On 5 Oct 2006 at 20:10, Wayne Johnson wrote:
> At 06:28 PM 10/5/2006, Andy Medina typed:
> >I guess there are some *nix admins that have better things to do
> >than patch servers... :D
>
> Thank You for posting this & OBTW there is a security issue with
> Apple Wireless Networking & Airports [sorry I don't have the URL
> handy] & I wonder how many NIX & Apple users believe that they are
> immune or super safe ?
Well, first, let's not pull the usual windows-security-discussion-trick
and compare client-windows systems with Unix *server* systems. Running
*any* sort of server is a VERY difficult matter. 0-Day exploits are
common, compromised systems generally can't be saved at all [none of this
"run the removal tool" stuff], often there's virtually *no* way even to
tell that the system has been compromised[*], new vulnerabilities in one
service or another show up with annoying regularity.
[*] Sometimes it is scary: you monitor your LAN and you can see
anomalous traffic, so you know you have a problem... but it can be
hard just to figure out *which*system* has been compromised, much
less what has been done to it.
Second, regardless of what you [or they] "believe" about their systems,
the ordinary Unix or OS-X setup *IS* a lot more secure than any windows
system run as administrator, no matter how many layers of snakeoil you
wrap around yourself. "immune" -- of course not. *nothing* is immune.
If only security were as easy as figuring out the 'magic bullet' to be
immune from all threats..... I'm not even sure 'super safe' is
appropriate. But compared to running windows as administrator, they are
certainly a LOT more safe.
What's depressing to think about [although it'll likely never actually
happen ever in the windows world because of a preponderance of folk who
view security in much the way Wayne does] is that client windows could be
*MUCH*MORE* secure than any desktop unix system could dream of. With
further compartmentalization of file and OS access [using ACLs to tightly
control which things can do what] and the careful tweaking of policies,
setting up of more internal groups, etc, XP could be a virtually
impenetrable desktop system.
/Bernie\
--
Bernie Cosell Fantasy Farm Fibers
mailto:[EMAIL PROTECTED] Pearisburg, VA
--> Too many people, too few sheep <--
--
----------------------------------------
To unsubscribe, mailto: [EMAIL PROTECTED]
Is your picture included in the Official Win-Home List Members Profiles Page?
http://www.besteffort.com/winhome/Profiles.html
If not, write to: [EMAIL PROTECTED]
