Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Face it: Linux is insecure
Linux Watch ^ | 05 June 2006 | Steven J. Vaughan-Nichols

Posted on 06/06/2006 6:37:10 AM PDT by ShadowAce

Linux is insecure. Open source is insecure. Windows is insecure. All software is insecure.

Deal with it.

People keep having this delusion that security is a product. That, if you just buy some magic box, you'll have a program or an operating system that's as secure as Fort Knox.

It doesn't work that way. Security is a process, not a product.

Some systems are more secure than others. Linux, as anyone who pays any attention to security news knows, is a lot more secure than Windows. If we were talking cars, Linux would be a Volvo S80 and Windows would be a Ford "Hit here to blow up" Pinto.

But, any car can be hit, and any car can be hit hard enough to destroy it. It's all about the odds and driving safely.

Driving safely on a computer or a network means knowing, and using, their available security features. For example, any machine that's exposed on the Internet should have an enabled firewall.

Even OpenBSD -- in my humble opinion, the safest operating system on the planet -- is crackable, if you allow anyone to come and pound away at its network interface.

In the case of Linux, if your system doesn't come with an enabled firewall, you can use netfilter and iptables to set up either a simple or sophisticated network defense system. If you're new to firewalls, LinuxGuruz has a helpful listing of netfilter and iptables resources.

You also need to keep an eye on Linux and open-source security patches and repairs.

So, for example, when Red Hat announced last week a major security patch that fixed 16 individual flaws present in its Red Hat Desktop and RHEL (Red Hat Enterprise Linux) 4.0, you'd be well advised to install that patch sooner rather than later.

It also means that you need to know where your operating system comes from. So, if you're running CentOS, Lineox, or White Box Linux, you'd better be pestering them for their version of the Red Hat patch because all of these Linuxes are based on RHEL 4 code.

The same is true for applications. Are Firefox and Thunderbird safer than Internet Explorer and Outlook? Of course, they are. Does that mean you're safe using them without their latest patches? I don't think so!

Again, you can't drive and not eventually have a near-miss, and you can't run a networked computer without having someone seriously try to take your machine down. Security is all about weighing the threat level and doing the best you can to make sure that you're safe.

That also means taking a long, hard look at some "threats."

Last week, for instance, anti-virus software maker Kaspersky Lab claimed to have isolated a new virus, Stardust, aimed at Sun's StarOffice office suite and the open-source version of the programs, OpenOffice.

But, was this so-called macro virus a real worry? According to a NewsForge report, the "general agreement is that the Kaspersky Lab claim is an exaggeration."

I'd agree with that. Yes, if you open a strange document and enable it to run macros, something bad could happen to you. Unlike similar problems in the past with Microsoft Office macro viruses, though, any such "virus" can't attack the underlying operating system because neither StarOffice nor OpenOffice have the deep hooks into the operating system that enabled Office macros to be a real problem a few years back.

So, is there a potential problem here? Yes, potentially someone could use the macro language to cause trouble. Of course, they could also use Perl, Visual BASIC, Python, Java, etc., etc. to cause trouble.

Have I mentioned, yet, that almost any use of software has some security danger?

There are two morals to this story. The first is that while you're safer using Linux or open-source software, you're never perfectly safe. The second is, as much as you might not want to, you really must work on security with any operating system or program, or face the possibility of having a real accident on the old information superhighway.


TOPICS: Computers/Internet
KEYWORDS: linux; security; windows

1 posted on 06/06/2006 6:37:12 AM PDT by ShadowAce
[ Post Reply | Private Reply | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

2 posted on 06/06/2006 6:38:12 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce


3 posted on 06/06/2006 6:43:42 AM PDT by bwteim (begin with the end in mind)
[ Post Reply | Private Reply | To 2 | View Replies]

To: ShadowAce
It doesn't work that way. Security is a process, not a product.

Some systems are more secure than others. Linux, as anyone who pays any attention to security news knows, is a lot more secure than Windows. If we were talking cars, Linux would be a Volvo S80 and Windows would be a Ford "Hit here to blow up" Pinto.

Not much to disagree with here..

4 posted on 06/06/2006 6:48:02 AM PDT by N3WBI3 ("I can kill you with my brain" - River Tam)
[ Post Reply | Private Reply | To 1 | View Replies]

To: bwteim

Hopefully, we'll get decent discussion on this topic as our resident troll is not currently posting.


5 posted on 06/06/2006 6:48:42 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 3 | View Replies]

To: ShadowAce

Let me start it off...

Linux sucks.
Windows sucks.
Apple sucks.
Linux is the best thing since sliced bread.
Windows is the best thing since sliced bread.
Apple is the best thing since sliced bread.

Only acutal Unix is worthy.

Does that pretty much cover it?


6 posted on 06/06/2006 6:52:02 AM PDT by Poser (Willing to fight for oil)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Poser
Does that pretty much cover it?

LOL! Almost. Don't forget which OS the commies use...

7 posted on 06/06/2006 6:53:12 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Poser
You left out OpenBSD, you insensitive clod. ;-)
8 posted on 06/06/2006 7:59:54 AM PDT by Salo
[ Post Reply | Private Reply | To 6 | View Replies]

To: Salo

Everybody knows that the Vic20 is still the best computer. Commodore rocks!


9 posted on 06/06/2006 8:09:06 AM PDT by Poser (Willing to fight for oil)
[ Post Reply | Private Reply | To 8 | View Replies]

To: ShadowAce; Salo; N3WBI3
Anyone have experience with this:

m0n0wall

***************************************

About m0n0wall
m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software). m0n0wall is based on a bare-bones version of FreeBSD, along with a web server (thttpd), PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent. m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.

10 posted on 06/06/2006 8:28:54 AM PDT by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 7 | View Replies]

To: N3WBI3; ShadowAce
Systems also tend to never me more secure than the most gullible user accessing it.
11 posted on 06/06/2006 8:29:24 AM PDT by KoRn
[ Post Reply | Private Reply | To 4 | View Replies]

To: Ernest_at_the_Beach

One of our network guys brought that to my attention, I have not had a chance to impliment it at home yet but from the looks of it its a nice tool..


12 posted on 06/06/2006 8:30:22 AM PDT by N3WBI3 ("I can kill you with my brain" - River Tam)
[ Post Reply | Private Reply | To 10 | View Replies]

To: ShadowAce
"Linux is insecure"

That WOULD explain all the bragging about penis size.

13 posted on 06/06/2006 8:35:40 AM PDT by Still Thinking (Disregard the law of unintended consequences at your own risk.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Still Thinking

And the vette!


14 posted on 06/06/2006 8:41:53 AM PDT by N3WBI3 ("I can kill you with my brain" - River Tam)
[ Post Reply | Private Reply | To 13 | View Replies]

To: N3WBI3

And the run, and all the mini-OS fluffies. Oh, the humanity!


15 posted on 06/06/2006 8:43:14 AM PDT by Still Thinking (Disregard the law of unintended consequences at your own risk.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: N3WBI3
Erps, meant to say "And the rug..."
16 posted on 06/06/2006 8:43:55 AM PDT by Still Thinking (Disregard the law of unintended consequences at your own risk.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: KoRn
Systems also tend to never me more secure than the most gullible user accessing it.

Truer words were never spoken.

Not a darn thing you can do about some incredibly stoooopid users. 

Best you can do is make as sure as you can that their stupidity is limited to damaging just that user's data rather than anything else. 

17 posted on 06/06/2006 9:21:28 AM PDT by zeugma (I reject your reality and substitute my own in its place.)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Salo

you got something against freeBSD?


18 posted on 06/06/2006 12:57:37 PM PDT by postaldave (McCain & Bush, you traitorous !#!$!!s. you two are no different then ted kennedy.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: N3WBI3
Some systems are more secure than others.

Not much to disagree with here..

This goes along with what we've been saying for a while--no system is perfectly safe, but market share alone is not the reason why Linux is safer than windows.

19 posted on 06/06/2006 2:01:57 PM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Poser

You mean the Commodore 64. The C64 was vastly superior to the VIC-20 in almost every way. Even at $595, you got a lot of bang for your buck with the C64...just a shame they had flaky power supplies which overheated all the time...oh yeah, and the Commodore 1541 floppy drive was probably the slowest floppy drive on the face of the earth (unless the Mattel Aquarius had a floppy drive...but thankfully it didn't have one).


20 posted on 06/07/2006 9:44:29 PM PDT by bigdcaldavis (Xandros : In a world without fences, who needs Gates?)
[ Post Reply | Private Reply | To 9 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson