Re: [Full-Disclosure] RE: Linux (in)security

[Peter Busser <peter@adamantix.org>]

Hi!

> You're investing a significant amount of time into convincing us that
> linux boxes sitting on the internet (even when completely up to date and
> reasonably locked down) aren't 100% secure.
> 
> Rest easy, each and every one of us knows this.

I would certainly hope so. :-) What I try to point out (and fail to do so it
seems) is that there are relatively simple methods that can already help quite
a bit to improve secutity of a Linux box.

If you read the following URL:
http://groups.google.com/groups?selm=20030525190037%2470c6%40gated-at.bofh.it

You'll see that one box got hacked 37 times in a year. The other box 0 times.
The difference: A kernel patch called PaX.

It seems to me that not all insecurity is created equal.

> The point raised by others in this thread (which you seem to object to,
> although you haven't really responded to) is that linux (operated by a
> knowlegable user) is 'stronger' than a similar Microsoft box.

How relevant, the wooden house vs. the grass house argument. The fact that
MS-Windows is less secure does not make Linux more secure. I think it is even
counter productive. If MS-Windows was perceived as more secure than Linux,
people would spend a lot of time improving the security of Linux systems. Now
there is the idea that it is not worth the effort, because Linux is after all
secure.

Groetjes,
Peter Busser
-- 
The Adamantix Project
Taking trustworthy software out of the labs, and into the real world
http://www.adamantix.org/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html