Slashdot Mirror
Jay Beale On Overcoming Linux Security Holes
alpinista writes "Sorry, Redmond; according to Jay Beale, it's not yet time to throw away all those pesky insecure Linux boxes. Newsforge interviewed Jay and got some pretty straight talk from a guy that knows more that his share about OS security. In a nutshell: 'Beale's take on how you can make your system more secure, on the Linux vs. Windows security debate, and on the Digital Millennium Copyright Act's impact on security testing.'"
Why do people do not stop for a second and audit their code for correctness, like what the OpenBSD people have been doing?
Correctness will make security holes be very few and far in between.
Also the more eyes the better because someone can spot one problem somewhere that another would not spot.
I think for the linux kernel 2.8, correctness should be a priority. Also for glibc 2.4, and all other project's next version which should include Mozilla.
You can still use a boot floppy, unless you have turned off boot-from-floppy in BIOS and password-protected it.. But then you can still move that CMOS-reset jumper.. ;)
/etc and some specific dirs in /var would be nice though...
Encrypted filesystems are too slow to be usable in practice.. Encrypting only
My other account has a 3-digit UID.
Not to mention the fact that many many of the items are either not installed by default (MS DTC), do not require connection to MS computers in all but the rarest of circumstances (MMC), and some aren't even installed (Microsoft Baseline Security Analyzer). This is beyond the fact that many are just wrong (Fax Service does not require connecting to MS, etc). For every puported fact in the article, there are two other ways of interpreting the situation, and the author universally picks the wrong one. This is a FUD article, pure and simple.