Benjamin Scott said:
> On Wed, 28 Mar 2001, Jeffry Smith wrote:
> > ps: one final lesson: Don't run Windows ;-)
>
> While that is a good lesson, it is worth pointing out that the security
> model of Unix is not inherently better then WinNT. Windows NT systems have
> proven to be more susceptible to viruses than Unix-like systems for two
> reasons: (1) Stock Unix systems typically have more restrictive file
> permissions then the default "wide open" permissions on Windows; and (2) the
> computer education level of the average Unix user is much higher then the
> average Windows user.
>
Well, there's also the fact that 1) Unix is default multi-user, so you can
run daemons as someone else, 2) Many MS apps require write capability to
the system directory on Windows, especially to deal with the registry, and
3) while the Model is one thing, MS has completely messed up the VMS setup
they stole^H^H^H^Hused as a model. On the Samba/technical mailing list,
there's some discussions of the difference in ACLs between POSIX and NT
(NT is much finer grained permissions). One interesting quote:
<pre>
In fact, most people use only two ACLs
of any sort:
1) grant user X some permission (r, rw)
2) deny user Y some permission (r)
and the second is rare.
In a customer site using acls heavily,
we saw 99.999% grant, and ~.001 deny, and
one acl entry that wasn't one of these two.
</pre>
It's great to model something, but if it's too complex, and no one uses
it, it actually can make security worse (best security starts by being
simple to understand, because if you understand it, you're more likely to
use it correctly).
> Again, as more and more lusers start using Linux, I think we'll see more and
> more viruses targeted at Linux. We should be careful -- if we keep saying
> "Linux is immune to viruses", it will likely come back to haunt us. It is
> misleading at best.
Agree with this. Especially education on WHY security measures are
important, and work on the distributors to deliver secure distributions.
>
> Of course, none of this applies to DOS and Win9X systems, which have no OS
> security to speak of.
I'll have you know my Win95 laptop is perfectly secure - it won't even
boot!
jeff
-----------------------------------------------------------------------
Jeffry Smith Technical Sales Consultant Mission Critical Linux
[EMAIL PROTECTED] phone:603.930.9739 fax:978.446.9470
-----------------------------------------------------------------------
Thought for today: creep v.
To advance, grow, or multiply inexorably. In
hackish usage this verb has overtones of menace and silliness,
evoking the creeping horrors of low-budget monster movies.
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
