Announcement

Collapse
No announcement yet.

Linux... too many security vulnerabilities for comfort?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    But Bascule, no one would want to hurt SourceForge, they're Open Source, Hackers only want to take down Micro$uck.
    "Those who would willingly trade essential liberty for temporary security are deserving of neither." --Benjamin Franklin

    Comment


    • #17
      Originally posted by bascule
      Yes, and this has a known attack vector for 2.6 series kernels.
      Not to mention as far back as the 2.2-series kernels as well. Granted, this could be happening to any OS, but the rash of not-entirely-unrelated vulnerabilities spanning several major kernel revisions has me rather less than happy with the (lack of) extensive code review of kernel source submissions.

      ...which is, of course, vulnerable to the three system level compromises I linked in my original post.
      To be fair: that's depending on the patchlevel and architecture.

      Comment


      • #18
        Originally posted by 0versight
        i dont mind applying security patches.......I can apply these things all day, its kind of fun. Thing is, in Windows.....when I apply a patch, reboot. That shit gets fuckin annoying after awhile.
        As opposed to Linux kernel vulnerabilities, where you download the kernel source, reconfigure, recompile, reinstall, and reboot...
        45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
        45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
        [ redacted ]

        Comment


        • #19
          "the vulnerabilities are just as likely. what may differ is how likely people are to find them. the problem is that either way, the people most likely to find vulnerabilities are the people looking for them.."

          Anybody here doubt that all OS's, open-source or proprietary, will eventually
          suffer vulnerabilties and exploitations of same as long as there is someone
          willing to take the time necessary?
          Skipping the 'security = process' and kernel bigotry, I agree with simple3 above:

          give me the armor with holes in it that I can patch, not the stuff I have to wait
          for someone else to 'fix' when they see fit.

          Comment


          • #20
            Rather than resurecting old threads, how bout you lurk a bit and get up to speed.

            I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me

            Comment


            • #21
              Maybe it took him 5 months to come up with an intelligent reply. :p

              Comment


              • #22
                Originally posted by astcell
                Maybe it took him 5 months to come up with an intelligent reply. :p
                Ok, now that was funny.
                If there is a Church of WiFi, then this is it's !

                Comment


                • #23
                  Microsoft seems to be claiming victory against Linux.

                  http://www.microsoft.com/windowsserv...s/default.mspx


                  I think this article is a bit slanted myself....

                  Comment


                  • #24
                    Originally posted by Clp727
                    Microsoft seems to be claiming victory against Linux.

                    http://www.microsoft.com/windowsserv...s/default.mspx


                    I think this article is a bit slanted myself....

                    Well...it is true that Windows has a lower Total Cost of 0wnership:
                    http://www.immunitysec.com/downloads/tc0.pdf
                    perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'

                    Comment


                    • #25
                      Originally posted by Clp727
                      I think this article is a bit slanted myself....
                      Check out the comment from Noid four up from your post.

                      Comment


                      • #26
                        Oops! Sorry Scroo, and Noid as well. I shoulda known this would've already been covered. I did perform a search in this forum. I swear! I hope the forum logs can verify.
                        Sorry guys.

                        I had just read that article and it left me feeling a bit angry. I have always been a windows user, and have recently been playing with BSD and linux within MS Virtual PC '04. I am hoping to make the change. From what I have seen from performing the installations, Linux seems to be more secure from the start. I have Win 2003 server running on another system at home. I feel that it has some improved security features when compared to 2000 server. But these are features that I see in all of the linux disros that I've played with so far, even RedHat 7.3. I have alot to learn, but my perseption of linux has been that it is at least equal to MS, just not as well known.

                        I know that TCO is something that the corp. execs will look at. But I had always figured that if a network admin and his staff were planning to migrate to a unix/linux platform (or the network had always been a unix/linux network) then TCO would be equal or less expensive. Naturally, I would expect that experienced admins would be administering the linux systems. But then again, I have never been in the possition to actually compare the cost.

                        Sorry again scroo. Thanks for goin' easy on me.

                        Comment


                        • #27
                          Speaking of security vulnerabilities (it is the topic), I wonder about the good old days of DOS 3.2. Sure there were viruses, but no Internet as we have today to assist in the spread. Were there any real vulnerabilities with DOS back in the day? Seems everyone is searching out or creating 32-bit Windows vulnerabilities.

                          Comment


                          • #28
                            Talk about digging up old threads... I'm pretty sure you're joking (DOS 3.2?!?!), but just to poke the fire:

                            You are asking about vulnerabilities in a (mostly) non-networked, single-threaded operating system. I'm not sure what the goal would be (ruin data/system?), but I'm sure some fun was cooked up using TSRs. I couldn't say for sure, but I was very active in my local BBS community and any "viruses" I encountered were programs that simply misbehaved when executed. Without any sort of memory protection, cracking a DOS box would be simple ... if, that is, you could just get the end-user to do something stupid.

                            Comment


                            • #29
                              I knew enough to do a memcheck and see the gfree ram, if the number is not what it ought to be I knew something bad was loaded. With no hard drive to infect only the dual floppies were vulnerable, but it still held dBaseII and other important data. Maybe in those days we did not have crackers?

                              Comment


                              • #30
                                Originally posted by Clp727
                                Oops! Sorry Scroo, and Noid as well. I shoulda known this would've already been covered. I did perform a search in this forum. I swear! I hope the forum logs can verify.
                                Sorry guys.
                                No big. In fact, if you hadn't performed a search, this thread would still be worm food, so we know you did that ;) As a memo to anyone else who may stumble across this, though, for God's sake check to see if the thread has had any recent activity. If not, it's probably best to just let it lie.

                                I have always been a windows user, and have recently been playing with BSD and linux within MS Virtual PC '04. I am hoping to make the change. From what I have seen from performing the installations, Linux seems to be more secure from the start.
                                I'm going to disagree with you here. Linux (or *BSD, or other OSes) are equally as vulnerable as Windows - it all depends on configuration. I worked as a systems engineer at a colo company for a while, and we had Linux boxes in the same rack that were owned bigtime next to untouched Windows servers. Why? Because the Windows servers had been cranked down properly, whereas the Linux boxes hadn't.

                                Neither one is inherently more secure than the other. Neither one is inherently better than the other (though my personal preference is for a non-Windows platform), either. It all boils down to what you intend to do with the machine.

                                I have Win 2003 server running on another system at home. I feel that it has some improved security features when compared to 2000 server. But these are features that I see in all of the linux disros that I've played with so far, even RedHat 7.3. I have alot to learn, but my perseption of linux has been that it is at least equal to MS, just not as well known.
                                Windows server platforms are very good at doing one thing: backing Windows networks. Samba's a nice alternative, but I'd hate to deploy it (as I've been forced to do) as a domain controller in a heavy Active Directory environment - the integration just is not up to par at this time. My attitude is that you use the Windows servers to build the LAN, but put *nix boxes facing the outside world.

                                I'm sure others will disagree (and I admit that I'm somewhat contradicting my earlier statements re: Windows security), but that's okay. One thing that's important to remember is Windows' evolution as a server platform: from day one, it was meant to be a rival to Novell, then the dominant force in LAN networking. It was never intended to be a platform for the Internet - but it later adopted that role as TCP/IP networking became commonplace in both the office and WAN environment.

                                What this has left us saddled with is an OS that has (up to 2003) largely assumed that by default it's being run in a 'safe' sandbox - no hostile users, everyone seeking to legitmately share the resources it offers. Now, having said that, *nix has also historically suffered from the same trust model, just not so much in recent years. But the naivete is still there, only it cuts both ways. To sum up: same shit, different interface.

                                I know that TCO is something that the corp. execs will look at. But I had always figured that if a network admin and his staff were planning to migrate to a unix/linux platform (or the network had always been a unix/linux network) then TCO would be equal or less expensive.
                                Not necessarily. If you have a legion of IT staff who are Windows-capable that suddenly need to learn how to interact with *nix, you're screwed. Not that they can't do it, but that they will need to be trained to handle it. And part of that problem is teaching them how to escape the Windows paradigm and become competent *nix users, if not admins. Linux may be free, but the cost of supporting it may not be.

                                Naturally, I would expect that experienced admins would be administering the linux systems. But then again, I have never been in the possition to actually compare the cost.
                                There are plenty of Windows admins out there that could be considered to have more experience than *nix admins. Again, it cuts both ways. I've seen brilliant administrative techniques on both halves; I've seen downright shitty administrative techniques on both halves. It basically comes down to whether or not the admin in question knows what they're doing or not.

                                Sorry again scroo. Thanks for goin' easy on me.
                                No worries. I actually thought it was a valid point, just disagreed with the execution. This is my kinder, gentler machine-gun hand.

                                Comment

                                Working...
                                X