No, I'm talking about the little retailers and the rest of the people who go
out and pick up a box from office depot or compusa, so they can check their
email, and keep their finances in order.
The Open Source movement doesn't address these people. From my stand point,
it isn't a money thing,
** Private ** wrote:
linux is more secure than windows because only dorks use
linux..:-)
That moment is not far away anymore.
While everybody keeps pointing at the big bad Microsoft and their silly
'vulnerable by default' out-of-the-box configuration, Microsoft is changing.
And
On 2/12/07, Jochem van Dieten [EMAIL PROTECTED] wrote:
But what is Linux doing? Is there a structured security and audit process?
Is there a team being payed to make long days reviewing code instead of
developing cool new features? Do those teams exist for all the addons that
are shipped and
What magazines are you getting? Who is reading them?
You think they guy running a four person retail store is reading
Business 2.0?
-Original Message-
From: Denilicious [mailto:[EMAIL PROTECTED]
I don't think this sentiment reflects the current views-- Just about
every mag I've
On 2/11/07, Nick McClure [EMAIL PROTECTED] wrote:
What magazines are you getting? Who is reading them?
You think they guy running a four person retail store is reading
Business 2.0?
Ah, four person retail store-- depends. Is it a book store? ;)
Yeah, I get your point. I don't think it's
On 2/9/07, Nick McClure [EMAIL PROTECTED] wrote:
Larger companies that have IT people can do that, small companies that don't
rely on the support provided by the vendor. Because they don't have to go
out and find somebody else to support a product.
I was talking about using a vendor, actually.
: Denilicious [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 10, 2007 3:02 AM
To: CF-Community
Subject: Re: Why Linux is more secure than Windows
On 2/9/07, Nick McClure [EMAIL PROTECTED] wrote:
Larger companies that have IT people can do that, small companies
that
don't
rely
On 2/10/07, Nick McClure [EMAIL PROTECTED] wrote:
But most companies don't know about those options.
Open source has a stigma when it comes to the average small business,
they look at and assume it developed by a bunch of 13 year old kids in
their parent's basement, if they even know what it
On 2/8/07, Jim Davis [EMAIL PROTECTED]
-Original Message-
From: Denstizzo [mailto:[EMAIL PROTECTED]:]
Are you proposing that the number of people who know C++, isn't that
large? Or perhaps that it's so difficult to pick up a language, that
there
aren't many people familiar with
*falls over*
tooo...much...text...
*twitch*
*twitch*
urrk..urrkk..
On 2/9/07, Denilicious [EMAIL PROTECTED] wrote:
On 2/8/07, Jim Davis [EMAIL PROTECTED]
~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2 MX7
Larger companies that have IT people can do that, small companies that don't
rely on the support provided by the vendor. Because they don't have to go
out and find somebody else to support a product.
Most companies support their own products, so they expect the people that
developed the products
** Private ** wrote:
But the idea that a problem in open source software is less problematic than
in closed source because you can just fix it yourself always strikes me as
completely silly.
I do not consider that argument silly. I run (or have run at some point in
time) my own custom
Hi Jochem,
The process that owns port 80 on IIS 6.0 machines is the HTTP.SYS driver
(when enabled). This is a kernel-mode driver that only forwards requests and
*cannot* have user-mode application code loaded into it, as it does no
execution. Any exploits into this are useless.
** Private ** wrote:
The process that owns port 80 on IIS 6.0 machines is the HTTP.SYS
driver (when enabled). This is a kernel-mode driver that only
forwards requests and *cannot* have user-mode application code loaded
into it, as it does no execution. Any exploits into this are useless.
On 2/8/07, Vivec [EMAIL PROTECTED] wrote:
Do youcould you just get this down tosay...one or two paragraphs?
:)
You're saying that a key advantage of Open Source is that the user
Dude, I am so relaying everything else I have to say- er, type- thru you!
But- My god man!, you left
linux is more secure than windows because only dorks use linux..:-)
--
---
Robert Munn
www.funkymojo.com
~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2 MX7 integration create powerful
-Original Message-
From: Denstizzo [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 07, 2007 8:44 PM
To: CF-Community
Subject: Re: Why Linux is more secure than Windows
On 2/7/07, Jim Davis [EMAIL PROTECTED] wrote:
Are you proposing that the number of people who know C
-Original Message-
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 08, 2007 5:44 AM
To: CF-Community
Subject: Re: Why Linux is more secure than Windows
** Private ** wrote:
But the idea that a problem in open source software is less problematic
than
** Private ** wrote:
Bah, the source code doesn't directly tell you its secure.
But without secure source code you can not have a secure application.
To my knowledge there hasn't been any attacks against IIS, every attack
was against some specific technology that was usually found to have
-Original Message-
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
How about Code Red and Nimda?
Code Red targeted the MS Index Server, Nimba tried a few other buffer over
runs to IDC as I recall. Both things that should have been disabled by MS by
default, and disabled by any
Jochem,
Can you please explain this to me:
IIS needs to be run as a privileged user, Apache doesn't. Due to this
simple fact, IIS is inherently less secure. If Apache gets compromised,
you get the Apache account. If IIS gets compromised, you get the
server.
I don't know Apache at all.
** Private ** wrote:
From: Jochem van Dieten
How about Code Red and Nimda?
Code Red targeted the MS Index Server, Nimba tried a few other buffer over
runs to IDC as I recall.
According to MS at least Nimda was in IIS itself:
http://www.microsoft.com/technet/security/bulletin/ms00-078.mspx
** Private ** wrote:
Can you please explain this to me:
IIS needs to be run as a privileged user, Apache doesn't. Due to this
simple fact, IIS is inherently less secure. If Apache gets compromised,
you get the Apache account. If IIS gets compromised, you get the
server.
I don't know
-Original Message-
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
According to MS at least Nimda was in IIS itself:
http://www.microsoft.com/technet/security/bulletin/ms00-078.mspx
I remember getting these hits in log files, they never caused my any
problems because I didn't
He said Windows was less secure, not IIS. Let's see Apache on Linux v.
Apache on Windows and see how that looks.
On 2/6/07, Vivec wrote:
Utter and complete rubbish.
The amount of system calls in a webserver serving a static HTML page
does not indicate how vulnerable an OS is.
Plus he's
On 2/6/07, William Bowen [EMAIL PROTECTED] wrote:
I hate it when people start talking open source for enterprise
applications that require 24x7x365 because when something does go wrong,
I got nobody to call.
Told this (well, similar) to my boss the other day in a synopsis of my
response
What account does Apache start under?
The most
obvious privilege is the privilege to start processes under a
different user account.
The IIS worker process starts under it's own identity - Network Service. It's a
incoming request that starts this process. Who's starting processes under
Apache can be made to run under any account that has run as a service
privileges in Windows.
On 2/7/07, Matthew wrote:
What account does Apache start under?
The most
obvious privilege is the privilege to start processes under a
different user account.
The IIS worker process starts under
** Private ** wrote:
What account does Apache start under?
The account you configure it to start under.
The most
obvious privilege is the privilege to start processes under a
different user account.
The IIS worker process starts under it's own identity - Network
Service.
Run
, it doesn't have to run as that
account.
-Original Message-
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 07, 2007 4:00 PM
To: CF-Community
Subject: Re: Why Linux is more secure than Windows
** Private ** wrote:
What account does Apache start under
-Original Message-
From: Denstizzo [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 07, 2007 12:43 PM
To: CF-Community
Subject: Re: Why Linux is more secure than Windows
There are people you pay to administer it. Same as anything else.
We've been over this before, however
On 2/7/07, Jim Davis [EMAIL PROTECTED] wrote:
-Original Message-
From: Denstizzo [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 07, 2007 12:43 PM
To: CF-Community
Subject: Re: Why Linux is more secure than Windows
There are people you pay to administer it. Same
Do youcould you just get this down tosay...one or two paragraphs?
:)
You're saying that a key advantage of Open Source is that the user
himself can alter the code and extend functionality as he needs to.
You also mentioned the many modifications and extensions of the Apache
webserver as
This guy did a study on the subject and came up with this. What do you all
think?
http://blogs.zdnet.com/threatchaos/?p=311
--
Bruce Sorge
I'm a mawg: half man, half dog. I'm my own best friend!
~|
Upgrade to Adobe
I'd say I agree with the blogger.
On 2/6/07, Bruce Sorge [EMAIL PROTECTED] wrote:
This guy did a study on the subject and came up with this. What do you all
think?
http://blogs.zdnet.com/threatchaos/?p=311
--
Bruce Sorge
I'm a mawg: half man, half dog. I'm my own best friend!
I'd say I agree with the blogger.
+1
though the pictures hurt my eyes
~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2 MX7 integration create powerful cross-platform RIAs
Utter and complete rubbish.
The amount of system calls in a webserver serving a static HTML page
does not indicate how vulnerable an OS is.
Plus he's comparing a bare bones linux installation with IIS which has
..asp and a whole host of other services running with it.
Let's see his comparison
Who cares about LAMP, you want to compare Apples to Apples, get Tomcat
involved.
-Original Message-
From: Vivec [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 06, 2007 4:53 PM
To: CF-Community
Subject: Re: Why Linux is more secure than Windows
Utter and complete rubbish
On 2/6/07, Nick McClure [EMAIL PROTECTED] wrote:
Who cares about LAMP, you want to compare Apples to Apples, get Tomcat
involved.
Bet *nix is still better.
Anyways, the real issue is, how can I tell if IIS is secure?
Audit the source code? Oh, yeah.
Or: How about: want to make it better?
Bah, the source code doesn't directly tell you its secure.
To my knowledge there hasn't been any attacks against IIS, every attack
was against some specific technology that was usually found to have been
left open by the user.
If you have IIS doing a strait web request for HTTP with HTML that
I hate it when people start talking open source for enterprise
applications that require 24x7x365 because when something does go wrong,
I got nobody to call.
Told this (well, similar) to my boss the other day in a synopsis of my
response to a proposal to move our CF /SQLServer 2000 stuff to
41 matches
Mail list logo
