On Fri, Jan 27, 2006 at 01:42:13AM +1100, Shane J Pearson wrote:
>
> ~~~
> OpenBSD
> by hahiss
>
> How is it that OpenBSD is able to be so secure by design with so few
> resources and yet all of Microsoft's resources cannot stem the tide of
> security problems that impact everyone, including those of us who do not
> use Microsoft programs?
>
> Nash: First, I should say that OpenBSD includes a relatively small
> subset of the functionality that is included in Windows. You could argue
if you consider `solitaire' as `functionality', then yes ;)
As far as i know, MS doesn't provide reliable software for network
services, OpenBSD does.
> that Microsoft should follow the same model for Windows that the OpenBSD
> Org follows for their OS. The problem is that users really want an OS
> that includes support for rich media content and for hardware devices,
what? MS doesn't write drivers for all devices; if there would be a bug
in NVidia`s Windows driver, then NVidia would be the one, who`s blame.
Moreover, Windows `built-in' drivers are usually bad and give low
performance, and minimum of functionality.
> etc. So while OpenBSD has done a good job of hardening their kernel,
> they don't seem to also audit important software that are used commonly
> by customers, such as PHP, Perl, etc. for security vulnerabilities. At
yeah, and MS should audit and be responsible for every foo.bar available
for windows ;)
> Microsoft we're focusing on the entire software stack, from the Hardware
> Abstraction Layer in Windows, all the way through the memory manager,
> network stack, file systems, UI and shell, Internet Explorer, Internet
> Information Services, compilers (C/C++, .NET), Microsoft Exchange,
> Microsoft Office, Microsoft SQL Server and much, much more. If a
> software company's goal is to secure customers, you have to secure the
> entire stack. Simply hardening one component, regardless of how
> important it is, does not solve real customer problems.
>
OpenBSD provides in base system substitutes for almost all that software.
First and foremost, OpenBSD's designed for other type of users; author
of that opinion surely isn't that type.
> Second, it is not completely accurate to say that OpenBSD is more
> secure. If you compare vulnerability counts just from the last 3 months,
> OpenBSD had 79 for November, December and January compared to 11 for
> Microsoft (and that includes one each for Office and Exchange - so
> really 9 for all versions of Windows). I encourage you to look at the
> numbers reported at the OpenBSD site to verify that this is true.
People always talk about numbers, but the most importat is approach. I
truly belive, that it's imposible to build anything secure on
foundations of MS platform.
Recently i've wrote simple application using random numbers; i was
disappointed, when i've had to port it to windows and linux, and i saw
the results.
- Lukasz Sztachanski
P.S. i know, that openbsd isn't perfect, but it's the only reasonable
choice.
--
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133
http://szati.blogspot.com
http://szati.entropy.pl
