RE: NT vs Unix on the Internet

[Russ <Russ.Cooper () rc on ca>]

> One point that has come up is along the lines of `most Internet
> sites that have been hacked have been running Unix therefore Unix
> is insecure'.  

Peter,

If you have to try and defeat such a silly argument as this, then no
figures are going to sway the argument. I'd suggest you simply make some
up if you think it will help.

One might try and argue that since most known exploits are designed to
attack weaknesses/misconfigurations in widely deployed Unix environments
using something "less known" is more secure. Obviously this is FUD also,
since it relies on Security by Obscurity.

The number of hacks should be far less important than the confidence
level of your employees who are going to be handed the responsibility
for ensuring the security of your environment. Your company has to make
a long-term committed investment in their security policy, its
implementation and enforcement. What OS is chosen might be affected by
current skills, availability of skills in the future, and of course
standard factors like suitability to task, etc...

Try and point out the irrelevance of their arguments and get them to
focus on pertinent issues that can be assessed in the context of your
requirements.

Cheers,
Russ - NTBugtraq/NTSecurity moderator
Check out the new moderated NTSecurity () listserv ntbugtraq com mailing
list, http://www.ntbugtraq.com/ntsecurity