
...Until Microsoft redesigns from the ground up
2002-05-20
Anonymous
Anonymous
While you have a point, I'd like to point out a couple things.
First of all, with Linux you have a certain amount of control over your security that's lacking for Windows. Think one of the daemons that comes with your distribution is insecure? Replace it with a different version. Don't want fi...
[ more ] [ reply ]
First of all, with Linux you have a certain amount of control over your security that's lacking for Windows. Think one of the daemons that comes with your distribution is insecure? Replace it with a different version. Don't want fi...
[ more ] [ reply ]
Memo to Microsoft: Stay Secretive, Please
2002-05-16
Not Really Anonymous (1 replies)
Not Really Anonymous (1 replies)
I have to agree with Mr.Lasser. Eventhough I would also like Microsoft to release their code, it would turn out to be a disaster.
Just think, whats the percentage of businesses rely on Microsoft technology?
Now think, if Microsoft released their code, the amount of individuals who would _au...
[ more ] [ reply ]
Just think, whats the percentage of businesses rely on Microsoft technology?
Now think, if Microsoft released their code, the amount of individuals who would _au...
[ more ] [ reply ]
Memo to Microsoft: Stay Secretive, Please
2002-05-17
blane (1 replies)
blane (1 replies)
I can not really agree. Security through Obscurity never works. The Source Code for Windows 2000 and possibly other Versions are in the hands of blackhats already. The damage done "undercover" is far worse and cannot be estimated. If the damage was known to the public there would be much more pressu...
[ more ] [ reply ]
[ more ] [ reply ]
RE: Memo to Microsoft: Stay Secretive, Please
2002-05-17
Not Really Anonymous (1 replies)
Not Really Anonymous (1 replies)
I have never been a fan of security through obscurity, but lets say they even released the office code. Would you or your clients be able to protect yourselves from the amount of exploits that will be produced? While waiting for Microsoft to catchup and provide patches? (*This is assuming that yo...
[ more ] [ reply ]
[ more ] [ reply ]
Another Linux/Unix Apologist Overlooks the Obvious
2002-05-16
Anonymous (7 replies)
Anonymous (7 replies)
Open source does not me more secure and I wish that the Linux/Unix apologists would stop saying that. Patches go out for Unix and Linux systems all the time. The key here is the vigilence and expertise of the engineer installing and supporting the system, not necessarily the OS itself.
What abo...
[ more ] [ reply ]
What abo...
[ more ] [ reply ]
Another Victim Overlooks the Obvious
2002-05-16
Anon (1 replies)
Anon (1 replies)
Ah, yes! The 'who-you-gonna-sue' argument! Tell us, when was the last time you sued M$ for causing $BILLIONS worth of damage because of "certified" code? You use code you can pay for, but get LESS security, and NO accountability. Yet you feel safe and secure, because the box has a name on it.
...
[ more ] [ reply ]
...
[ more ] [ reply ]
Another Linux/Unix Apologist Overlooks the Obvious
2002-05-16
Anonymous
Anonymous
By this logic, Microsoft should have been sued out of business after any one of the IIS worm fiascos, right?
What? They haven't been sued?
Oh, right, their license prohibits that.
Even with proprietary code there's nobody to go after.
At least with open source you can fix it yourself, or...
[ more ] [ reply ]
What? They haven't been sued?
Oh, right, their license prohibits that.
Even with proprietary code there's nobody to go after.
At least with open source you can fix it yourself, or...
[ more ] [ reply ]
Another Linux/Unix Apologist Overlooks the Obvious
2002-05-17
Anonymous (1 replies)
Anonymous (1 replies)
Read the EULA. You may be able to blame microsoft while you
are talking to your boss but you sure as hell cannot sue them
for a bug in their software. This leaves you in the SAME boat
as open source.
-find bug
-report bug
-clarify bug with support or developer
-wait until patch is released
The big d...
[ more ] [ reply ]
are talking to your boss but you sure as hell cannot sue them
for a bug in their software. This leaves you in the SAME boat
as open source.
-find bug
-report bug
-clarify bug with support or developer
-wait until patch is released
The big d...
[ more ] [ reply ]
Another Linux/Unix Apologist Overlooks the Obvious
2002-05-17
Anonymous Unix Gal (1 replies)
Anonymous Unix Gal (1 replies)
Well, with all of this bickering - I just have to say that we should give benefit to Microsoft for opening up the PC market home base. I doubt I'd ever want a Unix/Linux box that with all of this "open source" code that has limited application functionality that I need to complete my daily activiti...
[ more ] [ reply ]
[ more ] [ reply ]
Another Linux/Unix Apologist Overlooks the Obvious
2002-05-20
Anonymous (1 replies)
Anonymous (1 replies)
I agree that Open Source apps have been lacking in the past, but they've gotten significantly better recently. Check out Open Office 1.0, Ximian Evolution 1.x, and Gnucash for some great examples of real, usable open-source office applications.
...
[ more ] [ reply ]
...
[ more ] [ reply ]
Re: Another Linux/Unix Apologist Overlooks the Obvious
2002-05-24
Not Really Anonymous
Not Really Anonymous
I would have to agree with this post. I use to think that I needed Microsoft to get my job done. I just recently moved all my home systems over to linux and have lost very little productivity and I even use GnuCash :) instead of Quicken now. I use linux eventhough Im addicted to OpenBSD, because ...
[ more ] [ reply ]
[ more ] [ reply ]
Another Corp Slave overlooks reality
2002-05-17
Anonymous
Anonymous
Instead of buying the code and paying the support, paying the lawyers that sue the vendor in case something does go wrong, finding out that you can't sue the vendor because of EULA's etc... getting an audit by the vendor and finding out there were still some unlicensed copies of a piece of software ...
[ more ] [ reply ]
[ more ] [ reply ]
Another Linux/Unix Apologist Overlooks the Obvious - Rebuttal
2002-05-17
Anonymous (5 replies)
Anonymous (5 replies)
My original post was cut off before the end I believe. I was focusing on two things:
1) There is the castigation of MS and security deficient code when such code is prevelant throughout ALL OS's. I challenge ANYONE to point to bullet-proof code. If any one of the flavors of Linux, Unix, NetWa...
[ more ] [ reply ]
1) There is the castigation of MS and security deficient code when such code is prevelant throughout ALL OS's. I challenge ANYONE to point to bullet-proof code. If any one of the flavors of Linux, Unix, NetWa...
[ more ] [ reply ]
Another Linux/Unix Apologist Overlooks the Obvious - Rebuttal
2002-05-17
Anonymous
Anonymous
When has Microsoft ever been held accountable for anything?
Although you do make one good point *all* OSs have faults. Trying to say that one is more secure than the other is like comparing apples and oranges. Ultimately it depends on the administrator taking care of the machine and the vendor s...
[ more ] [ reply ]
Although you do make one good point *all* OSs have faults. Trying to say that one is more secure than the other is like comparing apples and oranges. Ultimately it depends on the administrator taking care of the machine and the vendor s...
[ more ] [ reply ]
Come back to earth SpaceMonkey - I rebutt your rebutt
2002-05-17
Anonymous (1 replies)
Anonymous (1 replies)
1) No, there is no 'BulletProof' OS, but proper programming methodologies do exist and I seriously doubt that you could make the argument that Microsoft has ever heard of them. Properly secured APIs and restricted system access are the hallmarks of a properly designed OS - not spaghetti code and un...
[ more ] [ reply ]
[ more ] [ reply ]
Come back to earth SpaceMonkey - I rebutt your rebutt
2002-05-21
Anonymous (2 replies)
Anonymous (2 replies)
Can you please come up with some examples of NT/W2K's
insecurity at the OS level? I see the problems at the
application level many times, but so do I for Unices and
Linux.
To clarify, my question is pointed at the server offerings
from Microsoft, not the desktop ones. Even all the 'Hack- ...
[ more ] [ reply ]
insecurity at the OS level? I see the problems at the
application level many times, but so do I for Unices and
Linux.
To clarify, my question is pointed at the server offerings
from Microsoft, not the desktop ones. Even all the 'Hack- ...
[ more ] [ reply ]
Come back to earth SpaceMonkey - I rebutt your rebutt
2002-05-23
Anonymous
Anonymous
> Can you please come up with some examples
> of NT/W2K's insecurity at the OS level?
Haven't seen an update from Gene, but probably around somewhere.
http://www.cerias.purdue.edu/coast/ms_penetration_testing/
I agree applications are more important.
Face it Linux is only about 18MB o...
[ more ] [ reply ]
> of NT/W2K's insecurity at the OS level?
Haven't seen an update from Gene, but probably around somewhere.
http://www.cerias.purdue.edu/coast/ms_penetration_testing/
I agree applications are more important.
Face it Linux is only about 18MB o...
[ more ] [ reply ]
Come back to earth SpaceMonkey - I rebutt your rebutt
2002-05-24
Anonymous
Anonymous
Example of insecurites at the OS level of NT & 2K?
1.) Passwords - No matter how long or confusing you make a pw in Win 2K or NT, the OS breaks it into sections that make decoding a trivial matter.
2.) Ability to auto-login. NO OS should even think about giving you the ability to auto-login. Not...
[ more ] [ reply ]
1.) Passwords - No matter how long or confusing you make a pw in Win 2K or NT, the OS breaks it into sections that make decoding a trivial matter.
2.) Ability to auto-login. NO OS should even think about giving you the ability to auto-login. Not...
[ more ] [ reply ]
Another Linux/Unix Apologist Overlooks the Obvious - Rebuttal
2002-05-20
Anonymous
Anonymous
1. Such code may be prevalent but peer pressure to produce better code from the outset is almost an imperative of open source; there are exclusions however. Nothing is black and white regarding this issue.
2. And you think that MS is more accountable than a "basement hacker". I've seen turnaround...
[ more ] [ reply ]
2. And you think that MS is more accountable than a "basement hacker". I've seen turnaround...
[ more ] [ reply ]
Not "a teenager in Croatia".
2002-05-20
Anonymous
Anonymous
> 2) The issue of recourse is important. I want someone up
> front accountable, someone who's bottom line is customer
> service, not a voluteer hacking away in a basement. I am
> not taking about suing, I am talking about accountability.
How is Microsoft accountable? They specifically explain...
[ more ] [ reply ]
> front accountable, someone who's bottom line is customer
> service, not a voluteer hacking away in a basement. I am
> not taking about suing, I am talking about accountability.
How is Microsoft accountable? They specifically explain...
[ more ] [ reply ]
Another Linux/Unix Apologist Overlooks the Obvious - Rebuttal
2002-05-20
Anonymous
Anonymous
I admit. I am biased--I really, really despise MS. They do tend to stifle competition, newly termed "innovation".
That aside, no one is arguing that there is a Single Bug-free OS, but there are valid arguments about the frequency of patches for MS products. For easy comparison, look at IIS a...
[ more ] [ reply ]
That aside, no one is arguing that there is a Single Bug-free OS, but there are valid arguments about the frequency of patches for MS products. For easy comparison, look at IIS a...
[ more ] [ reply ]
Memo to Microsoft: Stay Secretive, Please
2002-05-21
Anonymous
Anonymous
MS cannot go open source because it is to big of a nightmare to even consider. In addition, they are not able to maintain backward compatiblity to that degree from the different versions within their own code, only to a released API level. Further, they have demonstrated they are even unable to re...
[ more ] [ reply ]
[ more ] [ reply ]
Memo to Microsoft: Stay Secretive, Please
2002-05-21
Anonymous
Anonymous
I must say, I like the mention of MFC (Microsoft Foundation Classes). They are a massive improvement on the Win32API, and make development in C++ far easier. They have small, occasional quirks (as do all API's/wrappers), but all in all they are an excellent set of tools. By providing the source as p...
[ more ] [ reply ]
[ more ] [ reply ]
Let's Be Real
2002-05-21
Anonymous
Anonymous
Let's talk about security. With any OS, you tie down security for the system before putting it on the net. Everyone can agree that most compromised systems are due to some lapse in security. Unneeded services or daemons, not locking down the system, default passwords, etc. I have set Windows ser...
[ more ] [ reply ]
[ more ] [ reply ]
Memo to Microsoft: Stay Secretive, Please
2002-05-21
blacklight (1 replies)
blacklight (1 replies)
I haven't heard of a single case anywhere in this country within the last twenty years where an aggrieved customer successfully sued a software vendor. Therefore, the ability to sue software vendors is a really questionable standard of software selection, a red herring and a demonstration of bad fai...
[ more ] [ reply ]
[ more ] [ reply ]
Memo to Microsoft: Stay Secretive, Please
2002-05-23
Anonymous
Anonymous
The NSA do release the changes they have proposed for Linux.
See Security Enhanced Linux.
I just don't think most people are that interested in having
secure systems.
The common problems are still buffer overflows and other memory
overwriting problems. Most of these problems can easily ...
[ more ] [ reply ]
See Security Enhanced Linux.
I just don't think most people are that interested in having
secure systems.
The common problems are still buffer overflows and other memory
overwriting problems. Most of these problems can easily ...
[ more ] [ reply ]
Another attempt at trying to get fired
2002-05-24
Someone fire this guy :\
Someone fire this guy :\
Lasser seems to be screwing up lately. I've yet to see an informative article in months. Is he trying to get fired or is this just his attitude towards life? "Complain enough about off-topic interests and maybe they'll fire me!"
Pfftt...
Maybe SecFoc will get a new Unix guy if he keeps up.....
[ more ] [ reply ]
Pfftt...
Maybe SecFoc will get a new Unix guy if he keeps up.....
[ more ] [ reply ]
If the choice is between a never-ending stream of band-aid patches, while the underlying mess never gets cleaned up, or opening up the who...
[ more ] [ reply ]