I would add that the majority of windows users are on corporate domains where they are restricted to specific domain resources. We sometimes think that all users are fiddling with their settings like we do (ha). Configured properly a domain gives you a very high level of granual security across the network. Similar efforts by Linux vendors to implement domain resource security have fallen flat. Redhat had a recent "enterprise" effort at this for example - and Novell continues to lose market share.
-----Original Message----- From: Snake [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 09, 2006 10:49 AM To: CF-Talk Subject: RE: Big SQL security hole at Crystaltech? Really? I have no problems at all logging in with non administrator accounts and managing the servers, its not difficult at all. And the service son the server do not run under administrator, they run under the SYSTEM acocunt by default. -----Original Message----- From: James Holmes [mailto:[EMAIL PROTECTED] Sent: 09 May 2006 16:27 To: CF-Talk Subject: Re: Big SQL security hole at Crystaltech? Another aspect of this is that in Windows it's notoriously difficult to run as anything other than an Administrator and have anything work. In Linux/UNIX, operating as root is seldom necessary. On 5/9/06, Munson, Jacob <[EMAIL PROTECTED]> wrote: > > What I have seen happen a lot is people switch to Linux because they > > hate windows. Everything is up and running fine for them but they > > do not invest the proper time to learn how to maintain the box to > > keep aware of security patches. Now you have an OS with multiple > > services from multiple open source projects and anyone of those can > > end up having a security exploit that some 12 year old will use to > > "own" the box and the admin may never even know the kid is in there. > > Windows certainly gets more than its fair share of exploits but it > > just seems like with the typical weekend sysadmin that the process > > to alert people of exploits and fixes for them is much better in the > > windows world. > > I think you are correct for /some/ Linux distributions (like > Mandriva), but this is not the case for the majority of them. The > biggest security difference between Windows and Linux is that Linux > forces the sysadmin to turn on services as he needs them. Windows > 2000 and earlier assumed you'd need stuff like IIS/FTP/Telnet/etc. and turned them on by default. > Win2k3 and Linux assume you don't need anything but bare > functionality, and you have to manually turn on the services you need. > This has been a standard security practice in the computing world for > years, but Windows introduced the "we trust our users and hope there aren't any hackers" > mentality. -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239945 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
