Slashdot Mirror
Domain: techpowerup.org
Stories and comments across the archive that link to techpowerup.org.
Comments · 38
-
Kind of like /. "Pro *NIX" people tell lies, jcr?
"Microsoft has been telling bald-faced lies about their security for at least a decade. What's different this time?" - by jcr (53032) on Friday September 21, @11:08AM (#20696607)
I see you say "Microsoft lies", well... what about you "Pro *NIX" Penguins & "bsd devils" here on slashdot?
It was hilarious in this thread also where others from the "Pro-*NIX" camp here @
----
APACHE UNPATCHED KNOWN VULNERABILITIES LIST (9%):
http://secunia.com/product/73/?task=statistics
IIS 6.x UNPATCHED KNOWN VULNERABILITIES LIST (0%):
http://secunia.com/product/1438/?task=statistics
----
Let's also move onto & take a look @ SQLServer 2005 also, shall we??
SQLServer 2005 UNPATCHED KNOWN VULNERABILITIES LIST (0%):
http://secunia.com/product/6782/
----
Let's NOT stop there either... take a peek @ Microsoft Office 2007!
Microsoft Office 2007 UNPATCHED KNOWN VULNERABILITY LIST (0%):
http://secunia.com/product/13228/
----
Given all that data (& yes, IE sux, & IE7 even needs more work in terms of security, but that is what Opera & FireFox are for imo)? It amazes me the b.s. you people here @
IE is really the LAST area/product from MS that need some work it seems/is all!
APK
P.S. => Also, see this URL where over 30++
SLASHDOT POST ABOUT "HARDENING LINUX":
http://it.slashdot.org/comments.pl?sid=267599&threshold=-1&commentsort=0&mode=thread&cid=20203061
(That's where no *NIX person here on this site @/., & other sites oriented around both LINUX &/or BSD could not do a better job on a valid multi-platform test of security (based on best practices for each OS platform than a Windows Server 2003 user could!))
The *NIX folks were challenged on this site, who stated things along the lines of:
"(Insert *NIX variant here) is more secure OR securable than Windows"
& that's when I simply challenged them to that test in CIS TOOL... not a single one exceeded my score on Windows Server 2003 fully custom hardened for security. See this image which backs my score:
http://img.techpowerup.org/070828/APK_AToutLeMonde_85.185CISToolScorePhotoProof.jpg
"CIS TOOL" (by the center for internet security) has been noted as a tool to help secure yourself by BOTH Computerworld & SANS (sites often cited here on
Here is the outline for achieving that 85.185 score on CIS TOOL, for Windows users:
http://forums.techpowerup.com/showthread.php?p=375355#post375355
It works & so much so, it tends to "silence the F.U.D." spreaders here on
Again, for all their 'talk', not a single *NIX person here beat that score, failing to "put up, or shut up". Nobody from -
It's SO right nobody on /. proves otherwiseSee this URL where over 30++
SLASHDOT POST ABOUT "HARDENING LINUX":
http://it.slashdot.org/comments.pl?sid=267599&threshold=-1&commentsort=0&mode=thread&cid=20203061
(That's where no *NIX person here on this site, & others, could do a better job on a multiplatform test of security based on best practices for each OS platform than a Windows Server 2003 user could!)
The *NIX folks were challenged on this site, who stated things along the lines of:
"(Insert *NIX variant here) is more secure OR securable than Windows"
& then, this image which backs it:
http://img.techpowerup.org/070828/APK_AToutLeMonde_85.185CISToolScorePhotoProof.jpg
Which proves the test results on a multiplatform test of security called "CIS TOOL" (by the center for internet security) which has been noted as a tool to help secure yourself by BOTH Computerworld & SANS (sites often cited here on
Here is the outline for achieving that 85.185 score on CIS TOOL, for Windows users:
http://forums.techpowerup.com/showthread.php?p=375355#post375355
It works & so much so, it tends to "silence the F.U.D." spreaders here on
Seems the only person able to do what you stated here: Now we just snicker and giggle! - by Mikkeles (698461) on Friday September 21, @10:53AM (#20696367) Is the person who made the FUD spreaders @ -
For obvious reasons? Ah, you mean THESE??"I develop a medical database that requires a server to be installed locally, for security reasons. I try to convince the hospitals to let me use Ubuntu instead of MS Windows for obvious reasons, but so far have been unsuccessful." - by hhlost (757118) on Wednesday August 29, @02:27PM (#20401951) For OBVIOUS reasons? Yea, I know what you mean!
Like how I have outright challenged *NIX heads here to surpass my score on the multiplatform test of security in CIS TOOL, & not a one has surpassed my score on it of 85.185 to date??
http://img.techpowerup.org/070828/APK_AToutLeMonde _85.185CISToolScorePhotoProof.jpg
Go for it, download & install + run CIS TOOL by the CENTER FOR INTERNET SECURITY:
http://www.cisecurity.org/bench.html
& see how secure even UBUNTU is, even with its default SeLinux kernel hook addons for MAC (mandatory access control labelling system), which is a bite off of Microsoft's ACL's no less, & users on it ran everytime I challenged them here to this test, & to surpass my score on it:
E.G.-> A THREAD ON SLASHDOT HERE ABOUT HARDENING LINUX:
http://it.slashdot.org/comments.pl?sid=267599&cid= 20203061
Every one of the *NIX folks there outright RAN!
I have heard AND OVERCOME every objection they threw my way no less!
(E.G.-> I even had to even walk a *NIX person thru how CHROOT jails can be broken out of, & they are NOT ENOUGH by themselves (because of buffer overflow impersonation privelege escalation possibilities in apps), nor is chmod/chroot work, OR IPTables + NetConfig dual homed "NAT FIREWALLING" even... they NEED to use SeLinux SOCKETS LEVEL CONTROL, as well as MAC level control of the disk/filesystem data, for "layered security")...
Folks here always say things along the lines of this:
"(Insert *NIX variant here) is more secure/securable than Windows"
And, to that? I always say this:
Put your monies where your mouths are, put up a better score than mine on this multiplatform test of security (noted no less by SANS & COMPUTERWORLD, both respected sources for security data often cited here @
That's all!
APK
P.S.=> For all that big talk, no one is willing to "walk the walk" here... & prove their *NIX setup is more secured than mine running Windows Server 2003 SP #2 fully hotfix patched! apk -
85.185/100 on CIS TOOL, photo of mark to exceed
APK CIS TOOL SCORE 85.185/100 on Windows Server 2003 SP #2 fully hotfix patched (date 08/18/2007):
http://img.techpowerup.org/070828/APK_AToutLeMonde _85.185CISToolScorePhotoProof.jpg
There you go Harik: "the score to beat"...
Above all else - Good luck!
(& I look forward to discussing the points you find on your LINUX rig (I do strongly suggest using a distro like UBUNTU/KUBUNTU though, or a BSD variant (since it is always touted as the "most secure PC *NIX" & all that))).
I say that, on using SeLinux bearing distros, mainly because SeLinux kernel hook addons for Linux comes "baked in" from the start on UBUNTU/KUBUNTU from what I understand!
So, I think it is a GOOD idea to learn it for a LINUX person, if you do not know how to use it already, & how to strengthen it beyond default policies!
All, for "layered security"!
E.G.-> By additionally supplementing IPTables use (or even NetConfig dual homed/dual nic NAT firewalled setups, nice tool in Linux by the way I have always felt this one) via SeLinux's SOCKETS LEVEL control + its MAC control of things file/folder/disk vs. using only chown/chmod/chroot for filesystems/disk level userrights control for layered security.
I.E.-> We can discuss points on its scoring you agree with, & others you do not (because I have 2-4 I am fairly certain I pass muster on, yet was 'downgraded' on... we can go into specifics on yours too in that capacity too)...
APK
P.S.=> I look forward to it, & I hope you do too as well... we can ALL learn by it is why, & for better security (especially today, in this online world of virus/spyware/malware/trojans/worms etc)... apk -
Re:Let's Compare!"Windows: Huge Security Holes
Linux: None" - by BillGatesLoveChild (1046184) on Friday August 24, @12:49AM (#20340125) ONTO SECURITY, SINCE YOU MENTIONED THAT:
"Read 'em & WEEP", Linux fiends:
---
July 2007 - Operating System Vulnerability Scorecard:
http://blogs.technet.com/security/archive/2007/08/ 16/july-2007-operating-system-vulnerability-scorec ard.aspx
AND THESE, whole year long, by category...?
WORKSTATION CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_5.png
SERVER CLASS OS VULNERABILITIES:
http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_7.png
---
Gee, that's NOT TOO DIFFERENT from what I saw @ year start for 2006 here, now is it:
National Cyber Alert System: Cyber Security Bulletin 2005 year end/2006 start Summary:
http://www.us-cert.gov/cas/bulletins/SB2005.html
---
ALL I tend to see/hear/read here @
"(Insert *NIX variant here) is more secure or securable than Windows
Well, ok: Put your money where your mouth is, back up your bluster, because talk is cheap - show me, show us, & backup your bluster!
Beat the score I am able to achieve on the multiplatform CIS TOOL benchmark gauge of security then... back up the bluster!
CIS TOOL uses tests based on best practices for the OS platform it runs on testing analogs each has between them & they do have them (such as state & configuration files ACL/MAC security, every OS has these for example)!
(& this test is noted as valid and good for helping you secure yourself, no less by COMPUTERWORLD & SANS (both cited here quite a bit on this site mind you, & thus, respected here)
Here is my score of 84.735/100 on it:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
In fact, when I challenged the *NIX crew here (especially asking for BSD & SeLinux kernel hook bearing security addons such as UBUNTU/KUBUNTU have no less) to this test?
HARDENING LINUX (of ALL places, lol, that happened here @
http://it.slashdot.org/comments.pl?sid=267599&cid= 20203061
Over 30x now, & all the LINUX PENGUINS ran, each time (bsd people too) & at a post here at slashdot called "Hardening Linux" too, lol, no less!
APK -
Yes -GETTING THE LAST LAUGH!, as per usual... apk
"Fuck off spammer, nobody wants to hear about your shitty security site." - by Anonymous Coward on Wednesday August 15, @02:47PM (#20239851)
First of all: CIS Tool is not "my shitty security site", it's a program that's been noted by SANS & COMPUTERWORLD, as legit/valid & yes, useful.
I found it INCREDIBLY useful, in helping me to secure my Windows Server 2003 SP #2 system here (above where I had it initially, around a 60.500 score, up to 76.500 iirc, later & FINALLY, to an 84.735/100 score)...
In fact, I found it SO useful?
That I did a post @ a widely travelled forums (techpowerup.com) to show Windows users HOW TO GET THE SAME SCORE & LEVEL OF SECURITY I HAVE, right here:
APK "12 step program" 4 a secure Windows NT-based OS (2000/XP/Server 2003/VISTA):
http://forums.techpowerup.com/showthread.php?s=4e8 acd2823a55216081bf694304b09df&p=375355#post375355
(What's in that thread, is FAR MORE COMPREHENSIVE than you find in most articles on "how to secure windows" by FAR... & it just works & much of its based on what CIS TOOL had me do, though it helps only SO FAR, you can figure out the rest, based on that post of mine @ techpowerup.com!)
PROOF OF MY SCORE ON CIS TOOL, a multiplatform test of security (noted by SANS & COMPUTERWORLD):
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
(& I would like to see *NIX folks' results on CIS TOOL as well (it IS multiplatform & java driven - it runs on Solaris, FreeBSD, Linux of many kinds, & yes, Windows NT-based OS'))...
A fair challenge & it is one, that EVERYONE here can learn by, in fact...
"Kudos for pretending your spam is some sort of hardcore throwdown." - by Anonymous Coward on Wednesday August 15, @02:47PM (#20239851)
No pretending @ all: Just facts... ones you can SEE/VERIFY, per my last post (parent to yours I am replying to now in fact), yourself & yes, above in THIS reply to you.
As to others here who have used various evasions in taking the CIS TOOL test?
Heh, want a list of over 27-30 of them by now??
I can produce it, with relative ease (via my bookmarks/favs)... just ask!
APK
P.S.=> Yea, "great reply" that, full of technical know-how &/or insight... not (more like an exercise in profanity)!
Ah... you're just "#31" in my list of evaders of taking the CIS Tool multiplatform test of security (by yet another *NIX user @ -
They modded you as funny? GET THE LAST LAUGH!
Truth, @ last... my reply, per your statement which I will quote, ought to interest you:
====
"Linux systems are only as secure as the admins who manage them. - by HerculesMO (693085) on Wednesday August 15, @11:04AM (#20236869)
I agree, 110% (alongside the fact that their producer/oem of said OS & wares MUST issue patches/hotfixes as needed that work too)... & by the way?
Tell THIS guy, SanityInAnarchy, an UBUNTU user, that, here:
http://slashdot.org/comments.pl?sid=264303&cid=202 35261
SanityInAnarchy refuses to use SeLinux in a layered security pattern above & beyond things I had to point him to for *NIX (chmod/chown/chroot) for MAC-ACL layered security over filesystems & userrights... as well as SeLinux providing SOCKETS LEVEL CONTROL, for layered security above & beyond IPTables usage, alone!
That's in regards to taking the multiplatform test of security, CIS TOOL:
http://www.cisecurity.org/bench.html
&, using the *NIX of his choice to beat my score of 84.735/100 on that test (proofs of most of the evasions from he (& others) I encountered is in the root of my replies there, parent to his posts, as well as my overcoming their objections):
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
Fact is, I have challenged 30++ other *NIX users here @
They ALL ran, every *NIX user I challenged to this test... every time! SanityInAnarchy, is not alone, in that regard... Again - the proof of that, via 26 or so URL's from others here, is in the root of my replies to he, & my challenge to he & THEY as well, for a record of it.
All kinds of evasions were posted, each was overcome by myself using valid proofs &/or techniques mind you...
(Still - I would LIKE to see a *NIX user WITH A STRONG SECURITY BACKGROUND & SETUP TRY THIS LEGITIMATE MULTIPLATFORM SECURITY TEST!)
Preferably/specifically, an SeLinux bearing distro, like UBUNTU, or a FreeBSD user, with a "fully config'd right via layered security setup" (in place they are confident of, & have them Install CIS Tool, JAVA runtimes from SUN (latest for it))!
Then to see them post a valid unfaked photo of their score (yes, SanityInAnarchy said he could fake a photo, lol, believe it or not), & on that CIS TOOL multiplatform, legit/valid test of security...
CIS TOOL is noted as VALID/LEGITIMATE (vs. SanityInAnarchy's MAIN OBJECTION, that CIS TOOL could be "malware" etc., & IT IS ANYTHING BUT THAT, heck - it's "antimalware" if anything) per SANS &/or COMPUTERWORLD, no less:
----
SANS NOTES CIS TOOL:
http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36
&
COMPUTER WORLD NOTES CIS TOOL and PURPOSE:
http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list
So much for SanityInAnarchy's argument this tool might be "malware", lol... it is ANYTHING BUT THAT - it tells you how to secure yourself & points out areas that may be weak!
----
(Fact is - The admins of this system in THIS thread, which got 'hacked/cracked'? Ought to use it & learn SeLinux (which SanityInAnarchy was not aware of it being in UBUNTU first of all, but also he refuses t -
"new NEWS" then...
"This in today- People wanting a secure server use Ubuntu Dapper Drake instead of Fiesty Fawn" - by daskinil (991205) on Wednesday August 15, @08:55AM (#20235231)
Ok, this just in/"new NEWS":
See this url:
http://slashdot.org/comments.pl?sid=264303&thresho ld=1&commentsort=0&mode=thread&cid=20159515
And download the multiplatform test of security by the CENTER FOR INTERNET SECURITY, noted by SANS + COMPUTERWORLD as a valid tool for benchmarking security on various *NIX derivant OS' (not all, no MacOS X or OpenBSD - noting a clear lack of development on them imo vs. other variants & yes, Win32) & Windows NT-based variants:
http://www.cisecurity.org/bench.html
& beat this score, obtained on a custom hardened-for-security build of Windows Server 2003 SP #2 fully hotfix patched (as of yesterday, "MS Patch Tuesday" & all):
84.735/100 score photo, obtained on Windows Server 2003 SP #2 fully hotfix patched:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
On the *NIX variant of YOUR CHOICE, & of "server-class build"... I would honestly like to see a photo of the score on THAT multiplatform CIS TOOL test for security, which has been noted by SANS + COMPUTERWORLD, here:
SANS NOTES CIS TOOL:
http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36
&
COMPUTER WORLD NOTES CIS TOOL and PURPOSE:
http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list
As a legitmate program for the purposes of "shoring up" holes found by it on them!
APK
P.S.=> 30 *NIX people have outright evaded that test, & gee - "I wonder why"... I overcame each of their objections thru that thread, & those listed as well (27 of them prior to that url above)... no takers (though I suspect they tried, & their *NIX derivant OS could NOT surpass my score shown above)... & about *NIX vulnerabilities, vs. Windows ones (and, that apps that ride on them)?
National Cyber Alert System: Cyber Security Bulletin 2005 Summary:
http://www.us-cert.gov/cas/bulletins/SB2005.html
A quote from it:
"There were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities."
Also, that URL & report show LINUX as having 3x as many security holes/vulnerabilities in it than Windows NT-based OS' have mind you (in year end 2005/beginning of 2006, between the OS & its apps riding on it), so, let's compare them on security & vulnerabilities on THAT note as well... apk -
Re:"STAT2", lol... round #3
"Apache, at least, enjoys quite a bit of market share [netcraft.com], and Linux is probably still at at least 20-30%, if not 50% of web servers." - by SanityInAnarchy (655584) on Monday August 13, @12:16AM (#20208255)
Apache? It's run by folks looking to spend as little as possible is why. Nothing's wrong with that though... but, that's the point.
"It may still be a smaller target than desktop Windows" - by SanityInAnarchy (655584) on Monday August 13, @12:16AM (#20208255)
It IS... Far, FAR smaller!
"but the fact that it has had close to ZERO compromises in the wild, even with a decent amount of marketshare on the server, says something about its security." - by SanityInAnarchy (655584) on Monday August 13, @12:16AM (#20208255)
'Close to zero', eh?
Well, by way of comparison??
Go to SANS, & find out what the compromises are on say, oh... SQLServer 2005 (thru its entire duration in this version no less) are.
Hint/Clue: "0"/zero/nada/none/zip vulnerabilities in SQLServer 2005 in its entire history thusfar, no less, lol... l
(Last time I looked @ least, & that was like a month ago or so)
APK
P.S.=> "Sorry, not by much. I imagine you've gotten about as many people to lock down their systems as I've gotten people to switch to Linux" - by SanityInAnarchy (655584) on Monday August 13, @12:16AM (#20208255)
From the Windows world, put it this way:
E.G. #1 -> I've gotten MORE than just a few emails from folks for HOSTS files &
E.G. #2 -> So far - Around 7,500 views on the very topic I post for Windows users in a URL, a "sticky permanent @ the top of section's page, thread" here in the URL below:
I think those are decent numbers, & they grow, daily, which is GOOD: "if you can reach just 1 person..." geometric progression, really!
(Information, for, How to in effect, get the 84.735/100 score on the multiplatform CIS Tool security test, that runs on Solaris, FreeBSD, Linux variants, & Win32), right here:
APK "12 step program" to securing a modern Windows NT-based OS (2000/XP/Server 2003/VISTA):
http://forums.techpowerup.com/showthread.php?s=611 9352099fca3907e8fc400352826c2&p=375355#post375355
AND, via the results I achieve on it:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
It appears to be a test & challenge, that EVERY *NIX fiend here avoids taking no less, 30 times now... & we ALL know why!
They simply & obviously cannot secure even their FreeBSD &/or SeLinux kernel addon hooks (for layered ACL analog security via MAC, Linux distros that have OR work with it), enough to exceed my score, much less equal it!
(Who cares though - really! I just wish to see a screenshot of someone's results with it)!
Even though each of their objections are overcome, such as yours feeling it is malware of somekind, yet SANS.ORG notes it as valid?
"This is a truly moronic statement. If there were no "Hacker/Crackers" in the world, wouldn't there also be no need for security?" - by SanityInAnarchy (655584) on Monday August 13, @12:16AM (#20208255)
Unfortunately, it is a harsh reality, & more than a few folks out there would agree, they DO DRIVE SECURITY IMPROVEMENTS! apk -
Mod me down, but first? PROVE ME WRONG, lol!
First? See my subject-line above... Then, go ESPECIALLY here:
(That's in the "hardening linux" topic today, mind you)...
http://it.slashdot.org/comments.pl?sid=267599&thre shold=1&commentsort=0&mode=thread&cid=20203061
OK?
Challenge to ANY *NIX User (FreeBSD, Linux variants, Solaris) - Beat the score I can obtain using Windows, of 84.735/100!
(It was done on a multiplatform test for security called CIS TOOL that runs on numerous *NIX's & Windows NT-based OS of modern varieties(such as what I use, Windows Server 2003 SP #2 fully custom hardened for security))
CIS TOOL has been recognized by SANS as a legitmate program, not malware etc. & that website's respected enough & often referred to in reports here @
So, instead of these "mod downs" in my posts, when I see Linux "F.U.D." great spread around, & I challenge someone to show me their "(Insert *NIX variant here) is more secure than Windows is" IS TRUE... beat my score, that's all.
APK
P.S.=> (Visible proof goes a LONG ways, such as this below)
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
apk -
Re:Overcoming your objection, TOO EASY part deux
"SANS and Computerworld are not that respected in the computer security world." - by Anonymous Coward on Sunday August 12, @03:28PM (#20204797)
WELL, "OK" if YOU say so... you must be more respected than they are as far as 'authorities on the matter' then, my fellow "A/C"!
(lol... not/whatever! Somehow, this evasion of yours does not wash here @ all, especially considering you're using it to evade posting a testscore on a multiplatform gauge of online security via the CIS TOOL)
Perhaps searching the term SANS here will yield proof, otherwise? I don't know... but, it's a decent chance that IS the case, for that, on that account!
Rotflmao... I'll tell you 1 thing though, for sure:
Apparently my score of 84.735/100 on the multiplatform CIS Tool test gauge of online security that is not 'bushwhack-ware' (ala virus/trojan/malware/spyware etc. et al), per SANS & COMPUTERWORLD:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
IS respected enough...
(So much so, that no "Penguins" or "BSD Devils" here on their *NIX rigs can beat my score pictured above, & this is the 28th time now I have heard some b.s. evasion... "Run, Forrest: RUN!!!").
Personally? I can't believe this has happened here that much, in you *NIX people evading taking this CIS Tool test, OR rather, omitting posting your scores That's what the evasions are typically like & I overcome each one, in each post, regarding CIS TOOL here (where I challenged *NIX fiends to this test, whenever posts state something along the lines of "(Insert *NIX version here) is more secure than WINDOWS" - PROVE IT THEN! Put your monies where your mouths are))... Talk's cheap... apk -
PHOTO PROOF PLEASE... & why: Thanks!
"84.736/100 on Ubuntu. whoop de dooo." - by Anonymous Coward on Sunday August 12, @11:16AM (#20203099)
Ok, but... Do you have a legitimate, unfaked photo (yes, someone in those 26 url challenges to take the CIS TOOL did insinuate he could do that) of your proof of your score?
Thanks!
Because I did state I would like that type of evidence, here (in the post that is parent to your own no less):
http://it.slashdot.org/comments.pl?sid=267599&cid= 20203061
----
"Yes, I would preferably like to see a result photo (legit/unfaked, because I had someone insinate they would or could do that here once @ this site) someone using FreeBSD or SeLinux kernel hook addon bearing distros of LINUX (Ubuntu 7.04 onwards has this 'baked in' no less, & it's pretty widely used)."
----
That I would like to see, mainly because I want to see the areas tested (analogs to ones tested in Windows NT-based OS really) & discuss the areas YOU may feel it is "in error" in (as I found in the Windows Server 2003 model of this test, where I am 99% convinced the test "erred" on me, & owes me some points (minor areas))!
PLUS, discussion of techniques you use on your *NIX variant that that test MAY NOT ACCOUNT FOR!
(Things like these, which CIS Tool does not check: For LinkSys NAT true firewalling stateful packet inspecting hardware firewalls, OR even software firewalls &/or antivirus-antispyware programs (which are useful for security, LAYERED SECURITY, today/nowadays, especially online))!
Examples from the "*NIX FIEND WORLD", thereof/such as, perhaps:
----
1.) Using NetConfig to create a NAT "firewalling" subnet for you, from a dual homed/dual NIC bearing LINUX rig
2.) Using SeLinux's SOCKETS LEVEL CONTROL above & beyond IPTables usage
3.) Using SeLINUX "MAC (mandatory access control) label based security (analog to Windows ACL's & POSIX ACL's) usage for comparison to Windows' ACL level controls on the registry & filesystems via userrights assigned, above & beyond using std. *NIX tools like chmod/chown & yes, chroot (because programmatic "impersonation" as it is called in Windows can be used to circumvent & 'break out of' chroot jails for instance)
----
(That's for some examples I'd like to discuss with *NIX fiends here, & to see "layered security" in place on a *NIX rig (like I use on Windows Server 2003 here) above & beyond what say, for example, the *NIX hardening link urls I posted in my last reply here give folks & yes, myself).
----
HOWEVER, above all else - I do have a photo proof of my score, again here, for your reference which I provide, & expect the same from you *NIX guys as well, per my quoted statement above (from myself in the posting parent to THIS one):
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
AND, here are the steps I used on Windows Server 2003 SP #2 to get that score (95% of it applies to older Windows NT-based OS' (2000/XP) too, & it can even IMPROVE VISTA'S SCORE as well, when its techniques & concepts are applied):
APK "12 step program" 4 a secure Windows NT-based OS (2000/XP/Server 2003/VISTA):
http://forums.techpowerup.com/showthread.php?s=3e7 8ea52bc119fb94a59e51abf7c47a5&p=375355#post375355
(I made that as easy of a "guide/roadmap" as possible, using tools native to Windows, so Windows users could be secure online, per the gauging done by the multiplatform test of online security, in CIS TOOL, noted by SANS no less as to its validity & intended purpose per proof of that I submitted in the post paren -
Re:Server & desktop - different levels of ridi
"However, it is completely ridiculous to ever run Windows on a server." - by pyite69 (463042) on Saturday August 11, @01:37PM (#20196457)
http://www.microsoft.com/sql/bigdata/default.mspx
There are HOW MANY COMPANIES running Microsoft Windows (of modern NT-based varieties today (2000/XP/Server 2003/VISTA) + SQLServer 2003 on that page, & doing so successfully mind you, that will tend to disagree with you?
Quite a lot!
Guys, I KNOW you guys "love your LINUX" here @
Windows of modern builds based on NT (2000/XP/Server2003/VISTA)? They're VERY securable as well, above & beyond their default configuration "out-of-the-box/oem stock"...
Really easily as well, via 12 basic simple steps anyone can use (inclusive of Windows admins, & at the DESKTOP CLIENT NODE LEVELS as well as on the server), per this guide:
http://forums.techpowerup.com/showthread.php?s=731 6c98c36e75835f964972f246c3eaf&p=375355#post375355
SCORE ON THE MULTIPLATFORM CIS TOOL (by the CENTER FOR INTERNET SECURITY) PHOTO:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
This multiplatform test runs on SOLARIS, BSD variants (sorry, no OpenBSD or MacOS X versions are available yet, but for example: FreeBSD has a version), Linux, & yes, Windows & has been noted by SANS & other notables/respectable sources, such as these:
COMPUTERWORLD:
http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list
SANS: CIS to Release Windows Configuration Assessment Tool (May 1, 2007)
http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36#sID302
(That's there for folks that have tried to "object to this program" because they did not know who "THE CENTER FOR INTERNET SECURITY" is, & attempted to say this program is "rogueware" etc. such as in the URL below):
http://slashdot.org/comments.pl?sid=264303&thresho ld=-1&commentsort=0&mode=thread&pid=20176577#20185 057
The sad part is this - I have posted the challenge to take this test (especially from SeLINUX bearing distros & users of them, & BSD variant users like FreeBSD) here @
APK
P.S.=> And, don't get me wrong: I like Linux, especially on KUbuntu 7.1, because I LIKE KDE!
(AND, with SeLinux in place + configured on it ontop of the usual methods for helping to secure Linux (chmod/chroot/chown legwork + IPTables (perhaps Packet Filtering built into Linux as well via IPChains oldschool methods (but they BOTH offer things over one another), & even NetConfig to create a "NAT" system too - plus more things I am learning about for security in LINUX that are pretty neat)!
I did that CIS Tool multiplatform test in the URL above -
Re:XP isn't that bad: DO THIS? XP = GOOD!
"It's mainly the tight integration of the browser with the OS that is/was an issue. Don't use IE and don't run executables from unknown sources and 95% of the security issues go away. SP2 is actually a pretty decent OS." - by b0s0z0ku (752509) on Wednesday August 08, @12:13PM (#20157893)
Want to make more "security issues", go away, in 12 easy steps (and, I think you'll find this article below FAR MORE COMPREHENSIVE in that URL below, than most any you've SEEN online in 1 spot for securing a Windows OS, especially online NOWADAYS):
Per my subject-line/title above, & your quoted response? No problem, take a peek @ the URL below, & exercise its suggestions:
APK 12 step program for securing Windows NT-based OS of modern varieties (2000/XP/Server 2003/VISTA):
http://forums.techpowerup.com/showthread.php?s=f34 39c6a16f6f140e10d4d6d191c34e0&p=375355#post375355
Do what's in that URL?
And, w/in 1-2 hours of your time, you'll have YEARS of uptime, more speed, & stability, AND BE FAR MORE SECURE ONLINE!
Proof?? See this photo from the multiplatform test, CIS Tool, by THE CENTER FOR INTERNET SECURITY for my resulting score of 84.735/100 possible (default setups scores on say, XP? Will be WAY lower):
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
That's as HIGH a score as I can achieve, & STILL be able to go "online" & do what's needed, & NOT get "bugged/hacked/cracked", &, IT WORKS!
How well?
Well, so much so, that everytime I have challenged the various users of various "flavors" of *NIX here @
http://slashdot.org/comments.pl?sid=254685&cid=199 85487
http://it.slashdot.org/comments.pl?sid=240571&cid= 19630923
http://slashdot.org/comments.pl?sid=240283&cid=196 31141
http://linux.slashdot.org/comments.pl?sid=240501&c id=19630965
http://it.slashdot.org/comments.pl?sid=241957&cid= 19662703
http://it.slashdot.org/comments.pl?sid=241913&cid= 19662485
http://bsd.slashdot.org/comments.pl?sid=238993&cid =19578849
http://it.slashdot.org/comments.pl?sid=243071&cid= 19690705
http://it.slashdot.org/comments.pl?sid=243071&cid= 19691091
http://slashdot.org/comments.pl?sid=240283&cid=196 22485
http://it.slashdot.org/comments.pl?sid=244821&cid= 19736881
http://it.slashdot.org/comments.pl?sid=245695&cid= -
Well, rather than spend? U CAN DO SOMETHING:
You MIGHT be right (I can see that from MS "business perspective on it", but you truly CAN secure Windows, & to such a level, even *NIX folks I challenged could not beat it)... read on, I guarantee, you'll be GLAD YOU DID (especially if you use what is in this post, from another URL I authored, on how to do so)):
"They say this now, when there is Vista to buy. It's just part of Microsofts standard strategy... Release new operating system, try and make the old one look bad." - by chatgris (735079) on Wednesday August 08, @12:18PM (#20157973)
Per my subject-line/title above, & your quoted response? No problem, take a peek @ the URL below, & exercise its suggestions:
APK 12 step program for securing Windows NT-based OS of modern varieties (2000/XP/Server 2003/VISTA):
http://forums.techpowerup.com/showthread.php?s=f34 39c6a16f6f140e10d4d6d191c34e0&p=375355#post375355
Do what's in that URL?
And, w/in 1-2 hours of your time, you'll have YEARS of uptime, more speed, & stability, AND BE FAR MORE SECURE ONLINE!
Proof?? See this photo from the multiplatform test, CIS Tool, by THE CENTER FOR INTERNET SECURITY for my resulting score of 84.735/100 possible (default setups scores on say, XP? Will be WAY lower):
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
That's as HIGH a score as I can achieve, & STILL be able to go "online" & do what's needed, & NOT get "bugged/hacked/cracked", &, IT WORKS!
How well?
Well, so much so, that everytime I have challenged the various users of various "flavors" of *NIX here @
http://slashdot.org/comments.pl?sid=254685&cid=199 85487
http://it.slashdot.org/comments.pl?sid=240571&cid= 19630923
http://slashdot.org/comments.pl?sid=240283&cid=196 31141
http://linux.slashdot.org/comments.pl?sid=240501&c id=19630965
http://it.slashdot.org/comments.pl?sid=241957&cid= 19662703
http://it.slashdot.org/comments.pl?sid=241913&cid= 19662485
http://bsd.slashdot.org/comments.pl?sid=238993&cid =19578849
http://it.slashdot.org/comments.pl?sid=243071&cid= 19690705
http://it.slashdot.org/comments.pl?sid=243071&cid= 19691091
http://slashdot.org/comments.pl?sid=240283&cid=196 22485
http://it.slashdot.org/comments.pl?sid=244821&cid= 19736881
http://it.slashdot.org/comments.pl?sid=245695 -
DON'T UNDERESTIMATE WINDOWS SECURITY... apk
As Dave Mustaine of MegaDeath said:
"A TOUT LE MONDE!"
I haven't posted on DefCon here, since last year here:
CODING FOR DEFCON:
http://it.slashdot.org/comments.pl?sid=158231&thre shold=1&commentsort=0&mode=thread&cid=13257227
BUT, this is my tiny "contribution" to your coverage of it here, this year (about security too):
"Ah, but NBC doesn't have to worry about hackers out for retaliation. What with their history of partnership with Microsoft (MSNBC) they must have the most secure computer systems on Earth." - by wytcld (179112) on Friday August 03, @08:03PM (#20109025)
Sure do, most likely, but... ONLY if their techs/admins set them up, @ the "client nodes" levels, ontop of perimiter defense protections (of course), this way, first:
APK "12 step program" 4 a secure Windows NT-based OS (2000/XP/Server 2003/VISTA)):
http://forums.techpowerup.com/showthread.php?s=e63 53d948ca02c86dee6df077d9a9d18&p=375355#post375355
AND, proof of the multi-platform CIS Tool 1.x (JAVA driven, & created by "the CENTER FOR INTERNET SECURITY") score possible, using those techniques noted above:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
I challenged several *NIX oriented sites, including folks here @
http://slashdot.org/comments.pl?sid=254685&cid=199 85487
http://it.slashdot.org/comments.pl?sid=240571&cid= 19630923
http://slashdot.org/comments.pl?sid=240283&cid=196 31141
http://linux.slashdot.org/comments.pl?sid=240501&c id=19630965
http://it.slashdot.org/comments.pl?sid=241957&cid= 19662703
http://it.slashdot.org/comments.pl?sid=241913&cid= 19662485
http://bsd.slashdot.org/comments.pl?sid=238993&cid =19578849
http://it.slashdot.org/comments.pl?sid=243071&cid= 19690705
http://it.slashdot.org/comments.pl?sid=243071&cid= 19691091
http://slashdot.org/comments.pl?sid=240283&cid=196 22485
http://it.slashdot.org/comments.pl?sid=244821&cid= 19736881
http://it.slashdot.org/comments.pl?sid=245695&cid= 19761821
http://linux.slashdot.org/comments.pl?sid=246583&c id=19779437
http://linux.slashdot.org/comments.pl?sid=252367&c id=19946243
LASTLY, & M -
Re:Security is no selling point SOME FYI 4U
"Unfortunately. XP is horribly insecure in the default configuration, and few companies have administrators that know enough to make it secure AND useable. Hence the widespread threat of trojans that companies are not even aware of." - by Opportunist (166417) on Tuesday July 31, @12:00PM (#20058601)
See this then:
http://forums.techpowerup.com/showthread.php?s=4e9 03947c5f2702d44e6171255963378&p=375355#post375355
For any/all admins that want to see a score like this one on their client-nodes in their LAN/WAN, for scores on the CIS Tool 1.x (THE CENTER FOR INTERNET SECURITIES' MULTI-PLATFORM ONLINE SECURITY TEST (which runs on BSD variants, Linux, Solaris (*NIX-s) & Win32 via JAVA)):
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
It works vs. that which you mention Opportunist, & outlines how to get that score (84.735/100) via an easy to use simple 12 step guide!
APK -
Windows doesn't have to be "insecure"
"But, I'm sick and tired of all its insecurities. All of the stupid worms and viruses that I constantly need to worry about, and the pop-ups or pop-unders that hoses Internet Explorer as well as the security of your system" - by Anonymous Coward on Friday July 27, @03:36AM (#20007227)
Be 'sick & tired', no longer:
APK "12-step program" to a secure Windows-NT based (2000/XP/Server 2003/VISTA) PC:
http://forums.techpowerup.com/showthread.php?s=6d8 691c6bb63746854de7fc655435648&p=375355#post375355
SCREENSHOT PROOF OF CIS TOOL 1.x (multi-platform security test by THE CENTER FOR INTERNET SECURITY):
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
Use that guide/roadmap in the 1st URL link listed above, & you'll get an 84.735 of 100 possible score on the Multi-Platform (runs on Solaris, Linux variants, & BSD variants (sorry, no MacOS X or OpenBSD ports yet though afaik) CIS Tool 1.x security analysis tool... that is the HIGHEST I can go, & still be online + do things I need to do!
APK
P.S.=> The guide's a BIT more "advanced" & complex than most you see online, & goes WAY farther into using the concept of "layered security" than most do as well, but it is about 1-2 hours of work for an experienced user @ most, for years of uptime, stability, extra speed, AND ABOVE ALL ELSE, security! apk -
Re:CIS TOOL 1.x MULTIPLATFORM SECURITY TEST BSD FO
LOL! Clearly, yet ANOTHER case of *NIX having LESS SOFTWARES AVAILABLE FOR IT, vs. Windows NT-based OS... nobody wants to develop for something nobody uses (apparently, because that is what this is telling me):
"Hello windbag. All you need to do is point me at the OpenBSD version of the tool. I don't see it on their web site." - by Anonymous Coward on Thursday July 26, @10:44AM (#19996529)
Windbag? Funny - aren't I the one with clear facts above in challenges I issued to the entire *NIX variant community here on this site & elsewhere:
http://slashdot.org/comments.pl?sid=254685&cid=199 85487
http://it.slashdot.org/comments.pl?sid=240571&cid= 19630923
http://slashdot.org/comments.pl?sid=240283&cid=196 31141
http://linux.slashdot.org/comments.pl?sid=240501&c id=19630965
http://it.slashdot.org/comments.pl?sid=241957&cid= 19662703
http://it.slashdot.org/comments.pl?sid=241913&cid= 19662485
http://bsd.slashdot.org/comments.pl?sid=238993&cid =19578849
http://it.slashdot.org/comments.pl?sid=243071&cid= 19690705
http://it.slashdot.org/comments.pl?sid=243071&cid= 19691091
http://slashdot.org/comments.pl?sid=240283&cid=196 22485
http://it.slashdot.org/comments.pl?sid=244821&cid= 19736881
http://it.slashdot.org/comments.pl?sid=245695&cid= 19761821
http://linux.slashdot.org/comments.pl?sid=246583&c id=19779437
http://linux.slashdot.org/comments.pl?sid=252367&c id=19946243
LASTLY, & MOST IMPORANTLY, THIS ONE (where LINUX penguins suggest testing vs. a BSD variant no less):
http://linux.sys-con.com/read/382946_f.htm
LOL, & ALL I GET HERE IS YET ANOTHER "EVASION/SPINMASTER B.S." EXCUSE OF "My little used OS doesn't even HAVE a test I can run on it, because no one develops for it!"... rotflmao!
I also provided backing photo proofs of my score:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
AND METHODS FOR WINDOWS USERS TO GET THE SAME SCORE for online security ratings as well:
http://forums.techpowerup.com/showthread.php?s=fe3 a450dc9f3055920edd0fcea17b27b&p=375355#post375355
Each time in the list of 18 url's or so, above?
I issued a CLEAR CHALLENGE, with backing facts, (and how to get my score no less for Windows folks to use) to the *NIX community here to outdo my score on a multiplatform test for online security??
ABOVE ALL ELSE - You are the one tossing names. -
CIS TOOL 1.x MULTIPLATFORM SECURITY TEST BSD FOLKS
LOL... more *NIX "big talk" about being "so secure"...
"You also forget the target demographic for OpenBSD: this is not for your Desktop, nor even for your high-load server. You can use it for that, but the niche in which it lives is firewall, NAT, transparent bridging. Places where security matters more than anything else. Sure, a bit more complex to set up, you need to work more, but this is not your moms OS." - by Corporate Troll (537873) on Thursday July 26, @04:51AM (#19993919)
Well, ok then: Take that OpenBSD setup of yours, & run this test on it:
http://www.cisecurity.org/bench.html
And see if you can beat this score on it (which was gained on Windows Server 2003 SP #2):
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
Via this "12 step program" (methods used to obtain that score on a modern Windows NT-based OS (2000/XP/Server 2003 & yes, it works on VISTA too):
http://forums.techpowerup.com/showthread.php?s=fe3 a450dc9f3055920edd0fcea17b27b&p=375355#post375355
I have repeatedly challenged *NIX people to this test, 17 times now (this will be the 18th in fact) here @
http://slashdot.org/comments.pl?sid=254685&cid=199 85487
http://it.slashdot.org/comments.pl?sid=240571&cid= 19630923
http://slashdot.org/comments.pl?sid=240283&cid=196 31141
http://linux.slashdot.org/comments.pl?sid=240501&c id=19630965
http://it.slashdot.org/comments.pl?sid=241957&cid= 19662703
http://it.slashdot.org/comments.pl?sid=241913&cid= 19662485
http://bsd.slashdot.org/comments.pl?sid=238993&cid =19578849
http://it.slashdot.org/comments.pl?sid=243071&cid= 19690705
http://it.slashdot.org/comments.pl?sid=243071&cid= 19691091
http://slashdot.org/comments.pl?sid=240283&cid=196 22485
http://it.slashdot.org/comments.pl?sid=244821&cid= 19736881
http://it.slashdot.org/comments.pl?sid=245695&cid= 19761821
http://linux.slashdot.org/comments.pl?sid=246583&c id=19779437
http://linux.slashdot.org/comments.pl?sid=252367&c id=19946243
http://linux.sys-con.com/read/382946_f.htm
Not a SINGLE *NIX user has surpassed the score I obtain using a custom-hardened setup of Windows Server 2003 SP #2 fully hotfix patched... not a one -
Re:How about pulling a Mac?
"Window's primary problem is that it is prone to viruses" - by pkphilip (6861) on Wednesday July 25, @11:08AM (#19983569)
And, you're saying that there are NO Virus/Trojan/Malware/Worms etc. et al, for Linux/BSD/MacOS X (*NIX's in general)? If so, I can show you a TON of this, as well as vulnerabilities galore in most ANY *NIX, via relatively current data if required.
I am sure you will concede that, as well as THIS point:
Since Windows based OS ARE THE MOST USED ON THE PLANET ("90%++ of the world's computers" as the commonly accepted saying goes)??
Where do you THINK the virus/malware/trojan/worm creators are going to find the GREATEST ATTACK VECTOR SURFACE AREA???
Windows, of course!
(I'd do the SAME, were Linux/MacOS X/BSD variants the MOST USED OS THERE IS!)
How can I make that statement - easy (because it is possible to futher security-harden a Windows NT-based OS (2000/XP/Server 2003, & YES, VISTA) far more, as follows & how WITH PROOF):
"So I don't fully buy your claim that windows is more secure than Linux overall." - by pkphilip (6861) on Wednesday July 25, @11:08AM (#19983569)
Well, see my last post in this thread, regarding the CIS Tool 1.x (a multi-platform test for testing AND SECURING, most ANY OS type online)... & see if you can exceed the score I obtained there of 84.735/100:
SCREENSHOT OF SCORE:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
HOW TO ACHIEVE THAT SCORE (step-by-step/12-step guide for securing modern Windows NT-based OS'):
http://forums.techpowerup.com/showthread.php?s=ff0 4f75f46a2d46c333ea33a44a8c2bb&p=375355#post375355
Between that set of steps, & NOT doing "stupid stuff" like loading ANY ware onto your rig, + practicing 'safe sex online' (lol, nerdy humor) via email etc.??
Well, doing that???
You keep "Virus/trojan/malware/worm free"...
E.G./I.E.-> I have not had anything like that happen to myself in more than 15 yrs. online now in fact, because I keep myself safe with some VERY COMMON SENSE techniques (like NOT using illegal filesharing circuits where a GOOD chunk of what is there in the way of binaries IS COMPROMISED with malware payloads, not using java/javascript/activeX controls/active scripting to just ANY website, not using IRC anymore (a haven for bad scripts infections), not opening emails from just anyone & their attachments especially, etc., PLUS, using the "12 step program" I noted above).
APK
P.S.=> ALSO - Keep in mind, those SAME "malwares" are keeping YOU, working... YOU, the network admin/engineer/tech, & IF you don't like it? Well, I am sure there are thousands to millions of Indian & Chinese folks that will GLADLY take your place in your job for you (outsourcing ring a bell)... apk -
CIS Tool 1.x shows Win can be secured *NIX!!!!!!
"But what makes you think Windows is less stable and less secure than *Nix or OSX?" - by dc29A (636871) * on Tuesday July 24, @11:08AM (#19969905)
Absolutely NOTHING man, & I am in UTTER 110% AGREEMENT with you here (& see WHY you did not get modded down, as is USUALLY the case when someone points out things that the *NIX crowd says about "*NIX security > Windows Security" etc. et al)...
Why?
Well, these 15 URL's, from here @
http://it.slashdot.org/comments.pl?sid=240571&cid= 19630923
http://slashdot.org/comments.pl?sid=240283&cid=196 31141
http://linux.slashdot.org/comments.pl?sid=240501&c id=19630965
http://it.slashdot.org/comments.pl?sid=241957&cid= 19662703
http://it.slashdot.org/comments.pl?sid=241913&cid= 19662485
http://bsd.slashdot.org/comments.pl?sid=238993&cid =19578849
http://it.slashdot.org/comments.pl?sid=243071&cid= 19690705
http://it.slashdot.org/comments.pl?sid=243071&cid= 19691091
http://slashdot.org/comments.pl?sid=240283&cid=196 22485
http://it.slashdot.org/comments.pl?sid=244821&cid= 19736881
http://it.slashdot.org/comments.pl?sid=245695&cid= 19761821
http://linux.slashdot.org/comments.pl?sid=246583&c id=19779437
http://linux.slashdot.org/comments.pl?sid=252367&c id=19946243
http://linux.sys-con.com/read/382946_f.htm
Where I outright challenged ANY *NIX type & their users to exceed this score on "THE CENTER FOR INTERNET SECURITY"'s CIS Tool 1.x multi-platform test (which actually HELPS a user secure their system online to a LARGE extent) here @ SLASHDOT numerous times (14) & a LINUX oriented site (where BSD was suggested in lieu of Linux for security no less, 1 time)...
And, to date? Either NO TAKERS to my challenge, OR outright evasions (spinmaster b.s. that I easily disproved, in other words, for those that tried to "downplay" the use of this test, which IS multi-platform & tests analogs that exist between *NIX variants & Windows, such as init files vs. registries etc.).
All this year in fact?
Not a single *NIX person challenged exceeded the score I was able to obtain on Windows Server 2003 SP #2 fully hotfix patched, though each stated something to the effect of:
"Windows IS LESS SECURE THAN (insert *NIX variant here)"
AFTER seeing those (if you wish, it is always the SAME result in them, with *NIX folks raving that Windows is less secure than Windows NT-based OS (even after both are hardened for security))...
PROOF?
See this screenshot, first:
http://i -
Re:Hrm... OK, 1 last thing! apk
"the last time I tried to set up SELinux by hand, I nearly locked myself out of my own box. So I can see the appeal of a distro where these things are set up for me." - by NickFortune (613926) on Saturday July 21, @04:15AM (#19936341)
LOL! I truly DO KNOW THAT FEELING (via experience, especially when it comes to understanding user rights to the filesystem, the registry, & yes, even services on Windows NT-based OS')... NOW though?
I use this (I authored it):
APK "12-STEP PROGRAM" ON HOW TO SECURITY HARDEN WINDOWS NT-BASED OS (2000/XP/Server 2003/VISTA):
http://forums.techpowerup.com/showthread.php?s=372 6e3ec023eb0d850496c9f82b1ac92&p=375355#post375355
SCREENSHOT OF MY SCORE ON THE MULTIPLATFORM CIS TOOL 1.x:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
(& I am certain my score is actually HIGHER than that (because the test does not account for hardware & software firewalls, antivirus/antispyware programs, etc. et al & the fact I KNOW IT MAKES 4-5 SMALL ERRORS in its analysis as well, which I can & have proven to the makers of this ware)):
Here is the screenshot of my score, to go along with the methods of hardening Windows, to show proof of the score... I have challenged BSD folks, SELinux folks, & other *NIX's as well & to date? NOT A SINGLE PERSON FROM THE *NIX CAMP HAS BEATEN MY SCORE...
"OK. Hope that answers your questions. Let me know if I missed anything and I'll see if I can help
You've been very helpful, thanks, but I wonder if you'd take that test (CIS Tool 1.x for Linux) & see if your hardened setups can exceed the score I note above on the same test...
Thanks!
APK -
History's definitely with Win32, vs. all others
"Year of the desktop? Let's see:
1994: No
1995: No
1996: No
1997: No
1998: No
1999: No
2000: No
2001: No
2002: No
2003: No
2004: No
2005: No
2006: No
2007: No (pending)
So, though I may be going out on a limb here, I'm gonna say "no" for 2008." - by nobodyman (90587) on Friday July 06, @06:53PM (#19774321)
And, I am inclined to agree with you, as history is a great indicator of the future (part of my job the past 15 years now has been to use historical data as a predicator of the future really, & it works (database coder, for lack of a better expression, professionally in that timeframe))...
The fact you illustrate, remains true, & it's always been a "Windows world", the past 15++ years now, on the PC-front from workstations/home use rigs, up to server class midrange to enterprise servers. 90% of the world's computers running Windows based OS' says it all...
Personally, if there was an OS that was as ubiquitous as Windows is (providing me greater employment opportunity based on that ubiquity & flexibility) and its body of surrounding wares that ride on it? Trust me, I'd be on it, like "white on rice"... but, that has NOT occurred, per nobodyman's rather accurate analyses.
There's a reason most folks use Windows, & the *NIX camp has tried it as well ("seize the youth, & you seize the future" via academia, & showing poor students a "FREE" OS they can use vs. Windows):
"Everything begins @ home"... so much in life does in fact.
However, vs. the *NIX attempt @ 'seize the youth & you seize the future' @ academic levels - Kids learn on Windows PC's largely, EARLY ON, & love their games (which Linux does not have as large a body of as Win32 does, & not by a LONG shot) & these same kids go thru school using them as well, & become QUITE proficient in using these machines running Windows, so they are their OWN "tech support" largely if need be and quite good @ it.
Then, those same kids eventually get out into "Corporate America" & what do they find MOSTLY? Win32 based rigs, where they are quite expert on them by that point, & already a 'trained weapon' in that regard as well, no need for retraining them exists on personal computing related notes.
So, that said? Why on earth would business' change to Linux overall/wholesale, & create retraining costs, when a watch that runs (and well, witness NASDAQ using Windows Server 2003 RC2 + SQLServer 2005 (zero/0 bugs in its entire history no less as far as secunia data on it) running NASDAQ 24x7 365 days a year @ the fabled "5-9's" - 99.999% of stability & uptime) is in place w/ Windows?
It's nice to see an alternate like Linux out there though, because my roots are from the System V days on UNIX @ the "tail end" of the 1980's/early 1990's, & Linux is close enough to where I can jump into it & use it IF needed and has KDE which I admire & like actually (but, I have yet to see that need @ work (constantly/mostly @ least), OR @ home for long periods, because Windows MORE than does the job on ALL fronts as noted from work, to play!).
As far as security online, as well? I can show you Windows can be secured SO WELL, here:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
(84.735 of 100 perfect score on CIS Tool 1.x, a multiplatform java based gauge of online security from a respected organization & my photo of my score, via 1 hour worth of work downloading & installing + running this tool, & following its guidelines for better security (it actually HELPS YOU, help yourself here, on many of its counts in its test scoring (not ALL though))
How to do it? Here (step-by-step in a fairly easy to use guide):
http://forums.techp -
Put your money where your mouth is Zombie Ryushu
"Yes, Linux is more secure than Windows. We know that." - by Zombie Ryushu (803103) on Friday July 06, @09:25AM (#19766327)
Hmmm, I know OTHERWISE!
You see, I have challenged *NIX users here @ SlashDot repeatedly in this multiplatform test, downloadable in a minute's time & installable in a minute's time as well, & to run the test takes at most, 1 minute as well!
(I would like to see Linux &/or BSD takers on this test, & MOST hopefully, I would like to see SELinux kernel hook addons for MAC (mandatory access control), which is a feature taken after Windows no less in its security, on ACL (access control lists))...
Still, 12 times now? Nobody here, or on other Linux sites has surpassed my score on CIS Tool 1.x, which is downloadable here:
Fact is, I made this challenge 12 times now on slashdot... no takers - plenty of evaders though.
E.G./To Wit:
I have achieved a CIS Tool (The Center for Internet Security) 1.x score of 84.735 of 100, here:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
& THIS IS THE ROADMAP TO ACHIEVE IT (a "how-to" guide for Windows users, since everyone ought to know this stuff today imo, especially today/nowadays):
http://forums.techpowerup.com/showthread.php?s=c8c 5745a8042c4b2d9c2f29c47ed57bd&p=375355#post375355
(CIS Tool 1.x is from the CENTER FOR INTERNET SECURITY & the tool IS multiplatform, & runs on various *NIX derivants (Linux/SELinux kernel hook addons for MAC (Windows-like ACL), Solaris, BSD variants (sorry, no MacOS X version yet, but that's just a clearcut case of MacOS X having less softwares really than Windows does))...
So, bottom-line:
All I can say is, for all the *NIX user's 'bluster' of "Windows is less secure or less securable than (insert *NIX variant here)", it's all F.U.D. & Hooey... pure b.s!
Show me otherwise!
Take your *NIX variants, & beat that score... put your monies where your MOUTHS are!
(... Yes, you can TRY to "undermine/lessen the value" of my using a std.'ized test such as this one, but if you don't beat my score on it? Well... The Linux PENGUIN imo, ought to be a chicken... & the "BSD DEVIL" runs when the Win32 Angel comes around... prove me wrong!)
If you somehow do? Great...!
I mean that, because I would like to discuss your scores + how you achieved them on your *NIX variant, & the test only takes a minute to download/install/run!
I want photo proofs thereof though (I won't accept less than photo proof as I provide, sorry)!
We can ALL grow/gain here, especially HOME USERS of both types of OS (SELinux & OpenBSD/FreeBSD are ones I'd like to see here the most though, because they are touted as the "MOST SECURE" of the *NIX genre, even from Linux folks I challenged, but did not get beaten by in terms of this test's ratings system)...
HOWEVER, like any software? I have spotted "minor errors" the test makes, & I can prove this (from a Windows stdpoint no less, based on registry data &/or use of secpol.msc where it downscores myself, perhaps you NIX nuts can find the same)
Thus, because I KNOW there are tiny errors (3-4 in this program)? I know my actual security rating's higher than my photo (84.735) too, based on that fact...
APK
P.S.=> The point is to compare & discuss this here... care to take a challenge, NIX nuts? apk -
Re:Vista==Home Entertainment System UNTRUE! apk
"Windows has never been a proper business system anyway..." - by flyingfsck (986395) on Thursday July 05, @11:08AM (#19754293)
I have to disagree with you here!
Especially regarding Windows Server 2003 SP #2 (or RC2 - the foundation code for VISTA no less) & SQLServer 2005 (which @ secunia.com, a respected website regarding security, has shown it has having ZERO/0 vulnerabilities in its entire history to DATE)... check for yourself, & see!
Also, NASDAQ (an INCREDIBLY "high tpm (transactions-per-minute)" environs has achieved the fabled "5 9's" of reliability using the combination I mention above (Windows Server 2003 & SQLServer), 365 days a year & 24x7 no less...
(Not trying to KNOCK you personally man, but it's a factoid you ought to be made aware of is all, beacuse apparently? You aren't!)
APK
P.S.=> As far as "home workstation usage"? I have achieved a CIS Tool 1.x score of 84.735 of 100, here:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
& THIS IS THE ROADMAP TO ACHIEVE IT (a "how-to" guide for Windows users, since everyone ought to know this stuff today imo, especially today/nowadays):
http://forums.techpowerup.com/showthread.php?s=c8c 5745a8042c4b2d9c2f29c47ed57bd&p=375355#post375355
(CIS Tool 1.x is from the CENTER FOR INTERNET SECURITY & the tool IS multiplatform, & runs on various *NIX derivants (Linux/SELinux kernel hook addons for MAC (Windows-like ACL), Solaris, BSD variants (sorry, no MacOS X version yet, but that's just a clearcut case of MacOS X having less softwares really than Windows does))...
Not a single taker from here @ slashdot 11x now, has beaten my score...
NOR, some Linux oriented magazine sites forums members either, have beaten that score (OR, even come close to it imo, because stock outta the box? Most any OS will score sub 20's, & I'd be willing to almost bet on that in fact, having seen unsecured Windows rigs take that test)...
So, bottom-line:
All I can say is, for all the *NIX user's 'bluster' of "Windows is less secure or less securable than (insert *NIX variant here)", it's all F.U.D. & Hooey... pure b.s!
Show me otherwise!
Take your *NIX variants, & beat that score... put your monies where your MOUTHS are!
(... Yes, you can TRY to "undermine/lessen the value" of my using a std.'ized test such as this one, but if you don't beat my score on it? Well... The Linux PENGUIN imo, ought to be a chicken... & the "BSD DEVIL" runs when the Win32 Angel comes around... prove me wrong!)
If you somehow do? Great...!
I mean that, because I would like to discuss your scores + how you achieved them on your *NIX variant, & the test only takes a minute to download/install/run!
I want photo proofs thereof though (I won't accept less than photo proof as I provide, sorry)!
We can ALL grow/gain here, especially HOME USERS of both types of OS (SELinux & OpenBSD/FreeBSD are ones I'd like to see here the most though, because they are touted as the "MOST SECURE" of the *NIX genre, even from Linux folks I challenged, but did not get beaten by in terms of this test's ratings system)...
There are "minor errors" the test makes, & I can prove this (from a Windows stdpoint no less, based on registry data &/or use of secpol.msc where it downscores myself, perhaps you NIX nuts can find the same, & it does NOT account for things like firewalls of ANY kind, or antivirus, but it is STILL a damn good test! I know my actual security rating's higher than my photo (84.735) too, based on that)...
The point is to compare & discuss this here... care to take a challenge, NIX nuts?
apk -
I will vouch for Windows Server 2003 SP#2 & wh
"The viruses are intelligently designed. I'm not vouching for Microsoft Windows." - by geoffrobinson (109879) on Tuesday July 03, @12:12PM (#19731855)
Well, I will vouch for Windows, but I will let the "center for internet security's" CIS Tool 1.x, do it for me, as far as how intelligently designed Windows IS, and how solid it can be, from an internet security standpoint - so much so, that 11x now overall, no SELinux, OR BSD users cannot beat the score I obtain on the multiplatform tool for testing securit online!"
I am vouching for Windows Server 2003 SP #2 fully hotfix patched as of this date vs. *NIX systems, & why?
Because I have posted this 10x on slashdot, & 1 other LINUX oriented site (especially directed @ SeLinux kernel hook addons for a Windows ACL-like level of security control, because Linux does NOT have that by itself, w/ out SELinux afaik):
Here goes, evidence below:
A challenge to take a multiplatform security test that runs on many a *NIX and Windows NT-based OS of modern variety (2000/XP/Server 2003) & how to get the score I did with an easy as possible roadmap in a URL below for doing so!
Run the CIS Tool 1.x, on your BSD/Linux (prefereably SELinux)/Solaris rigs, it is downloadable here:
http://www.cisecurity.org/bench.html [cisecurity.org]
And, takes minute to haul in, install, & run it in an attempt to beat my 84.735 of 100 on it (from a reputable organization, The Center for Internet Security)...
Go for it, & see if you can beat my score of 84.735 on a FULLY custom security hardened Windows Server 2003 SP #2 fully patched as of the date of this posting.
Photo evidence of my score is here:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg [techpowerup.org]
And, the same score I obtained, literally, yesterday, as well!
(After putting on the latest patches for Windows Update to my OS which I download & store here - but, nice part is? I'll never need them, because I GHOST this image once it is patched & scanned for malware/virus/trojans/rootkits etc. with the latest/greatest up to date tools for that purpose, & practice safe email practices & more like disabling potentially "deadly" things that can be exploited in browsers like ActiveX/Java &/or scripting (for sites that do NOT need it))
For Windows users' reference, all noted here & how to GET THAT SCORE:
http://forums.techpowerup.com/showthread.php?s=2aa c2d3ff16e9b8448875ee96e27d1ec&p=375355#post375355 [techpowerup.com]
(That's for the Windows users here to gain by).
Thing is - I'd like to see the *NIX users of all kinds beat that security test evaluation score for safety online & how well their systems are secured, as a more "concrete evidenece thereof" in fact, since the poster I am replying to is a "SHOW ME PERSON" (as am I)...
HOWEVER - here @ slashdot, where slogans & b.s. of ALL kinds are stated vs. Windows & Microsoft?
Well - I have challenged you ALL here repeatedly on this note 7 times now, this is the 8th here!
http://it.slashdot.org/comments.pl?sid=240571&cid= 19630923 [slashdot.org]
&
http://slashdot.org/comments.pl?sid=240283&cid=196 31141 [slashdot.org]
& -
Re:The really sad part.... NOT SO SAD: Try this!
"This is a great disservice to the whole computer industry" - by EmbeddedJanitor (597831) on Thursday June 28, @09:40PM (#19684441)
Well, ok... this isn't then - a challenge to take a multiplatform security test that runs on many a *NIX and Windows NT-based OS of modern variety (2000/XP/Server 2003) & how to get the score I did with an easy as possible roadmap in a URL below for doing so!
Run the CIS Tool 1.x, on your BSD/Linux (prefereably SELinux)/Solaris rigs, it is downloadable here:
http://www.cisecurity.org/bench.html
And, takes minute to haul in, install, & run it in an attempt to beat my 84.735 of 100 on it (from a reputable organization, The Center for Internet Security)...
Go for it, & see if you can beat my score of 84.735 on a FULLY custom security hardened Windows Server 2003 SP #2 fully patched as of the date of this posting.
Photo evidence of my score is here:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
And, the same score I obtained, literally, yesterday, as well!
(After putting on the latest patches for Windows Update to my OS which I download & store here - but, nice part is? I'll never need them, because I GHOST this image once it is patched & scanned for malware/virus/trojans/rootkits etc. with the latest/greatest up to date tools for that purpose, & practice safe email practices & more like disabling potentially "deadly" things that can be exploited in browsers like ActiveX/Java &/or scripting (for sites that do NOT need it))
For Windows users' reference, all noted here & how to GET THAT SCORE:
http://forums.techpowerup.com/showthread.php?s=2aa c2d3ff16e9b8448875ee96e27d1ec&p=375355#post375355
(That's for the Windows users here to gain by).
Thing is - I'd like to see the *NIX users of all kinds beat that security test evaluation score for safety online & how well their systems are secured, as a more "concrete evidenece thereof" in fact, since the poster I am replying to is a "SHOW ME PERSON" (as am I)...
HOWEVER - here @ slashdot, where slogans & b.s. of ALL kinds are stated vs. Windows & Microsoft?
Well - I have challenged you ALL here repeatedly on this note 7 times now, this is the 8th here!
http://it.slashdot.org/comments.pl?sid=240571&cid= 19630923
&
http://slashdot.org/comments.pl?sid=240283&cid=196 31141
&
http://linux.slashdot.org/comments.pl?sid=240501&c id=19630965
&
http://it.slashdot.org/comments.pl?sid=241957&cid= 19662703
&
http://it.slashdot.org/comments.pl?sid=241913&cid= 19662485
&
http://it.slashdot.org/comments.pl?sid=241913&cid= 19662485
& (BSD one below, no takers there either, from the "vaunted BSD most secure -
Re:Microsoft found making PR-FUD-ing research
"MY absolute favourite security falsehoods are the various ways "researches" compare one system security to anothers Such straight forward conclusions are impossible to make" - by catwh0re (540371) on Thursday June 28, @11:39PM (#19685369)
Well, ok... you have a point. Here is mine:
Run the CIS Tool 1.x, on your BSD/Linux (prefereably SELinux)/Solaris rigs, it is downloadable here:
http://www.cisecurity.org/bench.html
And, takes minute to haul in, install, & run it in an attempt to beat my 84.735 of 100 on it (from a reputable organization, The Center for Internet Security)...
Go for it, & see if you can beat my score of 84.735 on a FULLY custom security hardened Windows Server 2003 SP #2 fully patched as of the date of this posting.
Photo evidence of my score is here:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
And, the same score I obtained, literally, yesterday, as well!
(After putting on the latest patches for Windows Update to my OS which I download & store here - but, nice part is? I'll never need them, because I GHOST this image once it is patched & scanned for malware/virus/trojans/rootkits etc. with the latest/greatest up to date tools for that purpose, & practice safe email practices & more like disabling potentially "deadly" things that can be exploited in browsers like ActiveX/Java &/or scripting (for sites that do NOT need it))
For Windows users' reference, all noted here & how to GET THAT SCORE:
http://forums.techpowerup.com/showthread.php?s=2aa c2d3ff16e9b8448875ee96e27d1ec&p=375355#post375355
(That's for the Windows users here to gain by).
Thing is - I'd like to see the *NIX users of all kinds beat that security test evaluation score for safety online & how well their systems are secured, as a more "concrete evidenece thereof" in fact, since the poster I am replying to is a "SHOW ME PERSON" (as am I)...
HOWEVER - here @ slashdot, where slogans & b.s. of ALL kinds are stated vs. Windows & Microsoft?
Well - I have challenged you ALL here repeatedly on this note 7 times now, this is the 8th here!
http://it.slashdot.org/comments.pl?sid=240571&cid= 19630923
&
http://slashdot.org/comments.pl?sid=240283&cid=196 31141
&
http://linux.slashdot.org/comments.pl?sid=240501&c id=19630965
&
http://it.slashdot.org/comments.pl?sid=241957&cid= 19662703
&
http://it.slashdot.org/comments.pl?sid=241913&cid= 19662485
&
http://it.slashdot.org/comments.pl?sid=241913&cid= 19662485
& (BSD one below, no takers there either, from the "vaunted BSD most secure allegedly NIX there is upon suggestion by Linux users in the URL below it) -
Re:PUT YOUR MONIES WHERE YOUR MOUTHS ARE
As per usual, nobody from the *NIX world is exceeding the CIS Tool 1.x (by the center for internet security) score I had in my posts above here about how to secure Windows 2000/XP/Server 2003/VISTA (how-to, here):
http://forums.techpowerup.com/showthread.php?s=378 52b3b0b2148fe282a73c1e688efc1&p=375355#post375355
And the photo evidence of said score:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
Why is that? The CIS Tool 1.x test only takes like 1 minute to download AND run... no, I think for all the b.s. here I see about "Linux/BSD > Windows" in most all things, is just that: B.S.!
All anyone ever hears @ slashdot is things along the lines of"
"Windows is less secure than (insert *NIX variant here)"
HOWEVER, when it comes to the chips being on the table, and putting your money where your mouth is, and in this case, on a test of your online security developed by a reputable organization?
No takers!
(OR most likely rather, there are takers, but nobody beating that security level score of 84.735 on The Center for Internet Security's CIS Tool 1.x, downloadable here for Solaris, BSD, Linux, & Windows -> http://www.cisecurity.org/bench.html )
"My point is this: my coworker had her brand new vista laptop owned to the point of explorer repeatedly crashing on bootup after just two days of websurfing!" - by DocSavage64109 (799754) on Wednesday June 27, @10:46AM (#19662985)
Hey, Doc... 1 last thing about that point of yours though: Do you honestly think that a user that does not know what they are doing is limited STRICTLY to Windows based OS'? Do you HONESTLY think it could not be done to a Linux or BSD user as well??
Come on!
(I.E.-> That something like that, or like it, cannot happen on Linux/BSD/Solaris, etc. et al?)
Beg to differ, if you do...
APK
P.S.=> Thanks for the 6th or 7th time now of you *NIX guys, for ALL of your big talk, not showing me your systems score as more secure than Windows can be online... most people are "show me" people, and you are not satisfying that requirement from they... nuff said! apk -
PUT YOUR MONIES WHERE YOUR MOUTHS ARE
"I am not convinced, next please Mr Jones." - by b1ufox (987621) on Wednesday June 27, @08:44AM (#19661667)
I don't work for Microsoft (though I have been interviewed by they, & they came to me, not I to they):
Will a test, head-to-head, *NIX vs. Windows Server 2003 SP #2 fully patched, convince you? Try this, the CIS Tool 1.x, & see if you can beat my score of 84.735 on it (with you guys using SELinux or BSD variants even vs. my setup, since this test is "multi-platform" & runs across BSD variants, Solaris, Linux variants, & yes, Windows variants)):
http://www.cisecurity.org/bench.html
I think for all the *NIX 'braggadocio' of "Windows is less secure than (insert *NIX variant here)" I see/hear online? No one is willing to put their money where their mouth is, and I have made challenge, but with reason - so we ALL learn by it.
(In essence, in a Windows-based OS, like any other? To get security, you have to work @ it. In Windows 2000/XP/Server 2003/VISTA, you have to do these "12 steps", about 1 hour of an experienced user's time):
http://forums.techpowerup.com/showthread.php?s=378 52b3b0b2148fe282a73c1e688efc1&p=375355#post375355
To get this score (on the multi-platform CIS Tool 1.x test, by the "center for internet security"):
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
An 84.735 score on it...
Secured operations online, on Windows no less, is quite easily doable (& to levels that FAR EXCEED VISTA, with just a wee bit of work, and plenty to gain/learn!)
I wish some folks from the *NIX world would take this challenge, & possibly exceed my score (since the "control method" in the test? IS THE CIS TOOL 1.x TEST ITSELF, & download url's links for it are inside the 1st url noted above!)
If they could do that? I would ask how & where they did not fail things on that test, & attempt to emulate them on Windows, getting an even HIGHER score (and, still be able to go online & do things of course).
We'd ALL gain & grow by it, but, unfortunately/again - no takers to my challenge! Perhaps the Linux mascot ought to be a chicken, instead of a penguin, eh?
LOL! Take that as a "good natured rib", because I really WISH we had Os' like today, 10-15 years ago, & I respect what Linux REALLY is: A 'socio-cultural technological phenomenon' that is a decent OS, created mostly by freely donated time, from a lot of talented people!
(The nice part is, it IS possible you guys CAN beat my score on this tool, because it literally HELPS YOU TO DO SO, but it is NOT "perfect" & definitely makes some errors imo & yes, I can prove it, & it does not account for things like hardware "NAT" (or true stateful inspection type) firewalling routers for instance, but it IS the BEST overall multiplatform test I could find @ least, from a reputable organization!)
APK
P.S.=> I wonder if anyone from the Linux (especially SELinux bearing distros), or BSD variants camps can get a better score on that test, than that...
In fact, I have repeatedly challenged anyone who uses those OS' to do so, here @ this site:
http://it.slashdot.org/comments.pl?sid=237507&thre shold=-1&commentsort=0&mode=thread&cid=19408273
&
http://it.slashdot.org/comments.pl?sid=240571&cid= 19630923
&
http://slashdot -
Re:Odd...
"On the contrary, I'd expect it to be one of the best jobs ever; you don't have to do anything." - by MadUndergrad (950779) on Wednesday June 27, @02:14AM (#19659761)
Well, not nothing, but then, not much either... to make Windows 2000/XP/Server 2003/VISTA, VERY secure online!
(In essence, you have to do these "12 steps", about 1 hour of an experienced user's time):
http://forums.techpowerup.com/showthread.php?s=378 52b3b0b2148fe282a73c1e688efc1&p=375355#post375355
To get this score (on the multi-platform CIS Tool 1.x test, by the "center for internet security"):
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
An 84.735 score on it...
Secured operations online, on Windows no less, is quite easily doable (& to levels that FAR EXCEED VISTA, with just a wee bit of work, and plenty to gain/learn!)
I wish some folks from the *NIX world would take this challenge, & possibly exceed my score (since the "control method" in the test? IS THE CIS TOOL 1.x TEST ITSELF, & download url's links for it are inside the 1st url noted above!)
If they could do that? I would ask how & where they did not fail things on that test, & attempt to emulate them on Windows, getting an even HIGHER score (and, still be able to go online & do things of course).
We'd ALL gain & grow by it, but, unfortunately/again - no takers to my challenge! Perhaps the Linux mascot ought to be a chicken, instead of a penguin, eh?
LOL!
APK
P.S.=> I wonder if anyone from the Linux (especially SELinux bearing distros), or BSD variants camps can get a better score on that test, than that...
In fact, I have repeatedly challenged anyone who uses those OS' to do so, here @ this site:
http://it.slashdot.org/comments.pl?sid=237507&thre shold=-1&commentsort=0&mode=thread&cid=19408273
&
http://it.slashdot.org/comments.pl?sid=240571&cid= 19630923
&
http://slashdot.org/comments.pl?sid=240283&cid=196 31141
&
http://linux.slashdot.org/comments.pl?sid=240501&c id=19630965
(and, more from slashdot, especially the PC-BSD one that had an article from arstechnica as its base, because Linux users @ the URL below repeatedly suggested things like "if you want security, go BSD" etc. et al!)
And here, elsewhere on Linux sites:
http://linux.sys-con.com/read/382946_f.htm
(See comments #82, #81, #77, #76, #73, #69, #63, #62, #61, #58, #21, #11, #9, #8 there for my repeated challenges to 100's of viewers from the Linux world, yet no takers (or rather, no one challenged that met or exceeded my score & instead, they suggested BSD variants))...
Yet, & to date? No takers!
(Or rather, no one that outdid my score, that is (because I do suspect those that I challenged DID try, & the Linux folks ended up suggesting BSD, yet no one from the "penguin world" (or "bsd devils") could exceed that score I obtained on it))
For all the "(INSERT *NIX VARIANT HERE) is more secure than Windows" b.s. slogans online?
Nobody from that world is willing to try a test that runs on BSD (sorry, no MacOS X version available, a case of there being less software for Macs than there is for W -
Vista/Windows Server 2003 SP #2/XP CAN be secured!
"Vista is not considered suitable, the cost is huge per seat, and they figure that as long as they are retraining the workforce to use something, it might as well be something that is cheaper, more secure, and more reliable." - by NeverVotedBush (1041088) on Sunday June 24, @12:24AM (#19625447)
For reliability?
See my subject line, and some data about Windows Server 2003 & SQLServer 2005 (history of 0 vulnerabilities so far @ SECUNIA.COM for its ENTIRE lifetime now) & they run NASDAQ 24x7, 365 days a year, stable as titanium steel/solid as a rock (with the fabled "5 9's" of reliability 99.999 uptime).
For security??
See this data (it takes some doing, 1 hour of work tops for experienced users & a bit more for those less experienced, but an excuse to be MORE experienced in the doing of it, if they want to learn: Want to get a job done RIGHT? Do it, yourself, in other words), & it can be applied to ANY Windows OS of modern variety (2000 even, & XP too, in the majority of its points):
http://forums.techpowerup.com/showthread.php?p=365 996#post365996
& the score it gains on CIS Tool 1.x:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
It can & DOES far surpass VISTA's score "oem/out-of-the-box-stock" as it is setup by MS, & yes, even patched... with about 1 hour's worth of work on an experienced user's part!
Even Linux folks agreed with me (god forbid, lol), that my 14 points for securing Windows (has one small omission, the use of regedit.exe, part of CIS Tool's suggestions) works, here:
http://linux.sys-con.com/read/382946_f.htm
And, when I challenged ANYONE there to exceed my score using CIS Tool 1.x (84.735)!
It appears that nobody tried to (or possibly they did, but could not. I say that, because many suggested BSD instead. So, that said? I posted in the BSD post there the other day (PC-BSD related, here @ slashdot, by arstechnica news reporters)!
Yet again, the same challenge to slashdotters - NO takers, again! Evasions? POSSIBLY!
- or, possibly they don't care about security online!
(OR, that my post was buried in the deluge of posts here @ slashdot (imo @ least, the boards here are difficult to see all users points/posts imo, the only weakness here: The posters that come here though, like Bruce Perens, John Carmack (& others I RESPECT IMMENSELY for their accomplishments though)))
Anyhow/anyways - nobody taking my challenge or beating my score from the *NIX world on a test that runs on ALL platforms (thus, it is the "scientific method of control", the same test on all systems OS types this tool runs on)?
This only shows myself, & the planet, that all this "Windows is less secure than *NIX" is pure b.s., & all of them (yes, even BSD derivants like MacOS X etc. et al) out of the box stock, have holes or room for improvements (especially in terms of security & holes/vulnerabilities).
Still, anyone care to download & try CIS Tool 1.x (from the CENTER FOR INTERNET SECURITY), & exceed my score in the graphic above (84.735) from the *NIX world?
Here is its download (it is MULTI-PLATFORM, & runs on BSD (no MacOS X version though sorry), Linux, Solaris, & Windows):
http://www.cisecurity.org/index.html
Go for it, & good luck!
(I hope you *NIX (or windows guys too) CAN exceed my score, because I will ask how, & attempt to emulate this on Windows Server 2003 SP #2 fully patched, to get even stronger IF it is doable... &, we ALL can learn/grow & GAIN by such a test!)
Thanks!
APK
P.S.=> I can be reached @ apk4776239@hotmai -
Windows is as secure (or more) than SELinux or BSD
Check this out:
http://forums.techpowerup.com/showthread.php?p=365 996#post365996
& the score it gains on CIS Tool 1.x:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
It can & DOES far surpass VISTA's score "oem/out-of-the-box-stock" as it is setup by MS, & yes, even patched... with about 1 hour's worth of work on an experienced user's part!
Even Linux folks agreed with me (god forbid, lol), that my 14 points for securing Windows (has one small omission, the use of regedit.exe, part of CIS Tool's suggestions) works, here:
http://linux.sys-con.com/read/382946_f.htm
And, when I challenged ANYONE there to exceed my score using CIS Tool 1.x (84.735)!
It appears that nobody tried to (or possibly they did, but could not. I say that, because many suggested BSD instead. So, that said? I posted in the BSD post there the other day (PC-BSD related, here @ slashdot, by arstechnica news reporters)!
Yet again, the same challenge to slashdotters - NO takers, again! Evasions? POSSIBLY!
- or, possibly they don't care about security online!
(OR, that my post was buried in the deluge of posts here @ slashdot (imo @ least, the boards here are difficult to see all users points/posts imo, the only weakness here: The posters that come here though, like Bruce Perens, John Carmack (& others I RESPECT IMMENSELY for their accomplishments though)))
Anyhow/anyways - nobody taking my challenge or beating my score from the *NIX world on a test that runs on ALL platforms (thus, it is the "scientific method of control", the same test on all systems OS types this tool runs on)?
This only shows myself, & the planet, that all this "Windows is less secure than *NIX" is pure b.s., & all of them (yes, even BSD derivants like MacOS X etc. et al) out of the box stock, have holes or room for improvements (especially in terms of security & holes/vulnerabilities).
Still, anyone care to download & try CIS Tool 1.x (from the CENTER FOR INTERNET SECURITY), & exceed my score in the graphic above (84.735) from the *NIX world?
Here is its download (it is MULTI-PLATFORM, & runs on BSD (no MacOS X version though sorry), Linux, Solaris, & Windows):
http://www.cisecurity.org/index.html
Go for it, & good luck!
(I hope you *NIX (or windows guys too) CAN exceed my score, because I will ask how, & attempt to emulate this on Windows Server 2003 SP #2 fully patched, to get even stronger IF it is doable... &, we ALL can learn/grow & GAIN by such a test!)
Thanks!
APK
P.S.=> I can be reached @ apk4776239@hotmail.com in regards to your scores, if you do not have the ability to post your CIS Tool 1.x score on the web, & we can discuss your scores... everyone gains this way! apk -
IMPROVE WINDOWS SECURITY - PAST VISTA!
"The security aspect of things really hasn't changed much" - by Runefox (905204) on Saturday June 23, @11:36AM (#19620095)
Check this out:
http://forums.techpowerup.com/showthread.php?p=365 996#post365996
& the score it gains on CIS Tool 1.x:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
It can & DOES far surpass VISTA's score "oem/out-of-the-box-stock" as it is setup by MS, & yes, even patched... with about 1 hour's worth of work on an experienced user's part!
Even Linux folks agreed with me (god forbid, lol), that my 14 points for securing Windows (has one small omission, the use of regedit.exe, part of CIS Tool's suggestions) works, here:
http://linux.sys-con.com/read/382946_f.htm
And, when I challenged ANYONE there to exceed my score using CIS Tool 1.x (84.735)!
It appears that nobody tried to (or possibly they did, but could not. I say that, because many suggested BSD instead. So, that said? I posted in the BSD post there the other day (PC-BSD related, here @ slashdot, by arstechnica news reporters)!
Yet again, the same challenge to slashdotters - NO takers, again! Evasions? POSSIBLY!
- or, possibly they don't care about security online!
(OR, that my post was buried in the deluge of posts here @ slashdot (imo @ least, the boards here are difficult to see all users points/posts imo, the only weakness here: The posters that come here though, like Bruce Perens, John Carmack (& others I RESPECT IMMENSELY for their accomplishments though)))
Anyhow/anyways - nobody taking my challenge or beating my score from the *NIX world on a test that runs on ALL platforms (thus, it is the "scientific method of control", the same test on all systems OS types this tool runs on)?
This only shows myself, & the planet, that all this "Windows is less secure than *NIX" is pure b.s., & all of them (yes, even BSD derivants like MacOS X etc. et al) out of the box stock, have holes or room for improvements (especially in terms of security & holes/vulnerabilities).
Still, anyone care to download & try CIS Tool 1.x (from the CENTER FOR INTERNET SECURITY), & exceed my score in the graphic above (84.735) from the *NIX world?
Here is its download (it is MULTI-PLATFORM, & runs on BSD (no MacOS X version though sorry), Linux, Solaris, & Windows):
http://www.cisecurity.org/index.html
Go for it, & good luck!
(I hope you *NIX (or windows guys too) CAN exceed my score, because I will ask how, & attempt to emulate this on Windows Server 2003 SP #2 fully patched, to get even stronger IF it is doable... &, we ALL can learn/grow & GAIN by such a test!)
Thanks!
APK
P.S.=> I can be reached @ apk4776239@hotmail.com in regards to your scores, if you do not have the ability to post your CIS Tool 1.x score & we can discuss your scores... everyone gains this way! apk -
Care to compare CIS Tool 1.x scores anyone?
http://forums.techpowerup.com/showthread.php?s=e4
d 36eb2396773f558df8271fadcadf5&p=365996#post365996
That's a post showing an 84.735 score, using CIS Tool 1.x (highest I can get as of today) & methods I outline to achieve it, for Windows 2000/XP/Server 2003/VISTA users:
http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg
That result was done using a tool I know of that runs across multiple platforms for a test of security online in CIS Tool 1.x (center for internet security)!
CIS Tool:
http://www.cisecurity.org/index.html
(& this test is the "scientific control method" in that it is the SAME test used across diff. OS/hardware platforms here)
CIS Tool runs on Linux, BSD (no MacOS X though), Solaris etc. et al (various *NIX variants), & Windows. Java runtimes are required (they were recently updated mind you, by SUN Microsystems).
Thing is, I have freely challenged Linux folks to run that test here & beat the score I had, shown above, here:
http://linux.sys-con.com/read/382946_f.htm
No takers, or rather, no respondents with scores exceeding mine on Windows Server 2003 SP #2 fully patched as of the date of the test I took it & yes, today.
They did suggest BSD - so I posted in regards to testing BSD vs. my score here, at slashdot:
http://bsd.slashdot.org/comments.pl?sid=238993&cid =19578849
Again, no takers (could be here though, it was buried too deep, slashdot's replies/forums system is way odd imo, by comparison to boards like this one imo, not as clean/easy to use/etc.).
Still, even from the "BSD" family (which is often noted to be the MOST SECURE UNIX etc., even by Linux folks (see the LINUX.SYS-CON.COM url above)), no takers.
All I know is this - I hear a lot of "Windows is insecure & (insert UNIX variant here) is more secure" etc.
Nobody from the *NIX world has ever done so when I have asked them to try it @ least!
(& the test is sort of nerdy fun, you learn from it too, because it aids in securing yourself online).
And, the 14 points in the 1st URL above? For Windows NT-based OS like 2000/XP/Server 2003, & YES, VISTA??
They work!
(... & even *NIX folks agree many times they do)
I would like to see your scores here in fact, & IF you can exceed my score? We can all learn by it, & grow, as well as have a healthy competition in doing so!
Thanks! Any takers??
APK -
Re:100%?
"You are invited to take a drink from the Firehose" - well, so much for that! I saw that in my Opera screen today, & decided to post this version of it here on
http://it.slashdot.org/comments.pl?sid=237507&cid= 19410153
So, I took the invite, & I posted the content in this thread, for feedback from other Win32 NT-based OS users here in the "FIREHOSE" section!
Just to hopefully get critique on points I may have missed OR am inaccurate on in whatever regards is what I was after (OR just points I missed outright, that increase layered security)
I was also looking for feedback from the Linux/BSD/MacOS X/UNIX crew around here, & for techniques they might use that I could adapt to a Windows NT-based OS environs (2000/XP/Server 2003/VISTA).
I guess it did not "make-the-grade" here!
Oh well, you can't "win 'em all", & please everyone!
APK
P.S.=> Too bad!
So, it looks like you telling me to "please just die" is exactly what happened to this thread, as far as it being put up for others to use/learn from, OR to have more added to it!
(You see, I feel it would have gotten stronger, & mainly, because I know there are some sharp people in this area that attend this site (& their feedback would have only made the material in it stronger in the end)).
That all said & aside? Well, it appears that YOU, A/C, get the "last laugh" then, I suppose!
(Congratulations A/C that told me to "just die", & I hope it makes your day!)...
Still: Life goes on though!
Time to go get an oil change for my ride:
http://img.techpowerup.org/061213/APKTiburonGTV6Ph oto1596.jpg
&
http://img.techpowerup.org/061213/APKTiburonGTV6Ph oto2.jpg
(Doing a FULL synthetic-oil changeover today, from the std. stuff - Mobil 1 15,000 mile grade & a Purolator Pure1 filter (accept NO substitutes!))! apk -
Re:100%?
"You are invited to take a drink from the Firehose" - well, so much for that! I saw that in my Opera screen today, & decided to post this version of it here on
http://it.slashdot.org/comments.pl?sid=237507&cid= 19410153
So, I took the invite, & I posted the content in this thread, for feedback from other Win32 NT-based OS users here in the "FIREHOSE" section!
Just to hopefully get critique on points I may have missed OR am inaccurate on in whatever regards is what I was after (OR just points I missed outright, that increase layered security)
I was also looking for feedback from the Linux/BSD/MacOS X/UNIX crew around here, & for techniques they might use that I could adapt to a Windows NT-based OS environs (2000/XP/Server 2003/VISTA).
I guess it did not "make-the-grade" here!
Oh well, you can't "win 'em all", & please everyone!
APK
P.S.=> Too bad!
So, it looks like you telling me to "please just die" is exactly what happened to this thread, as far as it being put up for others to use/learn from, OR to have more added to it!
(You see, I feel it would have gotten stronger, & mainly, because I know there are some sharp people in this area that attend this site (& their feedback would have only made the material in it stronger in the end)).
That all said & aside? Well, it appears that YOU, A/C, get the "last laugh" then, I suppose!
(Congratulations A/C that told me to "just die", & I hope it makes your day!)...
Still: Life goes on though!
Time to go get an oil change for my ride:
http://img.techpowerup.org/061213/APKTiburonGTV6Ph oto1596.jpg
&
http://img.techpowerup.org/061213/APKTiburonGTV6Ph oto2.jpg
(Doing a FULL synthetic-oil changeover today, from the std. stuff - Mobil 1 15,000 mile grade & a Purolator Pure1 filter (accept NO substitutes!))! apk
