On Wed, Aug 15, 2001 at 09:13:05PM +0100, Cito Maramba wrote:
>
> Yes, the RAMEN worm. And the Lion worm as well. Someone also released a
> worm whose supposed function was to clean out the Ramen (or was it Lion)
> worm. The thing is, IIS is a Commercial Product. If any other kind of
> commercial product had similar defects, you'd have the company making
> the product have lawsuits up the wazoo.
>
Which is why Microsoft LOVES the UCITA! It will give them an
additional law to cover their asses with.
>
> > This just proves to show how much proper and pro-active
> > administration really determines how secure a network is.
>
>
> The mantra: "Security is a process, not a product".
>
> I think Linux distros should be secure Out of the Box. They can't claim
> the old excuse of patents.. RSA's US patent expired last year.
> Hopefully, a higher security level on OOB installs of linux distros will
> prevent more newbies from being r0073d or O|/\|n3d.
>
Personally, I think this is impossible. No system can be absolutely
secure out of the box. Remember that every server deployed has a
purpose, and without taking this purpose into account, you have many
potential insecurities. Admittedly, Linux distro vendors could do a
better job of making a more secure default install, but ultimately,
there is no one-size-fits-all charm. Any serious system administrator
installing a Linux box should examine each and every package he or she
installs, to see whether it actually does have some place there. If
not, remove it. At best, it's dead weight. At worst, it's a security
risk.
I don't think it's an exaggeration to say that a lot of system
security breaches occur because the administrator was ignorant of the
aspect of the system that got exploited. Case in point: looks like
the vast majority of the people who run W2K boxes affected by the Code
Red worm were unaware that they were even running IIS on their box at
all, at least until well after the problem started! You cannot secure
what you do not understand.
>
> Dobol Jeopardy! What makes Micro$oft software exempt from Product
> Liability laws.
>
Their EULA.
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311
Programmer, InterdotNet Philippines +63(917) 4458925
http://dido.engr.internet.org.ph/ OpenPGP Key ID: 0x5CDA17D8
PGP signature
