Full Disclosure mailing list archives
Re: Re: Microsoft Security, baby steps ?
From: "Daniele Muscetta" <daniele () muscetta com>
Date: Wed, 17 Mar 2004 17:08:05 +0100 (CET)
Ron DuFresne said:
[SNIP]This is not meant as an attempt to diminish BSD strenght. I also have an OpenBSD box on the internet, and it is awesome. The choice of shipping LESS software by default is a very wise one (and many linux distros in this regard are copying windows too much, enabling everything by default to facilitate the user - and the cracker). With 'smaller market penetration' I don't want to say that that code is less looked at (most likely it is indeed better code), but mainly that the crackers go usually after QUANTITY: they search to compromise AS MANY boxes as possible.... so they go after the most used OSes. IMHO, of course.This has been shown in the increase of linux compromises, anyway.... Why should they bother having a hard time trying to compromise a super-hardened BSD box which belongs to a savvy admin (who's most likely going to spot them soon if they succeed), rather then just trying to shoot their exploits against everything, and hope to get as many as possible ?That's an admin/installer issue, tooo many folks on too many OS'es tend to install the kitchen sink on systems that don't need all the toys trinkets and tools that a desktop developer might need in specific circumstances. While redhat has become the linux version of M$ in all the neato desktop trinkets it has available, the admin doing the install needs to have enough whits about them to know how to trim the fat and lock the box for the purpose it is being comisioned for. Too many web servers exposed to the public have too many desktop trinkets and X window managers that are not required for the purpose at hand.
Look: I am in perfect agreement with you, we are *not* saying anything different ! The same savvy admin I mentioned is the one that would harden (and keep the installed software to a minimum) not only BSD, but also Linux, and Windows too ! But not ALL admins/installers are like that. Unfortunately I have to say that most of them have no clue, and rely too often on default configurations.... which in turns creates new easy targets.... It definitely is an installer/admin issue. But on any OS :) I *definitely* prefer the approach where you don't have anything and you build the system from the ground up (debian, gentoo, BSD for example). But the same clueless installer who will leave the dafault bells and whistles on redhat and on windows..... is the one who could not even INSTALL BSD in the first place.... so here we are again....It's a vicious circle.... Kind Regards, Daniele _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: Microsoft Security, baby steps ?, (continued)
- Re: Re: Microsoft Security, baby steps ? Daniele Muscetta (Mar 17)
- RE: Re: Microsoft Security, baby steps ? Andrew Aris (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Nick FitzGerald (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Blue Boar (Mar 16)
- RE: Re: Microsoft Security, baby steps ? John . Airey (Mar 16)
- Re: Re: Microsoft Security, baby steps ? Geoincidents (Mar 16)
- Re: Re: Microsoft Security, baby steps ? Daniele Muscetta (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Dave Horsfall (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Daniele Muscetta (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Ron DuFresne (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Daniele Muscetta (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Guido van Rooij (Mar 18)
- Re: Re: Microsoft Security, baby steps ? Geoincidents (Mar 16)
- Re: Re: Microsoft Security, baby steps ? Geoincidents (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Simon Richter (Mar 17)
- RE: Re: Microsoft Security, baby steps ? Geo. (Mar 17)
- RE: Re: Microsoft Security, baby steps ? Nick FitzGerald (Mar 17)
- RE: [inbox] Re: Re: Microsoft Security, baby steps ? Curt Purdy (Mar 17)