-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I do not find your take on this to be quite accurate (though I do like your apples to applesauce analogy). While it is true that many Linux vulnerabilities stem from applications and services that are not considered 'core' to the OS, the fact that these applications are provided as part of a distribution, and are often installed by default (depending on the installation process) should be kept in mind. Also note that many Linux security holes in 'non-core' applications or services generally tend to impact or affect a great number of the distributions that are out there.
- - Brad Bemis - -----Original Message----- From: Jay D. Dyson [mailto:[EMAIL PROTECTED] Sent: Thursday, July 03, 2003 5:34 PM To: Security-Basics List Subject: RE: Ten least secure programs - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 3 Jul 2003, Dan Bartley wrote: > You might want to study the statistics for the past year before making > "my favorite OS" statements. Linux actually came out on top of the pile > for number of security holes, number left unfixed, number of actual > compromises and slowness in dissemination of information and fixes. > > FreeBSD came out among the best, or near, I believe. Windows was in the > middle. I'm afraid your claim (whether by accident or design) is highly misleading. "Linux" isn't just one product. At present there are around fifty (50) popular Linux distros supporting no less than nine (9) hardware platforms. Even by conservative estimates, that's easily over 400+ very different releases of one OS type. Consider also that the vast majority of Linux issues don't stem from the core OS, but from the various distro team's implementation of an otherwise sound product. (That is to say, a poor implementation of a third-party product doesn't mean that the product or Linux is flawed, but that particular Linux team's implementation of said product.) Given this reality, the comparison you make isn't even apples vs. oranges. It isn't even close to apples vs. watermelons. It's more like apples vs. applesauce. - - -Jay ( ( _______ )) )) .-"There's always time for a good cup of coffee"-. >====<--. C|~~|C|~~| (>----- Jay D. Dyson -- [EMAIL PROTECTED] -----<) | = |-' `--' `--' `Red meat isn't bad for you, fuzzy green meat is.' `------' - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (TreacherOS) Comment: See http://www.treachery.net/~jdyson/ for current keys. iD8DBQE/BMuNNlg1oZSC9mkRAnSHAJ9ovQGNDzJksx3H4nwwUsO38ItFOQCfZO9U IWCVWvJV0JWHdNgvFi67k0s= =A9Ox - -----END PGP SIGNATURE----- - --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm - ---------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Comment: KeyID: 0xB8F26ADD Comment: Fingerprint: 6E1C D617 CD65 A203 7FD5 4C68 90E7 39F4 B8F2 6ADD iQA/AwUBPwmcQ5DnOfS48mrdEQKZTgCgzrmJt7XTRWW9zHdWiKcz+pKRCzgAoMOn E/sa850Am5t3u5sFBjoB+uHM =GIby -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
