On Thu, Feb 10, 2005 at 11:14:33PM -0600, Analabha Roy wrote: | Sorry abt that, the link I wanted to include was: | | http://www.ph.utexas.edu/~daneel/crap/ | | This was supposed to be on a "patched" windoze box.
Sorry, but this is not `proof' that `Windows has serious misfeatures and bugs related to security'. This is the output of a security scanner and it could very well be wrong. (Scanners have been known to make mistakes before.) The page that the scanner output lists about the `serious' (general/tcp) hole says it's been fixed for quite some time, and the fix is even in the latest service packs (no idea which Windows this box is running, though my guess is that it's 2000 instead of XP.) And if the fix isn't installed, that's not Microsoft's fault -- it's the admin's fault. (Unless the installer somehow reports that it's installed when it's not, which seems unlikely.) And then the other security problems that the scanner found are pretty common and mundane -- when you put a server on the Internet, you need to open some ports or it doesn't do any serving. This is true for Windows, *nix, VMS, AS/400, whatever. If this box only serves a few purposes, it would make sense to disable or block everything else, but it doesn't look like the admin has done so. The bit about a null session seems pretty serious, but the scanner thinks it's minor. Hopefully all the `real' services require a login and password. XP's SP2 actually does go a long way towards securing Windows. It whines very loudly if you don't use it's firewall and some sort of virus scanner. Since Windows users rarely turn off unused services, blocking most inbound ports by default is a very good thing. And since they tend to click on anything sent via email or they see on the Internet (elf_bowling.exe? wow! click!) virus and malware checkers are very good too. In any event, I'm sure if I tried hard enough, I could find a scanner (I doubt SATAN is maintained any more, and I haven't really kept up with what's come since) and find a Linux box somewhere that the scanner found a hole in. And then I could ask the admin if the box has all it's patches. If he said `yes', that would NOT mean that Linux is insecure. Linux and other *nix OSs have had their share of security holes, both locally and remotely exploitable, for as long as these OSs have existed. If you really want to declare security to be the most important thing, you ought to be pushing OpenBSD rather than Linux -- and even OpenBSD isn't perfect. It's very odd when I find myself defending Microsoft and Windows, but you really are making wild accusations and not really providing any sort of proof. Which will be difficult to provide, because many of your statements are flat out wrong. Yes, I believe that Linux (or most of the other modern *nix's) is more secure than modern Windows. But the difference is not as huge as you make it sound, and many of Window's problems are more the result of it's users than Windows itself. And Linux (and the other *nix's) has certainly had it's share of vulnerabilities over the years. And both Windows and Linux are getting better (with Windows getting better at a faster rate, because it has more to improve.) If you want to convince the administration to switch from Windows to *nix, you'll need to be a lot more convincing. You'll also need to talk about a lot more than security -- people tend to not care about security that much. Talk about the dollar savings in support and licensing costs -- THAT is the language that they will understand. And *nothing* will be more convicing than whitepapers written by other administrators (paper-pushers -- i.e. their peers) at other universities about how they switched to Linux (or Solaris, FreeBSD, etc.) and how it saved them x% in their budget and increased productivity by y% and how joy-joy feelings increased by z%. Since you've found a computer that supposedly has security holes, have you contacted the admin? You should, and let him know if you haven't already. | > > > | (3) Windows has serious misfeatures and bugs related to security. | > > > | > > > To be fair, you've made some assertions here and not backed them up | > > > with any facts whatsoever. Granted, your audience probably doesn't | > > > need them all explained, but even so, some examples are required. | > | > You want proof?Here is your proof > (The system I scanned was supposed | > to be "patched"). -- Doug McLaren, [EMAIL PROTECTED] Windows and Linux both suck. The difference is that Linux sucks twice as fast and six times more reliably. _______________________________________________ Siglinux mailing list Siglinux@utacm.org http://www.utacm.org:81/mailman/listinfo/siglinux
