Posted on 04/13/2005 6:32:56 AM PDT by chronic_loser
Ryan Naraine - eWEEK
The Microsoft security train made its scheduled monthly stop on Tuesday, dropping off eight updates to cover 18 vulnerabilities in a range of widely deployed products.
Five of the eight advisories are rated "critical" and Redmond officials are urging customers to apply at least three immediately as high-priority updates.
The top three include fixes for high-risk flaws in Microsoft Corp.'s implementation of the TCP/IP stack; a cumulative patch for the Internet Explorer browser; and a patch for a remote code-execution hole in the enterprise-focused Microsoft Exchange Server.
So why do you put up with it?
Alas, Linux is not free of such problems, either. If you're using a commercial Linux distribution such as Mandrake, Novell SuSE, Linspire, etc. they have update sections to install new code to remove vulnerabilities to old code.
If it's broke, fix it.
I got six of 'em this morning.
Seems like it would be relatively easy to modify the operating system so that only programs that are installed using an authorized keyword, that encrypts the beginning of the executable code with a valid signature, would run on your computer.
You buy a new application, and when you install it, it calls for you to provide a key that is specific to your processor. When you enter that key, it encrypts a value into the executable that combines with the executable and turns to jibberish that only your machine can understand.
If someone sends you an application that is not registered, authorized, or a virus, it just won't run without you first applying a key to it.
Oh.. sorry, there I go again.. THINKING!
Most of these vulnerabilities are in network services such as the web servers, FTP servers, the RPC portmapper, etc.
If you are a home user using Linux as a desktop, you shouldn't be running any network services.
It all your TCP/IP connections are outbound, and you're not running as root, you shouldn't have much to worry about.
Separation of administrative accounts from user accounts is already built into Unix/Linux.
For that matter, it is also built into Windows, but Microsoft foolishly encourages users to run routinely under an administrative account. The cartoon-like GUI covers up important security functions you should be using.
Why the complaints? Operating systems today are incredibly complicated. Of course there are bugs and security problems. I give MS credit for putting such a high priority on expediting the fixes and spending a lot of money on publicizing the importance of security.
They could have just brushed this under the rug. Instead, they are confronting and dealing with it honestly.
There's no such thing as an operating system that can't be hacked, one way or another. But, knock on wood, I haven't actually caught a virus for the past seven or eight years, although I've been emailed hundreds of them.
Hackers, spammers, and spyware distributors are the problem, not Microsoft.
Running Solaris and Linux here, with no problems.
People are amused when I call the standard Windows XP blue-and-orange color scheme "the Fischer-Price interface". Think about the toy boxes you've seen in the stores!
Day before yesterday, I applied a slew of their critical updates and immediately afterward could not use Firefox as my preferred browser. When my internet service dials in, it initially defaults to IE, which I then close in order to surf in safety. I'm beginning to hate Microsoft and I think I'll make the move to Linux.
The light begins to shine... LOL!
The problem is that the default installs for commercial Linux distributions aren't exactly tightly secure, and more and more hackers are targeting Linux machines to cause mischief.
I beg to differ.
The default install of most desktop Linux distributions do not enable any network services. You have to log on as root and install and enable them yourself.
Of course, if you take a distro that is designed to run on a corporate server, you might get a different set of services.
Linspire (formerly Lindows) dumps you in as root by default, and doesn't bother to prompt you to create a user account.
I agree that is bad. But most of the regular Linux desktop distros practically force you to create a user account, and warn you explicitly about using root.
So, you have the phenomenon of insecure distros being selected by clueless users, and that's a combo that's likely to result in bad things somewhere down the road. This is not likely to enhance the reputation of Linux as a secure operating system in the minds of the general public, regardless of how accurate we might think that perception to be.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.