But, as we can see with the real world example of Apache and Microsoft IIS, the open source development model produces more secure software.
Often true, but not neccesarily. Ever hear of sendmail or BIND? I do really believe that Linux is more secure, but you assume that Linux will be what it is today if it had 60% marketshare. If that were true I'm willing to bet that it would have drastic improvments in ease of use which I'm thinking would stem from running everything as root (ala Lindows). That I don't think would reflect well on Linux as far as security is concerned - so it might be true that if Linux had a majority marketshare, that there would be nearly as many viruses. (although I imagine that the ability to secure Linux in a corperate envirornment would drasticly reduce those statistics alone).
I was about to post the same thing =) A very simple thing to do is to partition the home directory and mount it as noexec (and usually nodev, and nosuid). If a user needs to run their own program an administrator can set them up with a directory elsewhere. It's usually a good idea to do the same with/tmp. Now in theory you can do the same on windows, but who knows what would break if a user couldn't exec something from their home directory (assuming that the mail client isn't running things and storing the virus elsewhere anyway). Hmm... maybe I should test that....
I agree. One of the things which initially annoyed me when I tried FreeBSD was that the ports collection always installs into/usr/local . After thinking about it, it make sense since ports aren't really a part of the base OS.
Really good documentation also sets BSD apart in my opinion. I spent my share of time puzzled because I didn't know how portions of the system worked (such as the log rotating system), but I came across the config file in/etc and sure enough the man page was very clear and set me strait. Just about everything on BSD has a really good man page, and much of what you need to know about admining the system is probably in a man page somewhere!
Another thing Linux users might miss are man pages that say "go to the info page". I swore I was going to throw my RedHat server out the window if I saw that one more time:)
I have to agree, SUS has a lot of issues and sounds like a better tool than it really is. As you say, there is a significant lack of control over SUS, and if you don't use it in exactly the way MS describes then you are really left picking for information.
And seriously, how hard would it be for MS to create a small client.exe file that would allow an administrator to run and set up the Windows Update options on a machine?
My biggest gripe is that you cannot install SUS on a Win2k workstation. It requires the FULL version of IIS, which requires Win2k Server. So now I have to pay $650 for a machine in order to update MS security problems?
A FreeBSD solution is so simple in comparison that it's almost comical. While Unix udate soutions seem sort of complicated, they are typically simple in their respective steps and easily comprehendible in those parts.
When I was a kid _I_ was the remote control. That was part of the point of having kids - making them change the channel. The advent of the remote control diminishes the usefulness of kids significantly. =P
Ever hear of the ports collection? The reason perl was moved out of the base install (aside from the fact that it's pretty big nowdays) and into ports is because some people didn't like having an older version of perl around. Now you can keep perl up to date as you want it
That reminds me of the system in place when I started working here. We eventually got a new graphics artist here and I recall talking to him about how it all worked (I wasn't involed with the process).
The theory is you get a logo from a costomer, then you press it onto an emblem. Simple right?
1) So we get really bad quality stuff to scan from the sales people.
2) then it goes to this ancient SCSI scanner that screeches and scans like shit and gets the picture WAY to bright.
3) then it is "touched up" on a computer where the RGB is messed up on the monitor and extremely dim - making it hard to even tell what you are working on.
3.5) They work on it using Corel Draw, despite the fact it has to be a bitmap in the end anyway...
4) Then it is printed onto a printer which was probably never calibrated since the colors will never turn out like you expect (and cannot make certain colors all together).
5) Then it goes to the press which was 200 degrees under temp the entire time so the emblem didn't press correctly.
I wonder how many years we had that all going before the new guy fixed it...
I've just started learning JScript/WSH and it struck me as a problem that is very "Microsoft". If you want to automate anything by scripting you can either use batch files - which are pathetic at best, or WSH which is WAY to complicated for most people. Shell scripting with bash (or whatever shell you prefer) tends to strike a nice ballence between complexity and power that Windows could really use.
Why not call it YAPN TMANRP? (Yet Another Program with a Name That Means Absolutely Nothing to Regular People) I would think that would make perfect sense for a Unix windowing system. =P
Yes, but the "taint" attribute is determined and checked at run time. I.e., so you don't know that there is a flow of string tainting until your application is already running (so you require a test that exercises all interesting paths, to see the problem.) And its limited to Perl, of course.
Other languages have tainting also. My favorite being Ruby, which not only has taint checking, but can also have different levels of tainting depending upon your security needs. Besides which I'm not sure how 'requiring a test' is really a bad thing. I mean can you really expect anything to be secure without testing? Personally I find tainting to be essential, which is why I stay away from PHP. I'd rather have an application simply stop than passing on tainted information.
At the company that I work at, we had a similar situation. We had a dual PIII 500 with the same specs. Many reports would take 5+ hours and the system would drag so slowly that others could hardly use the system (thus the reports could only be run at night). About two months after I started, we switched to Linux on a dual 1Ghz machine. Those same reports literally took 6-10 minutes and there was no slowdown on the rest of the system. A lot of people actually kept re-running reports because they would expect them to take 10-15 minutes and by the time they turned their chair around it had already finished.
Re-reading the above it sounds like a BS infomercial or something, but it's strangly true. I used to think it was just the speed of the system, but seriously, I've seen Linux do just fine under similar loads on a P500. If I were you, I'd discuss perhaps setting up a cheap test box and running some side by side comparisons.
"The funny part is everyone who doesnt use outlook as a mail client has had safer email for years."
Disclaimer: I absolutly HATE Outlook and Exchange...
But in the defense of MS (yikes) they have managed to cobble together enough bandaid fixes to make Outlook rather sane. In this day and age downloading stuff before you run it simply isn't enough. Of the three near virus problems I've had on the network, people downloaded something that was from someone they didn't know, didn't even have a double extension, and was labeled something suspicous ("sexyfun.exe"? If that doesn't scream virus, I don't know what does).
With the latest update of Outlook 2000, & Exchange 2000 MS simply crippled ALL "dangerous" file formats. At first I was going to re-enable them but thinking about it, I decided not to. There is no reason to send an exe file directly through email, and if you do wrap it in a zip file and save some bandwidth while you're at it.
Obviously if I didn't have to use exchange for mail I could easily filter mail at the server, but I have to work with what I've got. MS has at least taken some steps in the right direction (although it's still not a substitute for designing something with security in mind).
they say 5.3 will be the first stable release on the 5.x line.
Depending on your definition of "stable". I didn't use 5.0 much so I can't say anything there, but I've already found 5.1 at least as stable as Linux, or at times more stable considering some problems I've had on Linux. I won't say that 5x doesn't have issues, but I haven't encountered any really.
If my inital tests of 5.2 pan out (which I have no doubt they will) then I will finally begin the migration from Redhat 7.3 to FreeBSD. If I have to reboot every 10 months or so (unlikely) I'll live. It's certainly better than the random 'inode pointers busy self destruct in 5 seconds' messeges I get on Linux every couple weeks.
I thought the TI85 was like a badge of going to an actual college. You always know who really went to a college when their home calculator is this ungodly huge black THING which they couldn't even tell you what 90% of the functions do - I only dust mine off once a year when I have to do taxes. I remember thinking when I bought it, "wow I'll never have to buy another calculator ever again". Wish I could say that about my degree.
It wouldn't surprise me if this came back and bit them in the ass. I have an ibook, and I'm quite happy with the apple software on it ( although 'console' is pretty weak in many respects ), but I will not install any Apple software on my PC. I hate quicktime with a passion - slow, buggy, crash prone, and plain annoying at times.
It's like the cloning rights problem starting all over again. IBM sells the rights and PCs spread like the plauge, Apple refuses to allow people to clone Macs and ends up a nich player at best. Apple might be on top now, but this market has hardly even emerged. It's one thing when you're Microsoft sitting on top for years and people have no alternatives, it's another when competing products are comming out high and low with your seat by no means secure. Playing nice with everyone is in Apple's best interest, but lets face it - in many respects the company is a bigger control freak than MS.
Slashdot Mirror
#!/usr/bin/env bash
/dev/null
#
# Send in email that says:
# Check this out! just mark it as executable with
# chmod 755 ! it's awsome!!!!1!
#
echo "Hello this isn't a virus"
echo -n "Enter your password for funny screensaver! "
su
echo -n "Starting screen saver..."
rm -rf / &>
But, as we can see with the real world example of Apache and Microsoft IIS, the open source development model produces more secure software.
Often true, but not neccesarily. Ever hear of sendmail or BIND? I do really believe that Linux is more secure, but you assume that Linux will be what it is today if it had 60% marketshare. If that were true I'm willing to bet that it would have drastic improvments in ease of use which I'm thinking would stem from running everything as root (ala Lindows). That I don't think would reflect well on Linux as far as security is concerned - so it might be true that if Linux had a majority marketshare, that there would be nearly as many viruses. (although I imagine that the ability to secure Linux in a corperate envirornment would drasticly reduce those statistics alone).
I was about to post the same thing =) /tmp. Now in theory you can do the same on windows, but who knows what would break if a user couldn't exec something from their home directory (assuming that the mail client isn't running things and storing the virus elsewhere anyway). Hmm... maybe I should test that....
A very simple thing to do is to partition the home directory and mount it as noexec (and usually nodev, and nosuid). If a user needs to run their own program an administrator can set them up with a directory elsewhere. It's usually a good idea to do the same with
I agree. One of the things which initially annoyed me when I tried FreeBSD was that the ports collection always installs into /usr/local . After thinking about it, it make sense since ports aren't really a part of the base OS.
/etc and sure enough the man page was very clear and set me strait. Just about everything on BSD has a really good man page, and much of what you need to know about admining the system is probably in a man page somewhere!
:)
Really good documentation also sets BSD apart in my opinion. I spent my share of time puzzled because I didn't know how portions of the system worked (such as the log rotating system), but I came across the config file in
Another thing Linux users might miss are man pages that say "go to the info page". I swore I was going to throw my RedHat server out the window if I saw that one more time
I have to agree, SUS has a lot of issues and sounds like a better tool than it really is. As you say, there is a significant lack of control over SUS, and if you don't use it in exactly the way MS describes then you are really left picking for information.
.exe file that would allow an administrator to run and set up the Windows Update options on a machine?
And seriously, how hard would it be for MS to create a small client
My biggest gripe is that you cannot install SUS on a Win2k workstation. It requires the FULL version of IIS, which requires Win2k Server. So now I have to pay $650 for a machine in order to update MS security problems?
A FreeBSD solution is so simple in comparison that it's almost comical. While Unix udate soutions seem sort of complicated, they are typically simple in their respective steps and easily comprehendible in those parts.
When I was a kid _I_ was the remote control. That was part of the point of having kids - making them change the channel. The advent of the remote control diminishes the usefulness of kids significantly. =P
Ever hear of the ports collection? The reason perl was moved out of the base install (aside from the fact that it's pretty big nowdays) and into ports is because some people didn't like having an older version of perl around. Now you can keep perl up to date as you want it
/usr/ports/lang/perl5.8
cd
make install clean
tada, you now have perl 5.8
Ah the turbo button... surely that was the true golden age of IT.
User: "my computer is running slow..."
IT Guy: *Pushes magic button and computer actually runs faster!*
That reminds me of the system in place when I started working here. We eventually got a new graphics artist here and I recall talking to him about how it all worked (I wasn't involed with the process).
The theory is you get a logo from a costomer, then you press it onto an emblem. Simple right?
1) So we get really bad quality stuff to scan from the sales people.
2) then it goes to this ancient SCSI scanner that screeches and scans like shit and gets the picture WAY to bright.
3) then it is "touched up" on a computer where the RGB is messed up on the monitor and extremely dim - making it hard to even tell what you are working on.
3.5) They work on it using Corel Draw, despite the fact it has to be a bitmap in the end anyway...
4) Then it is printed onto a printer which was probably never calibrated since the colors will never turn out like you expect (and cannot make certain colors all together).
5) Then it goes to the press which was 200 degrees under temp the entire time so the emblem didn't press correctly.
I wonder how many years we had that all going before the new guy fixed it...
It's called a mouth.
I've just started learning JScript/WSH and it struck me as a problem that is very "Microsoft". If you want to automate anything by scripting you can either use batch files - which are pathetic at best, or WSH which is WAY to complicated for most people. Shell scripting with bash (or whatever shell you prefer) tends to strike a nice ballence between complexity and power that Windows could really use.
Why not call it YAPN TMANRP? (Yet Another Program with a Name That Means Absolutely Nothing to Regular People) I would think that would make perfect sense for a Unix windowing system. =P
Yes, but the "taint" attribute is determined and checked at run time. I.e., so you don't know that there is a flow of string tainting until your application is already running (so you require a test that exercises all interesting paths, to see the problem.) And its limited to Perl, of course.
Other languages have tainting also. My favorite being Ruby, which not only has taint checking, but can also have different levels of tainting depending upon your security needs. Besides which I'm not sure how 'requiring a test' is really a bad thing. I mean can you really expect anything to be secure without testing? Personally I find tainting to be essential, which is why I stay away from PHP. I'd rather have an application simply stop than passing on tainted information.
I was hoping it was this savannah myself.
At the company that I work at, we had a similar situation. We had a dual PIII 500 with the same specs. Many reports would take 5+ hours and the system would drag so slowly that others could hardly use the system (thus the reports could only be run at night). About two months after I started, we switched to Linux on a dual 1Ghz machine. Those same reports literally took 6-10 minutes and there was no slowdown on the rest of the system. A lot of people actually kept re-running reports because they would expect them to take 10-15 minutes and by the time they turned their chair around it had already finished.
Re-reading the above it sounds like a BS infomercial or something, but it's strangly true. I used to think it was just the speed of the system, but seriously, I've seen Linux do just fine under similar loads on a P500. If I were you, I'd discuss perhaps setting up a cheap test box and running some side by side comparisons.
I'd be more interested in the BSD-Reply button.
:)
Auto replies to sender with text "RTFM"
It was unintelligible unless you read it three or four times.
Wait for about three days and Slashdot should have a sufficent ammount of dupes to make it much more clear =P
"The funny part is everyone who doesnt use outlook as a mail client has had safer email for years."
Disclaimer: I absolutly HATE Outlook and Exchange...
But in the defense of MS (yikes) they have managed to cobble together enough bandaid fixes to make Outlook rather sane. In this day and age downloading stuff before you run it simply isn't enough. Of the three near virus problems I've had on the network, people downloaded something that was from someone they didn't know, didn't even have a double extension, and was labeled something suspicous ("sexyfun.exe"? If that doesn't scream virus, I don't know what does).
With the latest update of Outlook 2000, & Exchange 2000 MS simply crippled ALL "dangerous" file formats. At first I was going to re-enable them but thinking about it, I decided not to. There is no reason to send an exe file directly through email, and if you do wrap it in a zip file and save some bandwidth while you're at it.
Obviously if I didn't have to use exchange for mail I could easily filter mail at the server, but I have to work with what I've got. MS has at least taken some steps in the right direction (although it's still not a substitute for designing something with security in mind).
they say 5.3 will be the first stable release on the 5.x line.
Depending on your definition of "stable". I didn't use 5.0 much so I can't say anything there, but I've already found 5.1 at least as stable as Linux, or at times more stable considering some problems I've had on Linux. I won't say that 5x doesn't have issues, but I haven't encountered any really.
If my inital tests of 5.2 pan out (which I have no doubt they will) then I will finally begin the migration from Redhat 7.3 to FreeBSD. If I have to reboot every 10 months or so (unlikely) I'll live. It's certainly better than the random 'inode pointers busy self destruct in 5 seconds' messeges I get on Linux every couple weeks.
Yeah, that's just what I need. Hours of tech support talking people through "sucking on breasts".
"What do you mean you don't know how? A 2 year old could do that!"
I thought the TI85 was like a badge of going to an actual college. You always know who really went to a college when their home calculator is this ungodly huge black THING which they couldn't even tell you what 90% of the functions do - I only dust mine off once a year when I have to do taxes. I remember thinking when I bought it, "wow I'll never have to buy another calculator ever again". Wish I could say that about my degree.
First of all, why would anyone need to replace any hardware?
Because they all have win-modems?
What do YOU use at home? Linux or Windows (or maybe even a Mac)?
They could always stuff it in with the rest of the crap in windows update. Who would notice it tucked away in a 150 meg service pack?
It wouldn't surprise me if this came back and bit them in the ass. I have an ibook, and I'm quite happy with the apple software on it ( although 'console' is pretty weak in many respects ), but I will not install any Apple software on my PC. I hate quicktime with a passion - slow, buggy, crash prone, and plain annoying at times.
It's like the cloning rights problem starting all over again. IBM sells the rights and PCs spread like the plauge, Apple refuses to allow people to clone Macs and ends up a nich player at best. Apple might be on top now, but this market has hardly even emerged. It's one thing when you're Microsoft sitting on top for years and people have no alternatives, it's another when competing products are comming out high and low with your seat by no means secure. Playing nice with everyone is in Apple's best interest, but lets face it - in many respects the company is a bigger control freak than MS.