Re: Linux vs MS Security
From: Tobias Brox (tobias_at_stud.cs.uit.no)
Date: 08/25/05
- Next message: Dan J.S.: "Re: Ooops, I killed a hard drive. Any ideas on how I can get the data off?"
- Previous message: Bit Twister: "Re: Linux vs MS Security"
- In reply to: Ivan Marsh: "Re: Linux vs MS Security"
- Next in thread: johnny bobby bee: "Re: Linux vs MS Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 25 Aug 2005 20:50:00 +0000 (UTC)
[Ivan Marsh]
>> 1 (SPAM) What percentage of SPAM is transmitted by compromised Linux
>> systems compared to Microsoft?
> < .5% (high estimate) - the only way I can imagine a Linux box being
> zombied to be a spam server is if the admin manually downloads and
> installs a compromised piece of software.
Well. A linux box not beeing maintained or upgraded, or badly
installed in the first place, is very likely to get compromised. I
know there exists boxes that have been connected to the net for years
and years without any maintainance or upgrades beeing performed -
sysadmins eventually throwing up a firewall to hide the problem.
For one thing it is not so many years ago when most of the mail server
software by default was set up as open relays. It was also common to
have linux distributions where lots and lots of servers was set up by
default. It used to be normal to let servers run as root. Security
flaws have always existed, notoriously buffer-overflows. Thus, having
a linux box with servers running on Internet without patching up the
software every now and then is a quite risky affair, if a skilled
person gains root access to the box and starts installing back doors,
trojans, etc, then it will be extremely difficult to "clean up" the
system. Of course, this applies to windows as well.
> You will not have your Linux box
> taken over by browsing a web page as you can in Windows.
Of course, a regular linux user would not run his browser as "root",
thus the box won't be taken over no matter how many holes there are in
the browser. Some Microsofties I'm regularly discussing security
with, would claim that the same applies to windows. When people are
running all their applications as "System Administrator" on their
windows boxes, it is (according to said Microsofties) due to
ignorance; everybody should learn a bit about computing before using
or owning a computer. Well, I tend to disagree, surfing the web
should be reasonably safe for anyone, and it should be possible for
Microsoft to deliver a virtually maintainance-free product, or
eventually, for dealers to do support/maintainance for dummies.
That beeing said, of course I feel miles safer running Mozilla than
MSIE, both because I expect Mozilla to be safer and because it is less
targeted.
-- This signature has been virus scanned, and is probably safe to read Tobias Brox, 69°42'N, 18°57'E
- Next message: Dan J.S.: "Re: Ooops, I killed a hard drive. Any ideas on how I can get the data off?"
- Previous message: Bit Twister: "Re: Linux vs MS Security"
- In reply to: Ivan Marsh: "Re: Linux vs MS Security"
- Next in thread: johnny bobby bee: "Re: Linux vs MS Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
