Re: [SLUG] Insight on Code Red II

From: Paul M Foster (paulf@quillandmouse.com)
Date: Thu Aug 09 2001 - 01:43:45 EDT


On Wed, Aug 08, 2001 at 07:51:16PM -0400, Wyly Wade wrote:

> There are several exploits that allow root access within linux there are
> few windows exploits that allow you control of the machine other dds or
> flood attacks.
>

I've seen people on Windows machines probed and hacked while they were
online on IRC, in real time. Any passably competent cracker should be
able to take control of a Windows box in short order. And Microsoft is
well known for being slack on security matters. Always has been. And VB
and the other tripe they've grafted on to their products multiplies the
possibility for hacks by an order of magnitude.

Yes, there are Linux hacks, though far fewer than Windows hacks. And I
see the buffer overflow vulnerabilities and such that come out weekly
for Linux software. Many of those vulnerabilities are theoretical, found
by a perusal of source code and never actually taken advantage of. And
the Open Source community fixes these _far_ faster than Microsoft will
ever fix theirs.

> I am an advocate for opensource and have spent hundreds of hours
> contributing to it as well as working with it. I feel there are many
> merits to stand on for the different linux distro's but I would not
> actively say that security is at the top of that list.
>

Oddly, some of the foremost security guys (Bruce Schneier, for example)
state very explicitly that Open Source software is far better
security-wise than any closed source software (read Windows). And they
explain the reasons in great detail. And there are several people on
this list who deal with both OSes on security matters on a day to day
basis, and I'm pretty sure they'll attest that Linux security is much
stronger than Windows.

If nothing else, a Linux user can determine and control open ports,
running services, and create firewalling rules. Windows users think a
port is something a ship pulls into, and a firewall is something in
their cars. Silly people. ;-}

Paul



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:53:57 EDT