Slashdot Mirror

← Back to Stories (view on slashdot.org)

Battle of the Secure Distros

Posted by michael on from the when-openbsd-just-won't-do dept.

CrazyEd writes "LinuxSecurity is reporting that EnGarde Secure Linux has received the Network Computing Editor's Choice award to win the battle of the Secure Linux distributions. Well deserved, me thinks." Update: 06/10 15:16 GMT by T : An anonymous reader points out that Linuxlookup.com reviewed this distro last week, awarding it a perfect score.

3 of 158 comments (clear)

  1. OpenBSD by dirtyhippie · · Score: 1, Troll
    Call me a troll if you like, but if you want a secure, free UNIX-like system, you don't use Linux. You use OpenBSD. The primary reasons for this are numerous - 1) it's "secure by default", all but the simplest daemons are turned off until you explicitly enable them. 2) it's always being proactively audited, with less-clean and less-safe being fixed all the time - fewer bugs = fewer potential exploits (as opposed to linux, where it sometimes seems developers are just busy adding extra command line switches and a scripting language based on brainfuck to their program ;-) - point being it's been around longer, and the interfaces are much more stable, thus making bug-fixing (not to mention administration) much easier. 3) Cutting edge support for crypto/security tools. OpenSSH was made by many of the same developers, Ipsec, skey authentication, kerberos, support for hardware cards etc. you name it, it's there. Even a tripwire-esque program is included in the default install. I'm sure I'm forgetting much more.

    Other pluses: it's Really Free(TM) Software - as opposed to Redhat and others which bundle non-free software in the default distro, it's manpages don't suck, etc.

  2. good news for *all* distros of Linux! by tps12 · · Score: 0, Troll

    Well, I think that this healthy competition is going to help *all* distros!

    What the fuck am I talking about? I'll tell you!!!!

    Basically, people use different secure distros (or distributions) of Linux! Like Slackware or Debian! Then they don't get destroyed by hackers (unlike Windblowze!!!) and who gets the credit? LINUX!

    And so all the different Linux dsitros do better! What do you think of my idea?

    --

    Karma: Good (despite my invention of the Karma: sig)
  3. The most secure OS is the one I use. Unhackable! by Anonymous Coward · · Score: 0, Troll

    The MOST secure OS is already deployed on servers. And though this gets incorrectly dowgraded to Troll by people that do not like to admit this fact, It needs to be said, even if no one ever mods it up.

    The fact is :

    No Mac webserver has ever been hacked! Ever.

    This is despite two large contests (10,000 us dollars over one month duration).

    That is why the US Army once gave up being exploited and for some of its sites used Mac OS 9.x and Webstar (a commercial web server).

    There are numerous technical reasons why no mac webservers have ever been remotely hacked and exploited, many are quit interesting.

    No Linux/UNIX is as secure as Mac OS 9.x and earlier, as demonstrated by the hundreds and hundreds of exploits in Unix and the lack of a single exploit ever discoverred in OS9 web servers. Ever.

    If you want security in an OS implement what Apple's Mac OS 7 through 9.2 offers:

    get rid of root (leaves a false sense of security lazy programmers dont understand)
    make microkernel as small as possible (even if you pass gary dividians birthaday in a register to get into kernel space, you cannot cause mischief that can be caused external from mac kernel)
    get rid of command line (creates a huge way of exploiting between processes)
    get rid of single file fork executables (use a second invisible file associated with each executable file)
    get rid of filename extensions (use an invisible embeded file type that cannot be set by users typing)
    get rid of unix utility software (use non-command line tools that use high level scripting rules)
    get rid of ANSI C library based code (The mac uses safe Pascal Style Strings often, including in ROM)
    avoid C string buffer exploits (again, most commercial mac programs avoid null terminated strings).
    sotre all web server files meant to run as executables and CGI as specially "typed" files
    and most importantly have compilers save return addres HIGHER up the stack (prevents most clever overflow exploits)

    Basically you end up with Mac OS 7 through 9!

    If security is paramount, to exclusion of all else, then Mac OS 7 through 9 cant be beat. And is 100% secure so far according to historical facts.

    SecurityFocus concurs.

    But most linux loving slashdot readers will never understand the TECHNICAL reasons no mac web server running Webstar and Mac OS has ever been rooted, or ignore the facts.

    I wonder why people try to award silly designations to "secure" linux distros! When it has been shown to have many holes historically.

    This is not a troll. Why? because I am formally requesting that i am not intrerested in your rebuttals. Do not bother to criticize this post.

    A true troll, by definition, WANTS responses and is not stating anything important. By requesting no criticism, I am proving I am not a troll.

    This post is meant to only educate people on why no mac servers have been rooted and state a few inarguable facts. So quit modding it as a troll without reading the FAQ on the web regarding the definition of 'trolling'. Otherwise -1 mods are merely ignorant censorship by fanboys that hate to admit they know nothing about secure OSes..