Slashdot Mirror
'Unbreakable Linux'
Zadig writes "It appears as if Dell, Oracle, and Red Hat CEOs have decided to make 'Unbreakable Linux'. Could a giant arise amidst today's insecure and constantly patched linux world that could hold the title of Unbreakable Linux? I doubt it, but it will be fun to try, what are your thoughts?" There's a similar article on CNet.
Trusted Solaris is far more secure than almost any other commerical OS. It meets the governments B1 security requirements for an OS
It's part of marketing Linux to the stupid people - ie, the ones who use Microsoft stuff now.
One of the advantages of Linux (and often other Open Source stuff, and other UNIXes) is that you need to have a clue to be able to make it work. So it follows that you have a higher proportion of clued people using/administrating/developing etc on Linux than you do on the M$ crap.
Stupid people think that you buy the product (the latest incarnation of Windows, IIS or whatever), plug it in, and it's "secure" - or whatever else it's been touted as. Clued people understand that there's more to it.
And that, I think, is why most Linux (or BSD or whatever else) installations tend to work better - they've been done by someone with CLUE.
man is okay though....
Oh yeah? :)
Wasting your time since 1997.
Solaris has a long, long patchlist, Trusted Solaris included.
security, linux, and did you say NSA?.
NSA's Security-Enhanced Linux
Meeting governments B1 security requirements does not make system more secure. B1 differs from more often met C2 in mandatory access control (e.g. you should not be able to copy/paste data from Top Secret document into just Restricted document). This does not make any sense at all for typical user and very little sense for typical business scenarios, and thus does not make their system any more secure.
B1 does not say anything about frequency of patches, security of default install, or 'breakability' of the system.
So being sertifies as B1 does not make trusted Solaris more secure then Linux, or Win XP. It just makes it more suited for military-type computing.
Maybe it _is_ very secure, but B1 has little to do with it.
MSDOS: 20+ years without remote hole in the default install
"This will absolutely defeat Microsoft's claim that Windows NT/2000/XP is ready for the enterprise. Now that the major database systems vendors such as Oracle are supporting Linux, there is simply no reason not to use it. Where's the commercial clustering software for Windows? Oh, right, it's not there - nor is it planned. "
Huh? You must be smoking something really strong. Windows2000 Advanced server offers clustering services out of the box. SQL 2000 also offers clustering. Exchange2000 offers clustering. What do you mean that Microsoft doesn't offer clustering support? Get off the soap box dude before I push you off.
Silly Rabbit...Sig's are for kids.
That is a good idea, and I have already told the site owner that a lot of distros are multi-cd now. He seems to think that the CDs after the first one are always optional. That may be true if you don't install X or anything but a very basic system.
I sent him about 5 copies of Red Hat 7.1 when it was out, and he did send them out as 2 CD sets, I think. I also sent him $10 to cover extra shipping charges, if any.
You really should write him though, maybe if enough people write him, he will change the way the site works. I don't have any affiliation with the site, I just like it a lot.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Of course, a lot of it is good old fashioned security through obscurity. How many 14-year-old kids have OS/360 / MVS / [insert your big iron poison here] experience? How many have linux experience? Right.
There's an interesting piece about exactly this topic in today's Register: security through obsolescence.
I think you're making things unnecessarily complicated. When I say "Linux", we all understand that I implicitly refer to a complete OS with the kernel, and that includes Red Hat, Debian, SuSE, etc. That's done for convenience. Regular Slashdotters should know this by now. I'm not gonna waste my time saying Red Hat Linux just to mean a complete Linux system.. and I don't wanna waste time going into another rather pointless RMS-style "Linux is just a kernel, but there are tools and apps around it" debate.
Sure, conceptually some other OS may be more secure. But administrator skills are still really important. Let's take NSA Security-Enhanced Linux for example. Unlike normal Linux systems, it uses Mandatory Access Control (MAC) instead of Discretionary Access Control (DAC). If you're not happy with me using a "linux-kernel based system" as an example, well, the Flask operating system which SELinux is based on will do too. Ok, now using MAC makes it conceptually "more secure", as you say. However, let's say the administrator uses a root password, "hello". Now, even if it has the best MAC mechanisms in the world, your OS is gonna be rooted. And if the admin does not define your MAC policy accurately because of lack of skill, there goes your OS as well.
How about OpenBSD? OpenBSD is known for its security.. default install and such. I really love OpenBSD and I use it for production systems, but I'm still cautious about what services I open and what I don't. Let's say an admin happily opens up a few services. And, due to lack of skill, the admin does not monitor security alerts and stuff like that regularly. So one of the services has a remote hole, and boom, there goes your ultra-secure OpenBSD box.
So it's either you're thinking in a narrow-minded way, or you're getting the concept and context of a secure OS entirely wrong in the first place. An OS may be theoretically secure, but we must always consider the practical aspects of any system. Otherwise it would just be unrealistic.