Re: [SLE] spyware
From: Paul W. Abrahams (abrahams_at_acm.org)
Date: 10/04/04
- Previous message: Richard Curtis: "Re: [SLE] Multiple ServerNames in httpd.conf ?"
- In reply to: Anders Johansson: "Re: [SLE] spyware"
- Next in thread: Steve Kratz: "RE: [SLE] spyware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: suse-linux-e@suse.com Date: Mon, 4 Oct 2004 14:13:58 -0400
On Monday 04 October 2004 8:25 am, Anders Johansson wrote:
>
> In any case, the real advantage isn't that the bugs are harder to exploit,
> it's that they're much easier to fix. Show me a bug in, for example, apache
> and give me a few hours (days?) and it will be fixed. Show me a bug in IIS
> and watch me sigh as I wait for a reply from MS support. It's difficult to
> recompile something if you don't have source code
Very true.
Whether we're talking about Windows or Linux, the script kiddies depend on far
better informed techies to give them the tools for their dirty work.
There doesn't seem to be any disagreement here with the proposition that Linux
is a far less vulnerable system than Windows. The only question is why that
is.
1. The Windows code base is proprietary and closed, while the Linux code base
is open source. That cuts two ways. The Linux code base has far fewer
vulnerablities and those vulnerabilities that remain are more easily repaired
because of the communal nature of the Linux enterprise and the many eyes that
critique the code base. On the other hand, someone looking for
vulnerabilities can easily examine the Linux code base but will have a hard
time examining the Windows code base. Moreover, the quality of Linux code is
probably far higher than that of the Windows code. It's fair to say that
Linux wins this argument 80-20 or maybe even 95-5 but not 100-0.
2. It's a fact that far more attacks are aimed at Windows than at Linux, and
in particular at the Outlook Express / Internet Explorer combination. That's
why security folks these days recommend that Windows users switch to Mozilla
(which itself is probably less vulnerable than IE, even discounting the
frequency of attack). If 95% of the malefactors, script kiddies or
otherwise, devote their energies to Windows rather than to Linux, it stands
to reason that all other things being equal (which of course they're not),
Windows users will be hit far more often and far harder.
Paul Abrahams
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
- Previous message: Richard Curtis: "Re: [SLE] Multiple ServerNames in httpd.conf ?"
- In reply to: Anders Johansson: "Re: [SLE] spyware"
- Next in thread: Steve Kratz: "RE: [SLE] spyware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
