Re: Which Red Hat version?

From: Steve Schreiber (sschreibATTmagmaDOTTca)
Date: 05/06/04

• Next message: Roman Smid: "need free web-based mailreader"
• Previous message: Fred Emmott: "Re: need help configuring apache server"
• In reply to: Jacob Heider: "Re: Which Red Hat version?"
• Next in thread: Jonathan Baker-Bates: "Re: Which Red Hat version?"
• Reply: Jonathan Baker-Bates: "Re: Which Red Hat version?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 06 May 2004 07:55:44 -0400

Jacob Heider wrote:
> On Thu, 6 May 2004 00:38:47 -0600, a posting issued forth from Mark A...
>
<snip>
>>You are comparing the cost of Windows vs RH. With the new $60 per year
>>service charge, the cost is similar. When someone decides to write a RH
>>virus, watch out because all hell will break loose and the fix may not come
>>in time to avoid disaster.
>>
>>
>
>
> How do you think someone can write a "RH virus"? What are they going to
> exploit? We have all the source. Do you ever look at the exploits that
> fixed by new releases. *I'm* always seeing things like "if someone has
> access to the system, then there is a theoretical set of input which
> could give them root access". I'm intensly skeptical that there will
> ever be a "linux virus" in the way there are "windows virii", due to the
> massively different security model (bug-hunting vs. bug-hiding).
>
<snip>

Hey,

        While a 'RH virus' (Linux more specifically) is not impossible, a
widespread email virus is extremely unlikely. Which email client will
the person write for? Evolution? Mozilla? Pine? It is to diverse to be
effective. If the exploit can no 'execute automatically' like some do
for OutLook/IE, the user must DL the attachement, change the
permissions, and then execute. Even that being the case, what's the
worst that happens? You home directory gets altered/deleted and chances
are the system would not be root comprimised (again, not impossible, but
unlikely.). From what I have read about all the Windows world
virus'/exploits, I am in the camp that believes that it would never get
that bad when (not 'if) Linux has an equal share of numbers.

        As the the speed of community delivery: We have been watching this at
work for some time now, and the community generally provides fixes
within a few days. Microsoft on the other hand 'waits' to release a
monster patch to make it easier for customers, in turn leaving them wide
open during this period. Microsoft still has exploits that have not yet
seen a fix ('shatter' comes to mind...), and we are talking from Win95
on. How is that for security? My money is on the OSS community, as
individuals will/would not tolerate this, everything is fixed, fixed
well, and fixed fast.

        S.

-- 
--> GNU/Linux is user friendly... it's just picky about its friends.

• Next message: Roman Smid: "need free web-based mailreader"
• Previous message: Fred Emmott: "Re: need help configuring apache server"
• In reply to: Jacob Heider: "Re: Which Red Hat version?"
• Next in thread: Jonathan Baker-Bates: "Re: Which Red Hat version?"
• Reply: Jonathan Baker-Bates: "Re: Which Red Hat version?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint