Is Linux as Secure as We'd Like to Think?
man_of_mr_e asks: "With all the recent brouhaha about Blaster and Sobig, there's been a lot of talk about how poor Windows security is, especially compared to the Linux we all know and love. But is this really true? The website defacement archive at Zone-h shows that Linux accounts for 61% of the defacements in the last 24 hours (note, this figure changes, so it might be different when you view it). An analysis of the last few weeks of their archive shows a similar percentage of exploited Linux systems. Note also that the 'Unknown' category is rather high, and certainly contains at least some Linux systems, further increasing the percentage. Why is this? Are we just deluding ourselves about our own security? Could there be a Linux 'Blaster' just waiting to happen?" While "defacements" don't necessarily mean "root level break-in", sometimes getting your foot in the door is enough. If this happens, wouldn't Linux then be just as exploitable as Windows? Are there other reasons why the likelihood of a "Sobig" or an "ILUVYOU" would be lower for Linux than Windows?
Personally I have all my end-users sign on as root. So far so good
I just install a vanilla Redhat on all my boxes. They get rooted within a few days, and the hax0rs take care of the security updates for me. Course, I can't log in as root anymore, but hey... that's a feature.
Windows web defacements are the fault of a crappy, inherently insecure operating system from a criminal monopoly.
Linux defacements are the fault of stupid admins who can't be bothered to install the latest patches, or who are too incompetent to install the OS and configure it for security.
I thought everyone knew that.
Cheers
-b
Hey, if I told you that one in every two Ferrari F-40's explode for no reason, but only 1 in every 1000 Honda Civics explode for no reason, which explosions are going to be more noticed?
The Ferraris, because nobody important drives a Civic.
Knock off balding middle-aged, filthy rich tycoon, and that'll get more press than offing a bunch of morons who put rear spoilers on front-wheel-drive cars.
But I digress...
What's your damage, Heather?
> These are socially engineered programs designed to get the user to run them.
Re: Approved
Please log in as root to accept this offer...
The unofficial
It's those communist dual-booters that we have to worry about.
You can't judge a book by the way it wears its hair.
Take your most savy Linux guru and your most savy Windows mouse-clicker (can often be one and the same person). Let each setup a secure server and point each server to the Internet.
Now sit back and wait for shit to happen.
Eventually it will be proven that the best platform is freebsd.
That is dangerous! There could be a hidden or obfuscated loophole. I, for one, never run any code that hasen't been written by myself while under polygraph examination. I keep my website running in a concrete block under the ocean and I keep all the clocks in my appartment running at different times, just in case my future self came back in time to try to sabotage my project. Every one should do it.
:-)
When I introduce someone to coding I chop off their hands and then hide them to be sure they won't code anything. New users think I'm paranoid and arrogent but I don't want any one of the mindless rabble to come and get me in middle of the night when the KGB hacks their site.