Study finds Windows more secure than Linux

Printable View

Show 40 post(s) from this thread on one page

March 31st, 2005, 04:32 AM
catch

Quote:

Just because it is not widely accepted, a user or business should not follow a best practise approach?

I don't recall saying that. I do recall saying that no true best practices exist. Much less security checklists, or a full TFM. If such existed, I think it would be a huge boon for Linux

Quote:

Any of the articles on securing linux is totaly useless?

They are useful to an individual, but not useful when determining a most secure configuration for a given task. Not useful for determining a standard or widely accepted correct configuration.

Linux configuration is typically left to "expert" administrators, rather than using a process driven approach. This flies in the face of ISO 21827.

Quote:

I just don't see how linux is so bad/insecure when there are a number of businesses(sp) and countries using it.

Linux is just fine for many uses, and I have no desire in this post to go into its pros and cons, suffice to say, until the Linux community can come up with a definition of what Linux is and how it should be configured, the whole subject is too nebulous to even bother discussing.

cheers,

catch
March 31st, 2005, 04:57 AM
devpon

Quote:

No assurance! If you use google you'll find about a million different, and many mutually exclusive security tips. The TFM needs to be published by the developer and needs to be widely accepted, otherwise it is pointless.

Many people here use CERT for security notification, would I be wrong in assuming you use it too, and would consider them to be a widely accepted publisher?

https://www.cert.org/tech_tips/usc20_full.html
http://security.ucdavis.edu/unixlinu...erv_secure.cfm
March 31st, 2005, 05:08 AM
catch

I personally do not use CERT, however your point is clear.
Let us consider the following:

Quote:

DO consider running the web server as a chrooted process.

This is not a procedure, it is a selection of best practices (sorta - good things, but not widely accepted as best practices). Although important, not complete or really applicable here.

Secondly, let's place a poll in the *nix security forum. "How many of you think that CERT's UNIX security guide is a comprehensive guide to Linux security?" I bet you'll get three responses:

1. "Yes." (prolly 5-15%)
2. "Nope." (prolly 20-30%)
3. "This does't include different Linux functionality and security software that I always use. "(prolly 55-75%)

How do I know this? Every Linux ISO 15408 submission has differed in configuration not only from each other, but from the CERT guidelines as well.

cheers,

catch
March 31st, 2005, 05:33 AM
!mitationRust

Quote:

Originally posted here by devpon
I just don't see how linux is so bad/insecure when there are a number of businesses(sp) and countries using it.

They use it because they're "|337"?

Why settle for less when you can have a C2 security level system barebones without any patches?

And I'll post it because it's apparent that it's a pure enigma. Maybe anomalous communications?

Quote:

Originally posted here by Trusted Facility Manual aKa "Administrator's and User's Security Guide" C2 Level Security
The key to Windows NT security is the user accounts. :)
March 31st, 2005, 05:36 AM
gore

Just so people don't get the wrong idea of Catch:

Catch does like UNIX stuff.He's not some Windows zealot. I believe AIX is his favorite but I could be wrong now, because that was last year.

Now one thing I have to bring up:

Catch said you can go to Microsoft and get things on how to lock down Windows for any given task.

SUSE has... Or at least had, I'll see if I can find it.... A List of thngs to do just that. One of the SUSE employees wrote a file for securing a Web server with SUSE / Apache.

I'll see if I can find the links.

for my new little hate club watching over me. Catch talks **** about Linux and we are friends. So shove that up your gore hates Windows ass.
March 31st, 2005, 05:41 AM
!mitationRust

I think he said he likes KSOS and some other stuff will never be able to get or afford.

Don't bother bra, I just posted it, click here in the Originally posted here by TFM quote above.
March 31st, 2005, 06:06 AM
gore

Heh, Catch is a good guy though, he's not like this when you talk to him in personal stuff. He's just trying to share what he knows with others and I think he's a fairly reliable source. Hell, we hated each other at first, but that changed, we both realised that even though we didn't see everything eye to eye, at least we would allow each other to speak insteadof argueing and interupting.

A lot of people here don't like him for some reason, but that's only because his outlook on things is different from a lot of others.

Hell, look at how people treat me? Either love me or hate my guts. I wn't name names but I've been getting my ass chewed over being a "windows Basher". Pooh and Catch both are Windows users who stand up for it highly and more strngly than anyone else here.

they are both close friends of mine too, and they know how I feel like, honestly. I may bullshit here to get a talk going, but for some reason people take it as bashing. Which is beyond me.

Then there is my SUSE elitism... Well, at least I back it up with either facts or personal experience. Heh, most here never know when I'm bullshitting or not, and THAT is the MO of a true professional. ;)

In somewhat related news I'm thinking of trying for my NCLP certification and my SUSE admin cert. I doubt either would be hard for me ;)

If only Novell would hire me to telecommute from here so I could stay in school. *Sigh* that would ROCK.

EDIT:

http://www.novell.com/training/certi.../exam_obj.html

**** I could probably write a study guide for this ****. Now I just need to see how much it costs.
March 31st, 2005, 06:16 AM
catch

Yeah gore... SUSE does have docs, and I commend them for that. They have really done a good job in making Linux a real commercial level system.

Unfortunately, they are but one distro... I think soon the commercial systems will begin to differentiate themselves significantly enough to be defined as their own operating systems (like all of the proper unices) Otherwise, they will be saddled with the same issues that effect the rest of the Linux world and that is, no one agrees on anything.

To clear the record up I like the following systems...

Windows 2000/2003 (Never touched XP, and everything before these are a little weak)
AIX
HP-VV
Solaris Pitbull (I prefer this to Trusted Solaris actually)
FreeBSD <= 3.3 (After that I have a laundry list of gripes)
QNX
BeOS < 5 (maui)

Of course I am a big fan of all the exotic secure stuff (KSOS, LOCK, SecureOS, SMG, STOP, AITS, MK++, etc), and I'd recommend SUSE to people seeking a commercial level Linux install.

cheers,

catch
March 31st, 2005, 06:21 AM
XTC46

Lmfao...why do people take **** so personnel. You guys jump all over people for saying things like "I hate windows" or "I hate *nix" lol, I do it too, but only to watch the arguments. This kind of thread is great because it brings out the best in some people, they dig deep to prove their points and in the end we usually learn a **** load about each others points. If anyone here leaves a post thinking "<username> is an <derogitory remark>" then you are an idiot. They were trying to prove their points, and you are probably just bitter because they proved you wrong. Catch and Gore make great points and they do so in a very blunt manor, that’s awesome if you ask me. If someone has a preference (and defend something so strongly) then there is a reason, try taking time to learn the reason before you get all pissy.
March 31st, 2005, 07:35 AM
gore

to hear Catch say he likes SUSE .... *Chest swelling with pride*.... LOL. :)

Show 40 post(s) from this thread on one page