--- Dustin Puryear <[EMAIL PROTECTED]> wrote: <em>> I think Linux vendors, taken as a whole, have done a <em>> poor job in this <em>> regard. Not that Microsoft has done better of <em>> course. Ok, ya got me. <em>> I have to wonder if the scale isn't tipped in large <em>> part because of <em>> where the hacking community's attention is currently <em>> focused? The scale is tipped because the hackers are attacking easy targets. Open source gets patched too quickly for script kiddies to gain interest. <em>> Actually, it is pretty darn simple to secure an NT <em>> box. In fact, it <em>> works just like it does under UNIX: turn off <em>> unnecessary services, apply <em>> patches, fix file permissions. As far as Windows 9x <em>> users, assuming they <em>> don't run a trojan they are pretty safe out of the <em>> box. The problem here <em>> is that, damnit, they keep running trojans. You might as well say that the most secure box is one that doesn't get used. I disagree that they are safe by default, for the reasons John B. and others have pointed out. Win9x users are root by default, and they do stupid stuff (like click the box that says to share files with others on a broadband connection). I posit it was easier for M$ to design a more secure OS than to teach users not to do stupid stuff. Hence, NT, then 2000, then XP. <em>> So you are agreeing that it is the vendors <em>> responsibility to ship a <em>> reasonably secure product to the user and not the <em>> end-users <em>> responsibility to ensure the vendor did their job? Of course I do, but the difference here is that a M$ user can only go so far to ensure the vendor did their job, whereas free software users (RH) can get right down anal retentive about it. <em>> But the original argument was <em>> that out-of-the-box <em>> Windows is no more a target than UNIX and Linux <em>> systems. Wrong. Closed source is less secure than open. M$ Windows and closed source UNIX OSs are a bigger target than free software. <em>> The difference <em>> here is that there are a lot of Windows boxes out <em>> there, but does that <em>> make Microsoft any more culpable for these attacks <em>> that Red Hat or Caldera? It does if there is no peer review of source code. <em>> Does the number of boxes sold make you more <em>> responsible than <em>> vendors who ship equally insecure systems but have <em>> less sales? Yep. When it's closed source vs open. <em>> Regards, Dustin Dang, I haven't talked to you in person this much. :) John <p><p>__________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ ================================================ BRLUG - The Baton Rouge Linux User Group Visit http://www.brlug.net for more information. Send email to [EMAIL PROTECTED] to change your subscription information. ================================================ <!-- body="end" --> <hr noshade> <ul> <li><strong>Next message:</strong> Larry Braud: "Re: [brluglist] Fw: Steve Gibson's July/2001 News from GRC.COM ..." <li><strong>Previous message:</strong> John Hebert: "Re: [brluglist] Fw: Steve Gibson's July/2001 News from GRC.COM ..." <li><strong>In reply to:</strong> Dustin Puryear: "Re: [brluglist] Fw: Steve Gibson's July/2001 News from GRC.COM ..." <li><strong>Next in thread:</strong> Larry Braud: "Re: [brluglist] Fw: Steve Gibson's July/2001 News from GRC.COM ..." <li><strong>Reply:</strong> Larry Braud: "Re: [brluglist] Fw: Steve Gibson's July/2001 News from GRC.COM ..." <li><strong>Reply:</strong> Dustin Puryear: "Re: [brluglist] Fw: Steve Gibson's July/2001 News from GRC.COM ..." <li><strong>Messages sorted by:</strong> [ date ] [ thread ] [ subject ] [ author ] [ attachment ] </ul> <hr noshade>
<small> <em> This archive was generated by hypermail 2.1.2 : <em>Thu Sep 06 2001 - 11:10:54 CDT</em> </em> </small> </body> </html>
