Posted on 02/16/2005 10:13:59 AM PST by ShadowAce
Linux Security ping!
Wow! An entire arcticle that says nothing.
Yes, it is. There's very few people looking for holes in the code to launch malware upon because the payoff of potential victims is so small. Also the code is wide open for anyone who may decide to one day begin looking for holes in Linux, and that includes the malware authors.
Open source proponents claim the number of "good eyes" will exceed the number of "bad eyes", but that's only their hope, they have no way of quantifying their claim. In fact, attempts to show that ANY good eyes were reviewing open source code for security issues have failed, such as this:
http://www.securityfocus.com/news/7947
I posted this partially as a discussion point, but also as a refutation of that myth.
And, of course, hiding the code has proven to work wonders, hasn't it?
I believe this is so, same with Macintosh security. The simple reason is that there installed base of Windows dwarfs the rest combined.
Now, open source MIGHT have an advantage because of the "good eyes", but that remains to be seen.
Don't bust my chops either, I have a Mandrake 10.1 installation at home, and am in the process of justifying me a miniMac purchase!
This does not address the end-user security issues, which involve millions of ignorant users running Windows on the desktop and connecting to the internet.
They would almost certainly be helped by running Linux instead, because they would be running under a user account and not as root. If you're a desktop, you don't have to offer any network services, so they'd be as close to completely secure as you can be.
Eh. Linux and Windows fanboys aside there are no absolutes in IT -- esp when programmers are involved. Linux core most likely is more secure. But like anything else, who runs 'kernel' as their enterprise service(s). Lump on the IIS, Apache, PHP, .Net, SQL, CGI, then get ready to get hacked ;)
MS FUD ALERT!!!
Not only that, they also think that Firefox/Mozilla, Opera, Lindows, Apple, (anything but Microsoft) is the world's savior and can do no wrong, never get a virus, never get spyware and never crash. And all the problems with all internet connections is the result of the villians knows as Microsoft.
Who knows... all I know is I'm spending too much time applying "fixes" to about 70 machines.
Going behind a secure, disconnected LAN next week. One gateway/firewall to the world. I'm fed up.
Err...there IS a group working at getting Linux (or at least one distribution thereof) formall certified as being military-level secure, something Windows can't claim.
(Don't have the details handy, but they're out there nonetheless.)
Linux is definately not bullet proof, but out of the box it blows Windows away, and configured by a competent security person, it makes Windows, even if configured by a competent security person look very poor.
As software becomes commodity, opensource will continue to dominate. Commercial software will be left with niche specialty verticle markets.
Not to be a stickler, but if you run Linux and then want to run IIS on it, let alone .NET you probably have issues above and beyond your security plans.
Err...I work for the DoD and our Windows sytems have overall higher classification ratings than any version of Linux.
Zone-h has taken over for attrition.org in maintiaing realtime stats for overtly compromised websites. Today, like most any other, Linux is taking a beating...
196 single IP
267 mass defacements
Linux (78.4%)
Win 2000 (14.7%)
FreeBSD (3.0%)
MacOS (1.5%)
Win 2003 (0.9%)
Win NT9x (0.4%)
SolarisSunOS (0.2%)
Before you ask, I'm at home on my lunch break. Heading back now. OUT.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.