Security can be defined in many, many ways. And I don't think certification alone is a "guarantee" of security, because certification implies a series of tests, which must be standardized, by definition. This does not allow for the kind of improvisations that are commonplace on the Internet, and cannot possibly test every possible scenario, present and future.
What makes Linux more secure as opposed to Microsoft's stuff is its diversity -- and here is where I think the author misses the point completely. I'm sure my Linux system is very different from anyone else's on this mailing list, because I run different applications, configure the kernel differently, and because I use different library versions. If I were to write an exploit for one distribution of Linux, it may not work on another distribution, or even the same distribution configured differently. Diversity helps to sustain the species. That is why the Teardrop vulnerability that the author mentions did not cause carnage on a scale that matches the recent SQL Slammer worm, or Klez/Bugbear/etc.
Just my $0.02
Regards, pascal chong
Ben Duncan wrote:
Interesting .....
The “theory of a thousand eyes” (the theory that open source is more secure because everybody can see the code and instantly discover a problem) doesn't make an operating system any more secure either. While the potential for more security exists, this doesn't ensure that the “thousand eyes” are actually looking. To the contrary, Red Hat has discovered bugs in the Linux kernel in sections that went unchanged for years. For example, not only did the Teardrop vulnerability in TCP/IP exist for decades, but the Teardrop vulnerability was ported to other operating systems, even though “thousands of eyes” had to be looking at the code in order to port it to another operating system. Peer review, an extension of this theory, doesn't provide any assurance either, because the reviewing peer may not be well versed in security and hence not fully understand or appreciate the implications of a given piece of code.
Since most of the TCP/IP stac is shared BSD .. and since Win2k ALL of the TCP/Ip Windows stac was ripped
from BSD ... I wonder if the author has the Balls to note that Win2k then has the same flaw ?
Oh well .. sounds like that guy did not get his a$$ kissed by someone from the Linux camp ...
Alan Jackson wrote:
On Thu, 6 Mar 2003 11:50:04 -0500 Matthew Carpenter <[EMAIL PROTECTED]> wrote:
http://www.worldtechtribune.com/worldtechtribune/asparticles/sv/sv10302002.asp
You may wish to addess this numbskull in a fashion you've proven time and
again to excel at:
With reality and education.
Don't bother. Don't feed the troll.
_______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
