begin quoting Lan Barnes as of Wed, Feb 02, 2005 at 12:09:34PM -0800: [snip] > I accept the premise that badly configured Linux boxes will increase in > number with popularity. I would expect a badly configured Linux box to > be intrinsically more secure than a badly configured windoze box, but > maybe not as secure as a well-configured winzode box.
Linux is getting better -- I don't think that the common distributions ship a wide-open box anymore, with all services running. I would expect that over time, "badly configured" default installations on all systems would be thinned out. My biggest concern isn't really the default configuration -- it's the user community. A user community that demands all the bells and whistles will be hard to train to accept a locked-down system by default. "Badly configured" may be what the user community *demands*. > These discussions get touched off regularly by various on-line articles > from Forbes to Slashdot, and AFAICT, more than half of the articles have > a bias. Having a bias doesn't necessarily mean you're wrong, but as > we've all seen in M$-funded white papers, sometimes it means you're > using statistics to lie and spread FUD. In any good FUD, there's a grain of truth; attempts to dismiss the FUD will be self-discrediting unless handled /very/ carefully. Blanket dismissals may backfire among the uncertain, and *will* backfire among the convinced. > We have real security people on this list (I am not one of them), and > I've noticed that none of them has ever recommended switching to > windoze. Sure, it's a Linux list so there is self-selection, but this is > an opportunity for them to weigh in, so ... Phil? Tracy? Anybody? Is it > time to switch to windoze? Zone-H says Linux is the most attacked OS. Well, if you're *really* worried about security, you might want to switch _away_ from Linux[1]. That doesn't mean that you'd want to switch *to* any sort of Redmondware -- there are more than just two players in the game, after all -- but there are several other alternatives. I hear good things about BSD, for example. Plus, if the volume of attacks bother you, you should also switch your hardware to something less common; this means that random attackers are less likely to have tools that would run on your system, should they *succeed* in breaching your defenses. SPARC is still a bit common, and PPC as well, although both are less common than x86; ARM might be a reasonable choice for the paranoid. [1] Or to SELinux, if you want to take up the administrative burden. -Stewart "Monocultures suck. In software, in hardware, in attitude." Stremler -- KPLUG-List mailing list [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
