Slashdot Mirror

← Back to Stories (view on slashdot.org)

Jay Beale On Overcoming Linux Security Holes

Posted by timothy on from the hey-where-is-jay-now dept.

alpinista writes "Sorry, Redmond; according to Jay Beale, it's not yet time to throw away all those pesky insecure Linux boxes. Newsforge interviewed Jay and got some pretty straight talk from a guy that knows more that his share about OS security. In a nutshell: 'Beale's take on how you can make your system more secure, on the Linux vs. Windows security debate, and on the Digital Millennium Copyright Act's impact on security testing.'"

4 of 30 comments (clear)

  1. Correctness by norwoodites · · Score: 4, Insightful

    Why do people do not stop for a second and audit their code for correctness, like what the OpenBSD people have been doing?
    Correctness will make security holes be very few and far in between.
    Also the more eyes the better because someone can spot one problem somewhere that another would not spot.
    I think for the linux kernel 2.8, correctness should be a priority. Also for glibc 2.4, and all other project's next version which should include Mozilla.

  2. Re: UNIX single user mode by Per+Wigren · · Score: 3, Insightful

    You can still use a boot floppy, unless you have turned off boot-from-floppy in BIOS and password-protected it.. But then you can still move that CMOS-reset jumper.. ;)

    Encrypted filesystems are too slow to be usable in practice.. Encrypting only /etc and some specific dirs in /var would be nice though...

    --
    My other account has a 3-digit UID.
  3. Re:A few facts about Microsoft's OS may help. by slriv · · Score: 2, Insightful

    um...

    single user mode require's root password...

    Truth is... if *hacker* has access to physical box, you have no security. Nuff said.

    The whole password protect grub etc might be useful to keep the uninitiated out of your box, but in so far as locking down your system, that's just silly.

    With respect to Windows XP, 2000 et.al., When I look at companies developing server products and compare the companies with like products selling for the NT platform vs. the companies developing for Solaris/HPUX etc, it's very clear to me the distinction between the two. Sure, this is a generalization, but I've yet to see a scaleable multi-thousand user Exchange Server in production. Seems to me the NT crowd still doesn't get it, therefore it's a foregone conclusion that security is both misunderstood and not a significant concern.

    Sam

    --
    All the worlds a stage, and I'm the guy running the lights...
  4. Re:Thanks for your comments. by Yankovic · · Score: 3, Insightful

    Not to mention the fact that many many of the items are either not installed by default (MS DTC), do not require connection to MS computers in all but the rarest of circumstances (MMC), and some aren't even installed (Microsoft Baseline Security Analyzer). This is beyond the fact that many are just wrong (Fax Service does not require connecting to MS, etc). For every puported fact in the article, there are two other ways of interpreting the situation, and the author universally picks the wrong one. This is a FUD article, pure and simple.