M$ FUD against Linux security.

[R0n1n]

They are?

Please see here:

http://www.k-otik.com/exploits/

and here

http://www.securityfocus.com/bid

etc...

Sure we can make people aware of the no brainers like using strong passwords, but beyond that, I am not sure how much your mum needs to know about securing TCP/IP in order to send an email, or the intricacies of SSL to shop online?

Probably easy to alter the technology then the ways of people...

[nihil]

Ladies and Gentlemen purrrrrrrrrrrrrleeeze

"Linux's security model does have insecurities and flaws, just like the windows security model.

That is the precise level of college bred misconception that we face.....................there is no such thing as a "security model" for EITHER operating system.....................they were designed before security was even thought about, before major networks, before the internet................................

As suggested by others, we really have to start from scratch.................the underlying architecture of existing systems IS NOT SECURITY ORIENTATED...........and if anyone thinks different, I would be fascinated to see their proof

To prove my point: I have a machine running the RISC operating system..................that is far more secure than windows or linux, for the simple reason that none of the little dorks would have the faintest idea what to do with it.................but that is NOT security....................it is obscurity?

I understand the frustration of some when they say "not another my OS is better than your OS argument"...................they are right.................there are NO secure OSes at the moment.............so what are we going to do about it?

/me goes to boot up my Acorn Archimedes and slay 10,000 Phillistines with the retro drive of an Enterprise class starship

[a morning chill]

That is the precise level of college bred misconception that we face.....................there is no such thing as a "security model" for EITHER operating system.....................they were designed before security was even thought about, before major networks, before the internet................................

Incorrect. It's dead on. Think about it for a second.

That statement I made is nothing more than saying "Both have their flaws, but it isn't my job to make you fix either side.". I agree that we need to start from scratch, completely. But you are attempting to bash and put words into my mouth that I never said.

Every single OS has a security flaw in it's capability, that's a universal. I don't care if it's RISC, OpenBSD, or NT 4.0 It's going to have a vulnerablity due to structure/internal code. You are trying to play semantics with me, and I don't appreciate it. "Security model" "security system" "security anything" is going to have a hole in it, no matter what.

I don't care if it was meant for multimedia mp3. I don't care if it was meant for anything BUT security. That isn't the point. The point is, and especially since we are in a security forum, is that any model created by mankind (computer or not) is going to have inherit flaws that make it exploitable to someone's benefit or detriment.

That's undeniable.

[R0n1n]

nihil, hoorah for Acorn! now there was a computer....

So, morning chill, if every system made by human beings is going to have flaws in it then maybe we should forget talking about operating systems and focus on all the band aids we will need, as you are suggesting, I believe, that secure OS's are not going to happen?

Which may be true, but we can certainly make them more secure then much of the current crop are.

[a morning chill]

Just because it won't happen doesn't mean we shouldn't try to minimize potiential risks.

You know that

And I agree on your edit. We should still try to create a newer OS based on better security standards that won't sacrafice usability. However, while we wait for this utopian OS, we need to keep in mind that it is still going to end up with flaws. All I am saying is "Don't kid yourselves"

[R0n1n]

We should indeed.

But we need to minimize them based on what our idea of security is, as well as business requirements, end user requirements, cost concerns etc... which makes the whole thing a big, fun subjective mess .

[rcgreen]

I agree that we need to start from scratch, completely.

The very last thing I want to see is a new OS designed for
security.

http://www.antionline.com/showthread...hreadid=263874

[gore]

I tried staying away from this thread because the damn thing is a huge mess of "I think I'm right so that means I am". Damn it.

first this thread, it should be dragged outside, shot twice, in the face, with an Elephant gun, and started over.


Think in terms liek this, how many exploits would XP have if you could see the source code? Seriously, think about it.


Where to start with this........


OK, for one thing, security by obscurity isn't half as bad as most people here think. When it comes down to it, a password is nothing more but security by Obscurity. If I find out your password, it's no longer secure is it? Just like an exploit, if I find one, your system is again insecure.

Open BSD isn't ****ing secure. You could take any *NIX, close all services by default, and burn it to an CD and call it "the most secure OS". That guy theo who mae it can **** himself. I'm tired of the jack ass people that believe his ****.


SUSE has a security team, and they do code audits on the entire core system, do you see them bragging? No, they don't need to.

SUSE lets you have all patches for security and all bug fixes, downloaded and installed BEFORE the first boot up. Now if all exploits / bugs known are fixed and the firewall is configured and services can be shut off BEFORE and OS boots up for the first time, it seems to me that would make it the most secure OS on Earth.

Some people still think NT is secure.... Well that's cute but any holes that are found are NOT getting fixed, so that is flawed..... Like OS/2. lol.


Free BSD can be made secure, Windows can be, but the problem is, for example:

Windows NT had actual multi user action. But it had a lot of Network services too.


Windows 95 and 98 had almost no network services running but ANYONE sitting there could get to anything theyw anted. It's a trade off, you can secure 98, and over a Network, it's very secure because there are no services. But sit down at the keyboard and Boom you're admin. Now NT, you need to actually log in. But NT has services running up the ass, and so it drops the security.

The more you have running on your machine, the more likely something can break.

If you're running Telnet and IIS, you're more likely to have a problem than someone running nothing.


Now here is more to add to this shitty thread:

How long does a Windows box freshly formatted, have before it's compromised? 5 minutes was it? That is NOT enough time to download the security updates.

You can add a firewall before you put it online but is that going to help? The firewall hasn't been updated yet either.



Now me, I put SUSE on there and before the thing has even booted yet it's already updated.


Which one is going to last longer online?

Chsh I believe pointed out Linux boxes have a lot longer before an attack occurs.

You see the people in this thread are basing entire arguements on PEOPLE securing the machine. That's a load of **** so high it could be a marketing department.

How can you secure a machine properly if it's owned 5 minutes after installation? Hmm? You can't install Anti Virus, A firewall, and every Windows update in 5 minutes. **** SP2 takes like 5 hours, that's longer than 5 minutes. Sure you can pop it on a CD but that still needs updates too, AND THEY ALLLLLLLLLL NEED A REBOOT.


Linux, on the other hand, I can lock it down long before it's been booted up. And hell if I want, I can pop an FTP server on a Linux box here and not put it on my DMZ, download all security patches for example, Slackware, which are .tgz packages, I can download them all, put them on my FTP, and when that Slackware box is done installing I go and update it over the LAN not letting any trafic hit it except from that FTP box on my LAN.

I can install every patch on Linux at the same time. With Windows, download it, install it, reboot, download install it, reboot, download the patch to fix the **** up the last patch ****ed up, download it, install it, reboot. Hope IE hasn't got 900 new flaws because Microsoft said **** everything but XP.


Hmmm, yea, that's about right for now. Go ahead, try and tell me what I said was completely wrong and isn't true. I've formatted Windows boxes and updated, it takes forever.

[R0n1n]

Maybe, one day, we could have an OS chat on here where we actually discuss the security Pros and cons of each operating system, how we think they could be improved, the good and the bad of each from an informed technical perspective?

sorry, was asleep for a moment there.

Gore, didn`t some of the folks on here agree with your view already?

[Donkey Punch]

Heh, gore is just the kind of person to make his point clear, despite what people think.