Posted on 03/22/2005 10:11:59 AM PST by ShadowAce
Tech ping
Not a Red Hat fan. Or Mandrake.
I like Debian. Haven't tried Gentoo, but have heard good things about it.
I've been tempted to try Arch. I've read a couple of good reviws about it. It's based on LFS and Slack, I believe.
I ran Slackware years ago, but have been using Debian for years now.
ROFLMAO!!! Who is he trying to kid?
Interesting the Linux crowd admits good security comes from careful configuration.
Funny, when I configure a Windows server, I'm careful how I configure it, too.
The other metric measured how much time lapsed between public disclosure
Ah, yes, the disclosure that Microsoft doesn't make until it has a patch in the works vs. the immediate disclosure of Linux bugs when they are discovered.
That's the key, who administers it and how. And the Linux crowd is finally having to take that position, since figures like these can't be blamed on Microsoft funding the study.
"During calendar year 2004, the Windows platform recorded 52 vulnerabilities, while the default Linux installation included 174 vulnerabilities and the bare-boned version had 132 known flaws."
No one. Red Hat is notorious.
Funny, when I configure a Windows server, I'm careful how I configure it, too.
Thank you for that post! No matter what platform your managing, care needs to be taken if it's going to be exposed to the open net. Default configurations are rarely appropriate.
I've configured both Unix and Windows platforms, and none of it is "configure and forget." That's just asking for trouble.
"During calendar year 2004, the Windows platform recorded 52 vulnerabilities, while the default Linux installation included 174 vulnerabilities and the bare-boned version had 132 known flaws."
You deny this claim? Then refute it.
One thing that really amused me was when I started investigating web server vulnerabilities, and found out how many different Unix based servers had huge security holes.
Default installation?
DEFAULT INSTALLATION?
Anybody who uses the DEFAULT INSTALLTATION has no idea what they are doing, and it doesn't matter what platform they use, they are going to have LOTS OF PROBLEMS.
Try counting up the software installed on the "Windows Platform" vs the software installed on the "Linux installation"
You'll find the Linux installation has hundreds of different pieces of software included -- many performing the same function.
That's why anyone who knows what he's doing sets up a Linux server bare-bones, then installs the applications and services needed to perform its function. A web server set up this way slashes deep into the Linux vulnerability count, a firewall even more.
Given that they consider mere counting tally marks to be a security assessment, I'm not sure how much faith in their judgement.
a more correct wording is ...Windows platform admitted 52 vulnerabilities.... windows seems to only publish vulnerabilities which others already know about, or to which they already have fixes, whereas the open source folks publish the vulnerabilities immediately so as many folks as possible will come up with the best fix.
interesting isn't it that Microsoft *copyrights* its bugs, so as to supress anyone from publishing them...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.