Linux Is #1 Hacker Target

[mohaughn]

deaflamb- atleast he backs up his thoughts and opinions with logical arguments and data. I for one have found the information that catch has provided here over the last couple of days to be rather informative. He obviously is able to focus on security standards in his job/sparetime much more than I am, and I find it very interesting to see how linux stacks up against the procedures and processes of organizations such as ISO.

ps.- Being a junior member here at AO means very little other than you haven't posted a lot of messages.

[catch]

Why can't someone post facts about a system being inferior without everyone thinking it is something personal?

Hahaha no no... truth be told I actually have two Linux system. (RH 6.2) I however know what they are and know their capabilities and I find it disturbing how many people go into Linux with their eyes completely closed just because some 1337 kids online said it was cool and it is always popular to root for the underdog.

You will notice that I don't post opinions about Linux ("it blows" etc) I merely cite facts about it. In this thread I noted it's EAL2 rating, that is a fact. I noted its lack of a TFM, another fact, I mentioned its failure to seperate admins and operators another fact, etc, etc. these are things that people need to know if you would like to have an educated opinion on Linux's abilities.

Also, note that in my last post I said "slapping around Windows 2000 for its CC CAPP-EAL4 evaluation saying how ineffective it is. (I completely agree.)" Where is the love for MS?

catch

[Deaflamb]

Catch. Point well taken. I didn't mean to offend. Your posts are very informative and interesting to read. I was just wondering if you had some sort of bad experience with Linux in order to turn you drastically away from the OS. In regards to your statements on what Linux is lacking, I believe that is one of the greatest things about Linux. Sometimes "isn't less more?" In the grand scheme of things we are only dealing with 1's and 0's. The less things that can go wrong the better.

DeafLamb

[catch]

The idea of less is more is a very important one in secure computing, however when the major thing it is lacking is assurance... well that is no good at all. Also, structure is important, Linux uses a monolithic kernel and NT uses a microkernel, this means at the most core level, NT has "less." The basic rule with computers is to work in a funnel design. Very little low level code, ideally even a finite state machine at the lowest level and broader and broader as you go up, this allows the greatest functionality nearer the user and greatest assurance nearest the base of the system.

Again my comments about Linux come from the point that it is arguably the worst multi-user system that has found any market (the possible exception being OpenBSD, but it is still relatively obscure.)

catch