Full Disclosure mailing list archives
Re: Re: January 15 is Personal Firewall Day, help the cause
From: "David F. Skoll" <dfs () roaringpenguin com>
Date: Fri, 16 Jan 2004 21:34:10 -0500 (EST)
On Fri, 16 Jan 2004 jan.muenther () nruns com wrote:
It can actually drive me mad to see how many Linux users entirely trust in their assumption that they're more secure by default simply because they don't run a Windows system.
A Linux user running a default installation of a modern Linux distribution *IS* more secure by default than someone running a default installation of Windows XP. Modern Linux distros don't run many (or even any) services by default, and they usually implement packet-filtering firewall rules. WinXP does not.
However, there are *plenty* incredibly vulnerable Linux boxes exposed to the Internet and I know for a fact that quite a few people simply download and install binary packages from any given source without a second thought.
With Windows, you have no choice but to do that, because there's very little open-source software available for Windows.
Even more ironically, a lot of people just compile and install anything with the usual ./configure / make /make install stupor.
This is a problem, I agree.
ELF infectors do exist, and just because it's not quite so common, doesn't mean it doesn't happen.
But unless you run as root, it's not possible to infect system binaries (without also exploiting a local root hole.) The barrier to entry is simply higher in *NIX than Windows.
Also - wild theory - I'd say that people are less likely to notice a malware infected Linux box than a Win32 one, simply because of blind trust.
I strongly disagree. People expect Windows boxes to be slow, cantankerous and crash-prone. When a Linux box starts acting wonky, people notice immediately. One of my servers started going nuts the other day, and I noticed very quickly. (It was a bad hard drive, not an attack, but still...)
I also disagree on the note that a single system exposed to the Internet doesn't form any type of threat at all. You can always beautifully serve as a hop or become a friendly member of a botnet or whatever.
I didn't say that. I said that if our colocation server got compromised, it wouldn't compromise our work machines (which are on another network.)
I'm not saying Linux sucks security-wise,
OK.
I'm not saying Win32 sucks security-wise.
But it does.
It's what you do with it, how you handle it, and how much you assume.
Look, I'm sorry, there are fundamental flaws with Windows that make it practically un-securable. Linux has its bugs, but they are *bugs*, not *design flaws*. So-called "security experts" who don't admit that are doing a disservice to everyone. Regards, David. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Symantec AntiVirus and AOL, (continued)
- Re: Symantec AntiVirus and AOL Joshua Levitsky (Jan 18)
- Re: Re: January 15 is Personal Firewall Day, help the cause Martin Mačok (Jan 19)
- Re: Re: January 15 is Personal Firewall Day, help the cause Valdis . Kletnieks (Jan 19)
- Re: Re: January 15 is Personal Firewall Day, help the cause Michal Zalewski (Jan 19)
- Re: Re: January 15 is Personal Firewall Day, help the cause Valdis . Kletnieks (Jan 19)
- Re: Re: January 15 is Personal Firewall Day, help the cause Michal Zalewski (Jan 19)
- Re: linux noexec (Re: January 15 is Personal Firewall Day) Martin Mačok (Jan 20)
- Re: Re: January 15 is Personal Firewall Day, help the cause Mary Landesman (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause jan . muenther (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 16)
- RE: Re: January 15 is Personal Firewall Day, help the cause Bill Royds (Jan 16)
- RE: Re: January 15 is Personal Firewall Day, help the cause Erik van Straten (Jan 17)
- Re: Re: January 15 is Personal Firewall Day, help the cause jan . muenther (Jan 17)
- Re: Re: January 15 is Personal Firewall Day, help the cause William Warren (Jan 17)
- Re: Re: January 15 is Personal Firewall Day, help the cause Ron DuFresne (Jan 20)
- Re: Re: January 15 is Personal Firewall Day, help the cause Alvaro Gomes Sobral Barcellos (Jan 23)
- Re: Re: January 15 is Personal Firewall Day, help the cause David Luyer (Jan 17)
- Re: Re: January 15 is Personal Firewall Day, help the cause Valdis . Kletnieks (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause Tobias Weisserth (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause Exibar (Jan 16)