As more and more vendors begin to port their applications to Linux, there's more interest from the shirt and tie folks in our companies that say, "Well, maybe we can give Linux a try. But, how do I know it will work?"
The way the vendors of these large products (let's use Oracle as an example) cover their asses in "product reliability" is to "certify" specific versions of Linux that they've tested and feel pretty confident about saying, "Yes, this will run stable and we believe we can recommend it."
So we end up with products like RHAS (and now RHES) and SLES 7/8 from the major Linux players. This helps make sure that -everyone- has covered their asses.
See, you and I know that we can take a copy of Oracle 9i and put it on a copy of RedHat 7.3 and expect it to perform rather reliably, right? We've worked with both the products enough to understand their quirks and how to support them. But if something does go wrong along the way your boss wants to hear something more than, "I've done this before and it worked! I have faith in the setup I've recommended." Your boss wants someone he can point a finger at and expect that they're going to provide a solution.
I've had a very hard time in the past few months bowing down to the concept of paying $799 for a copy of something I can pretty much download and patch-up myself. But the guys with the shirts and ties still think it's cheaper than a Sun/Veritas licensing solution, and it definately is cheaper than a Win32 alternative, so they're willing to shell out the cash. Why should I argue with them when after it's all paid for, it's still Linux.;)
Bottom line? All of these certifications and extra costs for support we'll probably never use is a way to generate revenue while everyone is covering their ass and their product.
It was mentioned on the FreeBSD-Security list this morning that ISS had informed vendors that they were going to go public with this advisory tomorrow and not today. So in answer to your question, Yes, the vendors have apparently been notified.
This however appears to be yet another situation where ISS has gone ahead and released an advisory before the vendors have actually had a chance to make patches available to the public.
This is supposed to be a security firm that is trying to assist the public in keeping their boxen secure? If so, I'm really scared of the firms that are out there really trying to do damage.
"There are no restrictions. It is only that there have been several things which have been forbidden by the law," he [Dr Oktay Vural, Minister of Transport and Communications] said.
So will they be enforcing restrictions or won't they? Seems he can't even make up his mind as to whether they'll do that or not, why should anyone think he's competant enough to determine what's valuable for public consupmtion or not?
"In addition to eating up free disk space Benjamin takes additional actions: under the name of the infected computer's owner it opens an anonymous web site from which it displays advertising banners. This way Benjamin's creator profits by the resulting increase in advertising displays."
Wouldn't it make sense then that you could track the creators of the worm to whomever is collecting the payout of these banner ads or am I misunderstanding how its working?
Slashdot Mirror
The way the vendors of these large products (let's use Oracle as an example) cover their asses in "product reliability" is to "certify" specific versions of Linux that they've tested and feel pretty confident about saying, "Yes, this will run stable and we believe we can recommend it."
So we end up with products like RHAS (and now RHES) and SLES 7/8 from the major Linux players. This helps make sure that -everyone- has covered their asses.
See, you and I know that we can take a copy of Oracle 9i and put it on a copy of RedHat 7.3 and expect it to perform rather reliably, right? We've worked with both the products enough to understand their quirks and how to support them. But if something does go wrong along the way your boss wants to hear something more than, "I've done this before and it worked! I have faith in the setup I've recommended." Your boss wants someone he can point a finger at and expect that they're going to provide a solution.
I've had a very hard time in the past few months bowing down to the concept of paying $799 for a copy of something I can pretty much download and patch-up myself. But the guys with the shirts and ties still think it's cheaper than a Sun/Veritas licensing solution, and it definately is cheaper than a Win32 alternative, so they're willing to shell out the cash. Why should I argue with them when after it's all paid for, it's still Linux. ;)
Bottom line? All of these certifications and extra costs for support we'll probably never use is a way to generate revenue while everyone is covering their ass and their product.
My $.02 anyway...
It was mentioned on the FreeBSD-Security list this morning that ISS had informed vendors that they were going to go public with this advisory tomorrow and not today. So in answer to your question, Yes, the vendors have apparently been notified.
This however appears to be yet another situation where ISS has gone ahead and released an advisory before the vendors have actually had a chance to make patches available to the public.
This is supposed to be a security firm that is trying to assist the public in keeping their boxen secure? If so, I'm really scared of the firms that are out there really trying to do damage.
"There are no restrictions. It is only that there have been several things which have been forbidden by the law," he [Dr Oktay Vural, Minister of Transport and Communications] said.
So will they be enforcing restrictions or won't they? Seems he can't even make up his mind as to whether they'll do that or not, why should anyone think he's competant enough to determine what's valuable for public consupmtion or not?
"In addition to eating up free disk space Benjamin takes additional actions: under the name of the infected computer's owner it opens an anonymous web site from which it displays advertising banners. This way Benjamin's creator profits by the resulting increase in advertising displays."
Wouldn't it make sense then that you could track the creators of the worm to whomever is collecting the payout of these banner ads or am I misunderstanding how its working?