On April 25, 2004 04:38 am, Stephen Kuhn wrote: > JoePill, I know you'll dig this one...ahem... > > http://www.securityfocus.com/columnists/235 > > > stephen kuhn - owner
I'm gonna play devil's advocate and agree with the columnnist on this one. You need to remember that Lindows/Linspir> ============================== > illawarra computer services > a kuhn media australia company > http://kma.0catch.com > ------------------------------------------------------------------ > * This message was composed on a 100% Microsoft free computer * > We expressly refuse to utilise Microsoft DRM encoded documents > ------------------------------------------------------------------ > The wages of sin are high but you get your money's worth. > ============================== > illawarra computer services > a kuhn media australia company > http://kma.0catch.com > ------------------------------------------------------------------ > * This message was composed on a 100% Microsoft free computer * > We expressly refuse to utilise Microsoft DRM encoded documents > ------------------------------------------------------------------ > The wages of sin are high but you get your money's worth. e ships with no security at all set up and the user plays around in their box as root. The same silliness is repeated with other distros as well. It's also possible to install Mandrake with no password at all for root. I found out on my course that I'm in this week that it's just as possible to do this in RH/Fedora. As the columnist's point is about security he does have a point. We, who have played with and worked with Linux for a while, know that yowou don't run as root and that you don't leave root unpassworded (if that's a word). Serious newbies do not. He's also right that this is an inviation to script kiddies to start to attack unprotected boxens out there. One thing Mandrake does do right is to offer updates for free for supported releases. It's important to educate new users and one of the ways of doing that is to enforce the idea of a password for root on install and to make sure that the same password isn't used by the user. All this can and should be scripted into an installer. Sorry but Walmart boxes are security problems waiting to happen. And this is something that the entire Linux community needs to address. That said, the situation is no worse than Windows which happily ships W2K and XP completely unprotected and most users don't even know that there is a administrator password waiting and needing to be set up. Sadly most don't care either. This applies to some of the dimmer MSCEs out there who feel that it's easier to telnet into a box than ssh in. That the situation is no worse than Windows doesn't surprise me. But we're supposed to be better than that and that's the point that the writer is making. BTW, both Lindows and RH (after a grace period) charge for updates. ttfn John
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
