Welcome to WebmasterWorld Guest from 184.108.40.206
Forum Moderators: bakedjake
Linux has enjoyed the benefit of security through obscurity in much the same way Netscape has enjoyed their perceived security. The same way Pegasus and Eudora are perceived to be more "secure" than Outlook.
The article looks to me like MS propaganda. When the first worm mentioned Ramen (two years old) became a problem in October 2000 and was patched for Redhat in September 2000. Slapper and Mighty are Related and I think September 20th 2002 was when it hit the press, my Redhat boxes were patched on August the 5th.
I really didn't read the whole article, they lost me with the first sentence.
But a enough skilled person (notice the irony) can make anything unsecure. Take for example the distributions that set linux to run as root by default; that downgrades the design to the quality of windows, that runs as administrator by default. I hope the idea is clear enough.
On Windows versions I've used the system is as vulnerable as a Unix system when you run as root.
Just more FUD from M$. I still remember wehavethewayout.com, isn't that nice a site that says Unix is bad runs Apache on FreeBSD.
/edit I just don't think before I hit submit
Actually, the zlib incident was a great example of open vs. closed source response to a potential security problem. The open source community had patches out right away. I think apache had a safe patch in 24 hours.
On the MS side, they were reluctant to even admit that they used Zlib because it is an open source library. IMO they didn't want to bring attention to the fact that they use open source code in their products. MS dragged their feet hard on that one.
I'm sure he'll keep posting them as the become available, stay tuned.
Discussion lists are for discussions. It is not meant to be a love-in. Balance requires a presentation of ideas you may not agree with. Each of my prior post allowed others to comment on what I wrote and the url's that I posted. None of the urls can be said to be hostile to Linux.
My post points to a a story url "WebSideStory, Inc. the world’s leading provider of outsourced e-business intelligence services, today reported that despite much hype and expectation in recent years, Linux has failed to gain market share from Microsoft (NASDAQ: MSFT) and Apple (NASDAQ: AAPL) operating systems."
My second post is an opinion post by me but is balanced with the url of a contrary opinion.
My third post points to an article about security in NewsForge "The Online Newspaper of Record for Linux and Open Source"
My fourth post points to an important security work-around for Linux
My fifth post points to an article that notes that Linux had shrunk in the marketplace. Read it and note that I balanced it by noting that this was generally true of the entire technology sector and that "I don't think this says much about the overall health of the Linux market"
If I post elsewhere, and someone points out that I'm a bit of a linux bigot and that affects my comments, it's relevant. Heck, I seem to recall adding such an addendum to my own post at least once. (Acutaly, I'm a Free Software bigot who happens to know Linux better than the other Freenixes.)
I'm no techie or security person, but I certainly can read English. The best way to establish credibility of an article is to do a little semantic analysis to discern whether it's propagandized, slanted or unbiased, objectively written reporting.
The title of the article reads "Is Linux Really More Secure than Windows?" which is also the title of this thread. That title intimates that Linux is less secure than Windows. So either it's unbiased and that's true, or it's untrue and the article is clearly slanted, pro-MS propaganda. It can't be both.
How does the article itself read contextually?
>>Mainframe operating systems, which have been perfected over decades, have very few security flaws.
How many commercial virtually hosted websites out there are hosted on IBM 390s?
>A large number of Windows problems are surfacing, in part because of the program's age and in part because of the number of people using Windows
What is the proportion of commercial websites hosted on MS compared to the number hosted on *nix? I believe there are some figures available.
Is there any possibility that there are any vested financial interests behind or related to the article or the source of the information (BugTraq) that could bias it? Being a salesperson, that would make a very effective presentation for a pitch for selling something such as managed security solutions.
BugTraq is a popular forum for discussion of computer security vulnerabilities. It is moderated by SecurityFocus, now a division of security firm Symantec.
Do these people derive any income from security related sources that would see increases in revenue from selling fear? The rep from the Auto Club once told me, when I was signing up for membership, "We sell fear." ;)
Just a couple of passing thoughts.
The article is posted on Yahoo and the author works for a news service NewFactor. The title is the authors.
Your point is that it is either true or not true. Why not comment on that? What do you agree with or disagree with in the article?
The article writer is reporting what "Eric Hemmendinger, research director at Aberdeen Group" said. He point out that the existance of security flaws does not necessarily add up to more risk for users.
"Michael Rasmussen, director of research and information security at Giga Information Group and vice president on the international board of directors of the Information Systems Security Association, agreed"
Are Yahoo, NewsFactor, Aberdeen Group and Giga Information Group (and me) part of the pro-MS propaganda machine?
C'mon lighten up. If you have a differing opinion lets hear it.
I LOVE Cyril's determined efforts to present the other side. I hope he never stops. I hardly ever agree, but sometimes do. He always forces us to rexamine popularly held assumptions. In this case, as an old journalist, this article has "beat up" written all over it. To a causual non-professional reader like me, the body of the article does very little to justify such a provocative title, and indeed if you read it through, you can see good arguments for the contrary. The interesting comparison on the different ways open source and propriertary systems deal with security problems is the most interesting and in all tends to suggest that open source overall, has the edge.
Im not an expert in this field, so I have to leave it to others for knwoedgeable comments, but I enjoy reading good posts that can counter with objective good arguments. As a market researcher now, I offered some professional commetary on Cyril's other posts, and the poor research design of projects used to justify an argument in a pro-website. Now its up to all you programming guys can help demolish this argument if you can!
Hemmendinger commented, "I see a lot more stuff coming across BugTraq [about Linux] than any flavor of Unix or any Microsoft operating system."
I'm not on BugTraq specifically, but I am on a few other lists. I see very little that affects me, and even of that I almost never see vulnerabilities that are actually specific to Linux. They're always application-specific. Apache, which has been affected by most of the ones I've seen lately, is not part of linux, nor is it linux-specific. (Heck, you can run it on Windows.) OpenSSL, which was actually the source of the problem in some of those vlunerabilities, is also not Linux-specific. Likewise a PHP4 problem. Before that, I think the last one I had to patch for was OpenSSH. Not only is OpenSSH not Linux-specific, OpenSSH is primarily developed on OpenBSD, a different Free 'nix, with heritage going all the way back to the original BSD.