can a windowze OS ever be as secure as OpenBSD or *nix ?
Printable View
can a windowze OS ever be as secure as OpenBSD or *nix ?
That depends on how you define Secure. Windows NT has a C2 security tool that will lock the box down very nicely. (unfortunately one of the things you have to do is remove the networking components).
A lot of it also depends on the knowledge and skills of the administrator. I'm sure that a Windows box being run by someone that really knows what they are doing is more secure than a *nix box set up by someone that has limited experience with security and *nix in general.
All OSes have there own vulnerabilities. Even though MS seems to get a lot more press, they exist in *nix systems to (anyone remember Ramen?). I’m not sure if this really answers your question, but I hope it helps a little.
Ya thanks... It helps a lot :thumbsup:
I hate to say it but you can lock down a windows server pretty damn tight if you know what you are doing. In a sence you can keep them each really secure but there is a difference. I am use all openBSD and most script kiddies and all lot of other people have no friggin clue how an openBSD box even works. I would say a large number of people who write viruses and other nasty stuff write them strictly for the windows envirorment so your chances are a lot higher of getting hacked or what not if you use a windows box. The other difference is for openbsd they search and search every single line of code before they call it stable. but if windows users move over to *nix then we would have the same prob but un till then i would rather trust my stuff on a locked down unix box vs a locked down windows box.
Unix,Live Free Or Die
If you have a great understanding of Windows security it is. Im running Windows and I feel safe.
Your right, it all depends how much you know and until your comfort level is high enough unplug you dsl and keep the computer unplugged
I'm pretty comfy on my Win98 box. Shares are nicely confined to print shares, and the printer is off unless in use, furthermore those shares are only working on my network adapter...
I have a proxy/NAT service running, with appropriate firewall rules to block incoming traffic from 'outside'...
The only real problem with a Win98 machine is a Trojan infection, and that's pretty easy to deal with with common sense and updated virus definitions.
And if you guys disagree, I'll give you my IP address, and you can check it out. :)
That confident ehh... Thats a good thing and a bad thing but i trust you know your stuff.
I'd be interested in your offer Terr, if you really meant that - pm you ip to me and i'll have a crack at it - could email you the results if ya like.
The thing is, I'm not as confident as before by a small margin, since TPF's new version just didn't play well with my setup, and I've migrated to Sygate's firewall. I'm still setting up rules and things as I notice that they become necessary.
BTW, anyone know if there is a program I can use in windows in order to portscan based on a local adapter? I don't want to port scan myself with my ethernet card, or via non-adapter loopback, because some of my rules involve adapter-specific things...
As long as Windows is as popular as it is now, it will always be the target of hackers.
thats true..... which in your opinion would you say to be the most secure version of windowze...... i know ME and x are out...... but of the remainig versions.... which is the best for a web server
I think Windows 2000 would be the best Windows operating system for a web server, but NT would be about the same. If you're serious about this web server thing, and you seem to be, I think you should consider using Red Hat Linux.
linux..... i would expect OpenBsd or BSD to be the most secure...... becus *nix gets hacked almost everyd ay.... but u barely hear about BSD being hacked.. or is it just underpublicized?
I think it's probably just not publicized, but I could be wrong. I don't know anything about BSD, so I couldn't tell you anything about its security. The reason for my opinion is that Linux is by far the favorite OS for web hosting, and thousands of webmasters can't all be wrong. I know I said that the most popular operating systems are the most easily hacked because of their popularity. I will also admit that any good web hacker would know Linux and Unix. But I think you will have a hard time finding ANY hacker that can't hack windows. Also, that's what firewalls are for. You should never rely solely on the operating system for your security.
Now, I had a long arguement with pwaring about this...
Define 'Hack windows'. I'll be the first to admit that Win9x has terrible local security, but that's mainly because it was designed for home use, where you usually have adequate physical local security, it's functioning in a physical trusted environment. I don't count the local stuff against Windows, because with an intruder with local access to a computer, most of the battle is lost already.
By "Hack windows" do you mean: "Trick the user into running a this nifty NetBusServer.exe program."? Or "Look for someone who forgot to set a password on his new share."?
Well in that case.... Which is the best firewall.... I know that ZoneAlarm is a favorite...... But are there any other good firewalls
Lets put it simply, if you were a cracker and you find 3 sites you want to crack.
Each runs on the following, 1. is a running on Windows 2. is running on Unix 3. is running on FreeBSD, which would you try and which would you skip.
I realise a lot more comes into play [which OS version etc.] but you get the jist.
thats true... windows and *nix are better known.. so they would try for the most common ones
Tiny is another good firewall. I have used both Tiny and ZoneAlarm, and loved them both. Plus, if you didn't already know, both are freeware, so you won't have to pay anything. You can search for both of them at www.download.com
Security is just an illusion!
For firewalls.
ZoneAlarm - www.zonelabs.com
BlackIce - www.networkice.com
Test your firewall
www.grc.com
www.hackerwhacker.com
If security is just an illusion then why bother being a member of a security discussion board?
From what I am reading about the security of windows XP. The OS will open and Close the ports as needed. I think that this is a BIG step in the right way to making a MS product Secure.
As I said if I am wrong Please correct me. But PLEASE be kind. I am a newbie here.
Willing to learn......
I don't know if that's true or not, but I don't like that idea at all. I want to be in control of what ports are open on my computer MYSELF. I don't want to trust the software to do it for me. It would be too easy for someone to exploit that.
I hear your concern. I have to say that the control is still there much like Win NT. You can open any of the ports that You want. NNTP POP-3 Ect.
I am sorry that I do not remeber where I read this at. I did it in a quick glance. :)
With the release soon to be out. I guess we will all have a little more knowledge soon.
is it possible to set up multiple deamons on a windows system?
say telnet, finger, SMTP, AND P0P3
Windows won't let you use the finger daemon afaik, but then again why would you want to? It is possible to enable telnet to a w2k/nt4 box - not really advisable though.
As for smtp/pop3 - these are both mail daemons and as such you'll need a mta (mail transport agent) - and windows doesn't have one built in i'm afraid.
But in answer to your question - can windows use multiple daemons - well, if you are of the school of thought that a daemon is a service waiting for a request, then yes - it can
i can understand why the telnet deamon is questionable... but what other deamons can run on a windows system?....
right now my windowze is running 2 deamons.. one on port 21(ftp) and one on port 80 (http)
scanning 127.0.0.1
connected to 127.0.0.1 :[21] FTP File Transfer Protocol
[127.0.0.1:21](220 FTP server, ready
)
connected to 127.0.0.1 :[80] HTTP
i had another one on port 113 or something like that... i think it was a netbios service... but now its gone.. do any of these current demons cause any security risks?....
now that i look closer i see more opoen ports... some with no deamon on them.. i can see this is a security risk..but how can i 'close' the ports?
Your running a ftp server through your loopback adapter?
I'll answer that question - your not.
i am running an ftp server i know i am,, i just used the loopback because i really dont like giving out my ip :p
Possibly i should elaborate - the loopback adapter (127.0.0.1) is just a bit of software to verify your tcp stack is all present and correct - it doesn't run any daemons and nobody can hack it.
If you want to scan your real ip address - type "ipconfig" at a dos prompt or "ifconfig" in bash to get your proper ip.
first of all its not ipconfig..... its winipcfg and i know what loopback is.... i did a portscan on myself... on my real ip address 172.169.***.*** but i put in my loop back because i do not like to show my ip online
Well you obviously know everything there is to know about computers and network security - i'm sorry for bothering you by answering your questions.
And anything post 95 will accept ipconfig.
thats true...... but are there any ways to lcose up any oepn ports... like port 1257 is open for me......
First of all "ipconfig" is the DOS equivilent to "WinIPcfg"...Perhaps you should have tried "ipconfig" in DOS before posting.Quote:
ac1dsp3ctrum
first of all its not ipconfig..... its winipcfg and i know what loopback is.... i did a portscan on myself... on my real ip address 172.169.***.*** but i put in my loop back because i do not like to show my ip online
Both display the same information and have the same features, the only difference is "WinIpCfg" has a nice GUI :)
I hope this has cleared up the "IpConfig", "WinIpCfg" misconception. :D
openBSD is soo much more secure than any linux distro unless of cource they are properly "locked down" If you use openBSD they havent had a remote hack in four years in all of reality not many people know about openBSD and lots of people dont know how to "hack" it but i would say BSD is a great thing and is very trustworthy:D
Posted By: Ac1dSp3ctrum
linux..... i would expect OpenBsd or BSD to be the most secure...... becus *nix gets hacked almost everyd ay.... but u barely hear about BSD being hacked.. or is it just underpublicized?
Hey kiddo....Just to clear any misconceptions you may have on your haXor journeys...BSD IS ****ING UNIX! BSD is more unix than any Linux.
Posted By: Ac1dSp3ctrum
can a windowze OS ever be as secure as OpenBSD or *nix ?
Again.....BSD is "*nix"
"A hacker is someone who has a passion for technology, someone who is possessed by a desire to figure out how things work."
Kevin Mitnick
First step is to figure out what type of OS your you talking about...