On 11/07/18 11:34, Kihaguru Gathura wrote: > Hi, > > > On Wednesday, November 7, 2018, Nick Holland <n...@holland-consulting.net> > wrote: >> On 11/05/18 23:51, Kihaguru Gathura wrote: >>> Hi, >>> >>> From a security standpoint, >>> which platform will offer better performance >> >> huh? What's your priority, security or performance? >> > > Security is the Priority. > >> If you have one and no budget to buy something ...um... modern, use it. > > I have the PrimePower 250 > >> UltraSPARC will probably give them a bigger surprise. > > Please explain further if possible.
Most attackers are what we call script kiddies -- they don't know what they are doing, but they have a script, they throw it at a target and it either works and they move in or it doesn't, and they move on to the next target (or often, their magic cracking kit does it for them). For these people, "computers" are all IBM PC descended and all powered by Intel processors. Something not running Windows or Linux and not running on an Intel chip will be a huge deterrent IF they get into your system and try to run their binary tool kits. Now, someone who knows their mouse from their keyboard...no. And a state sponsored attacker that's after YOU personally? No. But they will have to hand you over to the next tier guys. :) The analogy I've used often is much of computer security logic, if applied to your household security, would involve putting the door to your house on a different side than your neighbors's doors and putting the door knob on the opposite side....and maybe painting the door purple. And sure enough, the guy wandering down the street with instructions saying "Door on front of house, color brown, handle on left side" will totally miss the door of your house and your house will be "secure" even if the door is unlocked. And fortunately, 99.9% of the attackers out there are going to be stopped by your oddly placed backwards purple door. The problem is...there are tens of thousands of attackers, so quite a few aren't going to be confused by this. > But if you are >> running web services, you are probably running apps written by someone >> without any idea what they are doing in an interpreted language like >> PHP, and the exact same exploits will take out either platform, because >> the exploits will be at a much higher level than the processor. > > Self written services in C language. Now, who do you think is a better programmer, the people who put together OpenBSD or you? Not to show you any disrespect, but honestly, I'm putting my money on the OpenBSD devs. Most likely, OpenBSD won't be the entry point for your attacker. A lot of the brilliant work that the OpenBSD devs have done may HELP your system survive a flaw in your program, but your program is still more likely to be the entry point (or data exfiltration point) than the OS is, so your Plat X vs. Plat Y decision is probably not the big thing to worry about. Nick.
