If you're going to do that, however, you shouldn't lump "linux" together into one category due to the huge diversity of distros. Unless of course you really do mean to single out "linux" (ie. the kernel) and nothing else. If that be the case your assertion surprises me.
The list would likely benefit from a source reference to these statistics that you refer to, particularly something that indicates the methodology applied... VS On Thu, 3 Jul 2003 15:39:42 -0400 "Dan Bartley" <[EMAIL PROTECTED]> wrote: > You might want to study the statistics for the past year before making > "my favorite OS" statements. Linux actually came out on top of the pile > for number of security holes, number left unfixed, number of actual > compromises and slowness in dissemination of information and fixes. > > FreeBSD came out among the best, or near, I believe. Windows was in the > middle. > > Best Regards, > > Dan Bartley > > > -----Original Message----- > From: Tim Greer [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 02, 2003 13:31 > To: Vic Parat (NSS); Chris Berry; [EMAIL PROTECTED]; > [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: Ten least secure programs > > > > ----- Original Message ----- > From: "Vic Parat (NSS)" <[EMAIL PROTECTED]> > To: "Chris Berry" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Tuesday, July 01, 2003 12:28 AM > Subject: Re: Ten least secure programs > > > > I would definitely question some of your choices (is Apache more > secure > than > > IIS?) > > Yes, very much. :-) > > > but I think top honors for "the ten least secure computer items" is an > > under qualified system administrator. > > I agree 100%. This is also why all the programs mentioned as insecure > too, > those pesky humans! > > Anyway, while I agree with you, the fact remains that the programs > themselves differ from problems, one more so than the others. Surely a > secured Windows server is more secure than a non-secured Linux server, > but > that's sort of a strange argument to make. > > This thread is about insecure programs, nothing more, nothing less. > Sometimes they are more insecure than others due to a common > configuration > error or default setting and that comes down to a lame sys admin. > Really > though, how many people are really even qualified sys admins? > > Anyway, the point being, some programs are far more exploitable, in > their > default or highly configured state, than others... when comparing them > as > default to each other, as well as configured well, to each other. Then, > comparing them. Also, mind the fact that depending on what you're > talking > about, some of them don't allow you to have the control to configure > them > and are thus insecure. > > For example, Windows only allows to much. There's a lot you can do, but > mostly a lot you can not. Whereas a Linux of FreeBSD system, you have > much > more you can do, right down into hacking the kernel however you want, > and > even if far more involved of a process and much more skills needed, it's > up > to the person and their skills to configure, hack and use their skills > to > make the server/system far more secure than say a Windows system doesn't > allow. > > Personally, I find that a default Windows set up is about as insecure as > a > default Linux set up. Both need to have a lot done, but you can do a > lot > more with a Linux system. Do most people have the time, let alone the > comprehension? Surely not, so we go back to your comment about > unqualified > sys admins. I couldn't agree more. However, two qualified sys admins > skilled in their respective areas, the Linux sys admin can do more, > unless > that Windows sys admin is privileged enough to be offered the Windows > source > code to review and modify to locate and close any potential holes. > -- > Regards, > Tim Greer [EMAIL PROTECTED] > Server administration, security, programming, consulting. > > > ------------------------------------------------------------------------ > --- > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top > analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access > in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > ------------------------------------------------------------------------ > ---- > > > > > --------------------------------------------------------------------------- > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > ---------------------------------------------------------------------------- > --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
