Slashdot Mirror
'Unbreakable Linux'
Zadig writes "It appears as if Dell, Oracle, and Red Hat CEOs have decided to make 'Unbreakable Linux'. Could a giant arise amidst today's insecure and constantly patched linux world that could hold the title of Unbreakable Linux? I doubt it, but it will be fun to try, what are your thoughts?" There's a similar article on CNet.
Trusted Solaris is far more secure than almost any other commerical OS. It meets the governments B1 security requirements for an OS
man is okay though....
Oh yeah? :)
Wasting your time since 1997.
Solaris has a long, long patchlist, Trusted Solaris included.
Meeting governments B1 security requirements does not make system more secure. B1 differs from more often met C2 in mandatory access control (e.g. you should not be able to copy/paste data from Top Secret document into just Restricted document). This does not make any sense at all for typical user and very little sense for typical business scenarios, and thus does not make their system any more secure.
B1 does not say anything about frequency of patches, security of default install, or 'breakability' of the system.
So being sertifies as B1 does not make trusted Solaris more secure then Linux, or Win XP. It just makes it more suited for military-type computing.
Maybe it _is_ very secure, but B1 has little to do with it.
MSDOS: 20+ years without remote hole in the default install
Of course, a lot of it is good old fashioned security through obscurity. How many 14-year-old kids have OS/360 / MVS / [insert your big iron poison here] experience? How many have linux experience? Right.
There's an interesting piece about exactly this topic in today's Register: security through obsolescence.
I think you're making things unnecessarily complicated. When I say "Linux", we all understand that I implicitly refer to a complete OS with the kernel, and that includes Red Hat, Debian, SuSE, etc. That's done for convenience. Regular Slashdotters should know this by now. I'm not gonna waste my time saying Red Hat Linux just to mean a complete Linux system.. and I don't wanna waste time going into another rather pointless RMS-style "Linux is just a kernel, but there are tools and apps around it" debate.
Sure, conceptually some other OS may be more secure. But administrator skills are still really important. Let's take NSA Security-Enhanced Linux for example. Unlike normal Linux systems, it uses Mandatory Access Control (MAC) instead of Discretionary Access Control (DAC). If you're not happy with me using a "linux-kernel based system" as an example, well, the Flask operating system which SELinux is based on will do too. Ok, now using MAC makes it conceptually "more secure", as you say. However, let's say the administrator uses a root password, "hello". Now, even if it has the best MAC mechanisms in the world, your OS is gonna be rooted. And if the admin does not define your MAC policy accurately because of lack of skill, there goes your OS as well.
How about OpenBSD? OpenBSD is known for its security.. default install and such. I really love OpenBSD and I use it for production systems, but I'm still cautious about what services I open and what I don't. Let's say an admin happily opens up a few services. And, due to lack of skill, the admin does not monitor security alerts and stuff like that regularly. So one of the services has a remote hole, and boom, there goes your ultra-secure OpenBSD box.
So it's either you're thinking in a narrow-minded way, or you're getting the concept and context of a secure OS entirely wrong in the first place. An OS may be theoretically secure, but we must always consider the practical aspects of any system. Otherwise it would just be unrealistic.