Re: Windows Server 2003 - Not secure from my test but OSX from Mac is secure from the start

[Sebastian Schneider <ses () straightliners de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Secure and security are completly different things. As far as I remember, 
there are several flaws in the software shipped with MacOS X. I guess you 
might remember the last three security updates. If not try running the 
Software Update panel.

The concealment of ports is not really meaningful, since security is more than 
about if port scans succeed or fail. I guess, there will be some more flaws 
within that operating system.

By the way, when having physical access to an Apple running MacOS X 
everything's so easy. All you need is inserting the MacOS X setup CD and 
welcome to wonderland. Even booting into single-user mode if helpful much 
often. Thanks to Apple.

Sebastian

On Friday 12 September 2003 22:58, Randy Opper wrote:
> The new G4 & G5 boxs that I am running are very secure. I have run over
> 10 different scans from different sources and everyone shows that the
> system ports are stealth or not reporting. This machine has not had one
> change since I have installed the OS. In fact I have the apache web
> server running and the ftp server running and shield up at grc shows
> the box secure. I am impressed,  compared to my new 2003 server which
> is wide open even though I have not activated any services.
>
>
> Randy
>
> On Thursday, September 11, 2003, at 08:32 PM, Rick Hale wrote:
> > > If anyone knows of a system that is secure out of the box, let us
> > > know right
> > > away. Otherwise we will continue assuming that it is an impossibility.
> >
> > i am going to rant.
> >
> > the whole notion of a system, secure out of the box, is make-believe.
> > to
> > those who seek such a thing, i have this to say to you -
> > you are wrong to assume it will either be black, or it will be white.
> > are you failing to understand, you have to USE that system!?!?
> >
> > users, businesses, governments, educational institutions, whatever...
> >
> > all have different needs. it is foolish to assume Bill Gates, Linus
> > Torvalds, Steve Jobs, <insert your sectarianly bigoted OS here>
> > can say kazaam, and *poof* ship you a 100%, absolutely secure,
> > unhackable system. if that were possible, there would be no need for IT
> > professionals.
> >
> > i happen to agree with the previous poster's comment wrt openbsd; it is
> > currently the most security minded, publically available, OS.
> >
> > -rik
> >
> > -----------------------------------------------------------------------
> > ----
> > Captus Networks
> > Are you prepared for the next Sobig & Blaster?
> >  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
> >  - Precisely Define and Implement Network Security
> >  - Automatically Control P2P, IM and Spam Traffic
> > FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
> > http://www.captusnetworks.com/ads/42.htm
> > -----------------------------------------------------------------------
> > -----
>
> ---------------------------------------------------------------------------
> Captus Networks
> Are you prepared for the next Sobig & Blaster?
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>  - Precisely Define and Implement Network Security
>  - Automatically Control P2P, IM and Spam Traffic
> FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
> http://www.captusnetworks.com/ads/42.htm
> ---------------------------------------------------------------------------
> -

- -- 

Sebastian Schneider
straightLiners IT Consulting & Services
Metzer Str. 12
13595 Berlin
Germany

Fon: +49-30-3510-6168
Fax: +49-30-3510-6169
www.straightliners.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/YlclQ7mOWZBxbPcRAtgzAJ98DbG6g9kx9jBd/OmMLw4H5HomLgCfW/ro
kUsytiEy/PtzH7j1d1jmNmY=
=nb+W
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------