Slashdot Mirror

← Back to Stories (view on slashdot.org)

Don't Forget That Worms Happen Everywhere

Posted by CmdrTaco on from the stuff-to-think-about dept.

friday2k writes "Securityfocus has a nice column on Worms and their origin in 1988. It explains what everybody should never forget. We have dealt with *NIX worms (Sadmind, li0n, ...) and they will come back again. Maybe then the MS fanatics will laugh and say: didn't we always tell you Open Source is insecure (too?) ..."

1 of 391 comments (clear)

  1. NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO! by leonbrooks · · Score: 4, Informative
    No matter what OS you are supporting and using if you as an Admin dont have the proper service packs and updates installed then your OS will be a victim sooner or later.

    "Sooner or later" is effectively a LIE because whether it's sooner or it's later makes a huge difference in securityville. You're also ignoring the ``quality'' of the intrusion (such as carte blanche versus mere DoS).

    Me for later, much later. While I could do even better, I use Mandrake 8.0 for production work. It's a bit bleeding edge in some ways - and I pay for that - but it comes with two massive advantages over many Linux distros: it installs reasonably securely unless you tell it not to (warns you when you install world-visible services and if you choose a "high security" install even disables those), and it can automagically update itself. Debian users in particular have long had these comforts.

    All Linuces have at least five huge additional advantages over Windows:

    1. There are significantly less holes to start with, because (among other reasons) they are generally implementation mistakes rather than systemic design flaws; and
    2. If a hole opens, the damage that can be done is less because you don't automatically get ring-zero (better than administrator/root) privs; and
    3. Patches tend to come out sooner and often involve no more than restarting a single service rather than downing the whole machine; and
    4. Tricks like chrooting the whole service, and/or using the immute bit (chattr +i) plus running with a kernel incapable of removing it (patch or capabilities) and a chattr program/syscall that rings bells and flashes lights instead of ch'ing the attrs, and/or one-way capabilities patches are simple to do; and
    5. Most distros arrive with secure remote administration, so dealing with a widespread attack (successful or not) is much easier; and (-:
    6. for Win 9X/ME in particular :-) distinction is actually made between superuser and mere mortals

    Yes, administration makes a big difference, but all OSes are a loooooong way from interchangeable when it comes to vulnerability.

    --
    Got time? Spend some of it coding or testing