The only issues I would have is that patching linux doesn't require a reboot unless you update the kernel. Having to reboot causes downtime and also forces administrators to go through the internal change mangement process. For me I can just patch my linux servers at any time but the windows stuff hast to go through our management for approval. That takes a week unless it's an emergency. Trying to explain why we need to do an emergency patch is a pain especially when everyone starts to wonder why were doing so much. Also M$ has a history of providing buggy patchs that blow up a machine.
>>> rhires@earthlink.net 12/06/01 09:40 AM >>>
> Pay close attention to dates. It took 6 months to find the actual
> exploit; 2 weeks to fix it. Code Red got rolling in March. The "iffy"
> code in wu-ftp was spotted 2 months later. Nov. 14 it was developed
> into a full tilt exploit. Nov. 28 a distribution specific upgrade
> became available from RedHat. By Dec. 3 (not quite 3 weeks) all major
> distros had patched upgrades available.
Not to defend M$, but to be fair, they did have a patch available relatively
quickly for Nimda, IIRC. Obviously people aren't applying it, though, since
you're still getting hit. Now imagine if Linux were as widespread as Windows.
Would there be the same non-patch problem?
> Meanwhile, I still get hit
> with over 1,400 Nimda attempts a day.
> Question how many copies of wu-ftp are still in use. Question the
> reference to Grannie ... and whether I would be getting hit 1,400
> times a day if she could apply a MSFT service pack.
Could Grannie (not the savvy Grannie, mind you) apply a patch from RedHat? Or
from any other distro? I know Debian, so I'll reference it here: security
updates can be made automatic by Debin's apt-get utility. I don't think they
are automatic by default, though.
> Most Windows
> people have no idea what is actually running on their machines.
I don't think this is a fair statement. If you replace "Windows" with "Linux"
and by extension Linux were as widespread, that statement would still apply.
All I'm trying to say here is that the Linux Community needs to attempt to be
fair about the way its criticism of M$ is bandied about. We need to be better
than they are. We can be. Yes, Linux may have fixed the problem. Yes, Linux
may have done it in a short period of time. However, Linux needs to be
"idiot-proof." Because it's still mostly within the hackers' realm, it will
continue to get more and more idiot-proof. Once it gets into the hands of
"lusers", it will be a different story. Hopefully all of the things that we
criticize M$ for will be taken care of by the various distros, and be done in
a better, more comprehensive way that makes us look good, and not like them.
Russell
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:03:00 EDT