Re: RE: Linux (in)security

[Paul Schmehl <pauls () utdallas edu>]

--On Thursday, October 23, 2003 02:34:35 PM -0500 Ron DuFresne 
<dufresne () winternet com> wrote:
> There's a vast difference in having to backout patches in complex
> production env;s and having a poor patch affect all or most every end
> desktop/home users system too though.
And I don't recall the last time that we had to back out a patch in an over 
3500 Windows machines environment.  In fact, in the last seven years, I can 
only recall two incidents where a patch had to be backed out, and both of 
those were servers with special applications on them.

I'm not saying that it doesn't happen.  It's just not as ubiquitous as some 
seem to think it is.  There isn't a vast difference between patching 
Windows and patching *nix.  At least not in my experience, which includes 
every version of Windows, RedHat 7-9, Solaris 7-9, OpenBSD 2.6-3.2, FreeBSD 
4.7-5.1, Mac 0S 6-X and Gentoo.  (I've installed others but don't have much 
patching experience on them because I usually dumped them quickly because I 
didn't like them.)

Every OS has its problems, and every OS has to be patched.  And patching is 
a PITA no matter what OS it is.  Some are just more of a PITA than others.

The myth of the vast superiority of *nix over everything else (WRT security 
and patching) is just that - a myth.

But this conversation has been going on for over 20 years and nothing has 
ever been settled.  Nor will it be.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html