In a message dated: Fri, 21 Sep 2001 09:20:03 CDT
Elaine -HFB- Ashton said:
>OpenBSD does a fine job of providing a secure default install.
Yes it does. It's also an exception to the rule.
>And Solaris, for the most part, is reasonably secure on a
>base install.
Do you follow Bugtraq at all? There are weekly if not daily
complaints about Solaris vulnerabilities.
Anything that enables telnetd by default IMO is not a "secure by
default" install.
>just wondering why the default installs haven't
>improved in spite of the extrememe vulnerabilities in the last few years.
Mostly like I said, they don't have people involved in the
development/release cycle who are aware of such things. Anyone with
any amount of large installation sysadmin experience can figure out
what things shouldn't be enabled by default.
Also, RH specifically, and most Linux vendors in general, are most
interested in making their distribution as easy to install, use, and
connect to the internet as possible. Security is inversely
proportional to productivity/usability. Therefore, they disregard it
in the interests of ease of use.
The *BSDs are a different animal all together (as is Debian). They
are interested in quality, and for the most part, aren't concerned
with sales at all. Additionally, their average users are also much
more highly technical than what RH's average customer is and has
significantly more generic Unix experience as well.
>*>Btw, from my own experiences, Debian comes pretty locked down for the
>*>most part. But initial install can be a bit daunting even for those
>*>well versed in Linux.
>
>Actually, now that I remember, SUSE has a really nice installer and had a
>decent default installation.
They also have quite a few security vulnerabilities listed on BugTraq
quite frequently.
--
Seeya,
Paul
----
God Bless America!
...we don't need to be perfect to be the best around,
and we never stop trying to be better.
Tom Clancy, The Bear and The Dragon
