Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Your OS Tough Enough?

Posted by timothy on from the mepis-seems-to-do-alright dept.

LE UI Guy writes "A Denver Post article examines the Internet 'horrors' Windows, Mac and Linux users face simply being connected to the Internet with only an out-of-box configuration. Over the course of a single week the machines were scanned 46,255 times. The test didn't look into additional security threats caused by surfing the web or reading e-mail, just the connection itself."

6 of 597 comments (clear)

  1. Even modern linux distros need to be sanitized by Ars-Fartsica · · Score: 5, Insightful

    Look at all of the software and services running on a modern linux distro - FC3 for example. I have spent a great deal of time shutting off everything I really don't need and erasing piles of useless rpms installed by the distro (its 2005 - I don't need talk). Any software you don't use or services you do not need are just potential security holes.

  2. Lame article. by Seumas · · Score: 5, Insightful

    Just because people can knock on every door doesn't mean that every door is as insecure as the next. You can knock on every door in a neighborhood, but some will be better constructed and have more secure locks. Still, none prevent one from knocking.

    If they're only tracking ping/scan attempts, there is no reason to even include mac/linux in this.

  3. SP1 Earns a pass? by salemlb · · Score: 5, Insightful

    According the article, no one was all that surprised Win XP SP 1 went down in 18 minutes. After all, it is not up to date... it is essentially an old OS, right? So this is expected, right? Old OSs should be broken into, right? And then we have OS X 10.2, aka, Jaguar. No successful attacks. Older OS, check. Not up to date with all the latest security features that are in Panther, check. And not one successful attack. One company makes on OS that still stands after two and a half years... one company makes an OS that only stands after a major major major patch and constant updates that sometimes break software. Now, which company's OS would I choose to build a secure network? Sure, it's a flawed argument, but still I think worth noting.

  4. Re:Not News by KevMar · · Score: 5, Insightful

    Exactly, This does not tell us anything we did not know before. How many honeypot papers have told us this already.

    It is sad that the internet has become so hostile. At work I connected one of our servers to a connection on the outside of our firewall for some remote support (didn't have the VPN papers signed yet). The moment that I enabled the nic, the server informed me that the RPC Service has failed and the computer will shut down.

    I was foolish for not checking the patch levels. I assumed that someone else was on top of that. A mistake I will not make again. But home users have problems of their own. They don't know they have to keep it up patched. If I had my grandma running Linux, I would be the one patching it. What about converting all my friends and family to Linux. I would be so overwhelmed keeping each one current.

    As it stands, I format, install XP /w SP2, change their user accounts to limited access, install spyware detection, antivirus, leave the firewall and automatic updates on, and finally put firefox on the desktop.

    At the same time, I have to explain why XP is better than the 98 or ME that came with the computer, what SP2 is and why it takes so long, what a firewall is, what firefox is, why I created a special admin account for them to install stuff with and why the should never surf the web while logged into admin with the red background.

    And if you are a slashdot regular, I am not telling you anything new. I should release this as a news story, but as we all know, this is not news. Its just the way it is.

    --
    Kevin Marquette
    antispyware

    --
    Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
  5. Sometimes you have no choice by Marran+Gray · · Score: 5, Insightful

    While I agree that it might have been instructive to include, say, RedHat 7 in the lineup, security of original XP is still an important consideration. First, to hear MS at the time, XP-SP1 should have been more solid then and should be more solid now. But far more importantly, we see how vital it is to fully patch your XP system before connecting it to the internet. And where do I get those patches from? Oops...

    The catch-22 is that time-to-infection is much shorter than time-to-patch for Windows XP, even with a contemporary internet connection. If you don't have SP2 media, and don't have some other means of (manually) acquiring the latest patches, you're dead in the water. Yes, there are workarounds; you can install some ice of your own before you connect, for that matter, but that obviates all the really neat security features of SP2 with a 3rd-party solution. "Not the solution he had in mind..."

    Admittedly, part of this is due to the fact that Windows is "productized", i.e. you have a box containing Windows and you can add patches. With Linux operating systems I think there's a lot more sensitivity to versioning and awareness of granularity; you aren't working on this monolithic thing in need of repair but on a collection of components which can be individually upgraded. Partly psychological, yes, but you also have the advantage of simply leaving out "risky" components until you can get everything up to date. You can run a Linux OS with no services, nothing particularly visible except the interface you're downloading updates through. That's not an option with Windows.

    --
    "There are hundreds of game theorists at the gates, sir, and they want to hold an election!"
  6. Re:PLEASE MOD PARENT UP! by geordie_loz · · Score: 5, Insightful

    I agree that this is a secure thing. The problem is, nowhere does it tell a novice user that you should enable the firewall, connect to the net then, download patches, then you're secure

    The problem with the security is not that the machine can never be made secure, but that it starts out as a terribly insecure product. This is a problem. Most users are out of the box users. They have no understanding, so they don't know about the firewal etc.. They're told by MS that for security they need to patch using windows update. The point above is that this isn't actually that secure, and while this is happening a compromise can take place.

    The main issue here is the slack standards Microsoft use to get their products out the door, and their trade off of complexity to security. They are scared of treating their customers with intelligence, and educating them correctly about the actual process of securing and methods of attack (not necessarily at too technical a level) so good practices are used. For fear of confusing the users the XP SP1 firewall is off, and it's not the only software that has all the security off by default.

    If normal users understood that direct connections to the net were bad, they'd all buy routers, they'd consider firewalls, probably ones configured to block all but MSN, E-mail and web access, and we'd live in a considerably more worm free world.

    The OS may be securable, but it is not secure by default!. That is the problem, because most users don't do anything but the default (hence Explorer's 90% market share)