Not trying to start an argument - but Linux proponents should read this

[glc]

http://www.infoworld.com/article/07/...OADV2007-01-29

Constructive comments invited.

[Dangermouse1]

I think that article says more about the person than any OS including Windows.

[jayb1234]

I would have to agree with some of his points.

In my opinion the biggest part of having a secure setup is being security conscious, regardles of the operating system.

[faulkner132]

I've always believed this.

A system is only as secure as it's users. For the most part, firewalls, A/V, etc. are never really a factor for educated people who take simple steps to care for their system, (i.e. do not install every ActiveX control, open every email attachment, etc.) be it Windows, OS-X, Linux, or whatever.

The OS *does not* introduce vulnerabilities, "faulty" software, and the users who install them do. The simple fact of the matter, is there is more "faulty" software and overall lack of user education on Windows, hence Windows is "perceived" as a more vulnerable OS.
Guilty by association.

In general, the Linux community is comprised of a more technically inclined user base who understands how to identify threats and simply ignore them. Combine that with the fact that viruses and such are not specifically targeted to attack Linux users, you have a "perceived" more secure OS.

[glc]

Quote:

In general, the Linux community is comprised of a more technically inclined user base

Totally agree. However, this guy is just an arrogant fanboy who hates Microsoft because it's fashionable the way I see it. The government is going to eat his lunch when they see what he can (can't) do. If you want to talk the talk, you better be able to walk the walk. Neither business or the government has any use for a person of this competency (or lack thereof) in any position of responsibility.

[mairving]

He's just a myopic idiot that can't see the forest through the trees. It's only fitting that he is now working for the military.

[mikeL]

The poor Linux admin is going to be in for a rude awakening, once he gets on that military network. I'm a contractor at a air guard base, and there security is extremely restricted(secure) to the point of being anal.

The Admin seemed to be nothing more then a glorified user with a title, nothing more, and maybe by bashing MS, and touting Linux, no one questioned his ability.

[StykFacE]

good article, gave me a laugh.

[kilgoretrout]

I call BS on this article; it just doesn't ring true. I've never encountered any commercial admin, windows or linux, that sets the admin password to "password" but he claims to have found one. Apart from this and other ridiculous password policies, the article is devoid of specifics. I can only assume the author is using the rhetorical device of hyperbole to make his point, namely that no OS is secure in the hands of an idiot.
In fact, one of his few specific criticisms of the hapless admin deals with an out of date firmware on a Cisco router, a piece of equipment that runs neither linux or windows. This observation is irrelevant to relative OS security just as stupid password policies are.
In general, I find his observation that "Windows is just as secure as any other popular OS, if not better, despite knee-jerk criticism to the contrary" to be completely unsupported by the article. All he does is discuss one fanciful linux admin that is portrayed as so stupid one has to wonder if he really exists.
If you google the author, you will find that he makes his living as a security consultant and, by his own admission, he is a public windows suporter. If I made my living like the author, I too, would be a huge windows supporter. Why kill the goose that laid the golden egg.

[glc]

I should have expected something like this from you. I apologize for disturbing the sanctuary.

[kilgoretrout]

No offense taken and no apology necessary. I don't think anyone was disturbed, certainly not me.

[ghost2003]

PEBKAC.
A well managed system with a good admin will always be more secure than one with an ignorant and arrogant admin. Regardless of the OS.

[mairving]

Quote:

Originally Posted by ghost2003 PEBKAC.

Hey, that would make a great root password.

[glc]

Nope. It's not complex. Maybe "!p38K4c?"?

[mairving]

Quote:

Originally Posted by glc Nope. It's not complex. Maybe "!p38K4c?"?

I was being a bit cheeky.

Anything is better than password. I used to get my passwords from an old book that is no longer in print. The password would be the first letter of each word in the first sentence punctuation included. I could then reference the passwords in a file by page number only, sort of a crude cipher book. It worked pretty well. Even if you could possibly figure out that it was from a book, you would be hard pressed to find which book then good luck finding that book.

[Floppyman]

I too think this article speaks nothing of one OS being more secure than another (e.g. linux vs. windows), but rather the incompetency of the administrator. I'm curious, why was this posted in Alt. OS?

P.S. I'm not a fanboy for any particular OS.

[telegramsam]

I've always been told, and all my experiences back this up (including some amateur moves on my own part), that the biggest security threat to a computer is between the screen and the chair in front of it.

Linux has vulnerabilities as well. I get pretty regular updates from Ubuntu, most of which are security patches. I would be willing to bet those security patches are inspired by disasters...

[glc]

Quote:

why was this posted in Alt. OS?

Because I wanted to point out to our Alt OS fans (that seem to love bashing M$, that's their privilege) that *NO* OS is invincible when you have a moron running it. They all require steps to keep them secure. If I'm granting them the privilege of bashing M$, I think I have the privilege to point out little things like this. I know better than to bash *ix in this forum, that's hardly what I'm doing.

[Floppyman]

Quote:

Originally Posted by glc Because I wanted to point out to our Alt OS fans (that seem to love bashing M$, that's their privilege) that *NO* OS is invincible when you have a moron running it. They all require steps to keep them secure. If I'm granting them the privilege of bashing M$, I think I have the privilege to point out little things like this. I know better than to bash *ix in this forum, that's hardly what I'm doing.

True, although sometimes it just boils down to how easy it is to "pick the lock"....

[glc]

There's more than one way to pick a lock and a lot of different tools to do it with too.

[faulkner132]

Quote:

Originally Posted by glc Because I wanted to point out to our Alt OS fans (that seem to love bashing M$, that's their privilege)

Who has been MS bashing?

To me, anyone who MS bashes has never been in the *actual* real world.

[glc]

You are reinforcing my point.

Quote:

anyone who MS bashes has never been in the *actual* real world.

Thank you very much!

There really isn't much M$ bashing in these forums, and when it does happen we keep a pretty tight lid on it. I wish I could say the same for the rest of the Net. Those are the type of comments I was hoping to stimulate with this thread. I hope you noticed that the last Linux basher's thread that got started got closed RIGHT away. It certainly is possible to have these kinds of discussions without them turning into bashfests.

[Statica]

I think that like anything else there is a bit too much fanaticism about nearly everything people do. It always seems to be a personal attack on people, especially admins, on their OS choices. As far as I'm concerned, that is the sign of an extremely myopic admin - one who uses personal bias' rather than trying to investigate the right tool for the job. As much as we'd like to point to the *NIX guys about having this attitude, the fact is that this attitude is shared by EVERY OS "dude" out there. I've frequently walked out of Apple stores and felt that instead of contributions to a pension plan, these guys have been opted in for a marijuana quota - their TV ads celebrate it as well. Heck even the author of the article automatically assumes that all *NIXers are blessed with a complete absence of male pattern baldness and go to jobs with ponytails! (so does that make all Microsoft admins bald? And does it have anything to do with patch tuesdays? )

There are a few, as I've seen it, irrefutable facts about the *NIX world - the vulnerabilities are less in number, not just because of the number of clueless people it targets, but also because there have been an inherent lack of understanding between what levels of access processes should have (lack of effective sandboxing). Most of the common exploits still target this one lack of foresight when designing the Microsoft OS till XP (the jury is out on Vista yet). Secondly, from my experience, open source has HUGE benefits for patch releases. And I dont just mean patches from the OS distributor, but also of the various and sundry projects and code bits out there. Also feel that the steep learning curve for a *NIX helps in weeding out people who become system admins just because they have an operating system CD... exploits need to be more sophisticated to get to someone who has to endure a learning curve.

I always love reading the threads (like this) on the PCM Alt-OS forum .. it's extremely different from any other place on the net, it's like being at a spa as opposed to the O.K. Corral

[jglen490]

It's been a while since I've been here, but what timing. M$ Vista releases, and here we are debating the reasonableness of M$-bashing.

I don't like Windows, I don't like M$, and I don't appreciate the extreme fear that drives the corporate mindset at Microsoft. Yes, fear. M$ spews fear, sows uncertainty, and presses doubt on anyone who dares to oppose their view of the computing world. Especially their "right" to be safely ensconced in their monopolistic shell. Actually, M$ ought to be thankful that there is genuine competition - they are feeling the pressure.

I like Linux and have tried various *BSDs. I am currently running Kubuntu 6.06 LTS. A very economical home computing solution with an excellent set of apps. Am I a "fanboy"? No. I am critical of distributions as they come and go. I used to really love Mandrake/Mandriva, but have grown tired of their being stuck in the RPM world and their drift towards the commercial space. The *BSDs have come along quickly as a desktop solution (PC-BSD is decent and getting better), as well as their good hold in server space.

I use Windows in my professional life as a Senior Systems Analyst for a large IT support company. I enjoy Linux in my personal computing life. It performs well, does what I want to get done, and is very economical.

I'll say it again. I don't like Windows, for reasons that include what could be construed as "bashing", but also for the fact that performance and utility within Linux space satisfies my needs.

[~^RASPY^~]

Kilgoretrout,
Believe me, there are admins out there that actually use password for admin accounts. I did some work for a company in Washington state that made me set the administrator accounts for every PC (around 250 machines) to password. I advised strongly against it. I stated "Thats going to be the first or second guess for any intruder trying to gain access". I was told they used that password because it was easy to remember! I nearly fell over. This admin, like the one in the article, was no fan of Windows and was a die hard Linux user. You can't make this stuff up. It's too unbelievable, but it goes on everyday. To his (or her) credit, they were using Novell for network access, but no password policy was inplace to ensure strong passwords. They even allowed employees to use post-it notes on the screen or under the keyboard as reminders! Textbook mistakes.

I agree that a system is only as secure as it is current. The only complaint I have against some Linux builds (I do use Suse and Fedora) would be open source status. Anyone with any programming experience can read the source to assess where the build may be weak, and possible methods that may be used to patch the vulnerability. IMHO, that compromises security. I realize that compiled code can be reversed engineered, but reversed code is a pain to decipher and requires more programming skill to decipher, making it more secure. This point alone has always led me to believe Windows is more secure than Linux, although there are other points to support this argument as well. But the bottom line is security begins and ends with the system's wetware.

[faulkner132]

Quote:

Originally Posted by ~^RASPY^~ I agree that a system is only as secure as it is current. The only complaint I have against some Linux builds (I do use Suse and Fedora) would be open source status. Anyone with any programming experience can read the source to assess where the build may be weak, and possible methods that may be used to patch the vulnerability. IMHO, that compromises security. I realize that compiled code can be reversed engineered, but reversed code is a pain to decipher and requires more programming skill to decipher, making it more secure. This point alone has always led me to believe Windows is more secure than Linux, although there are other points to support this argument as well. But the bottom line is security begins and ends with the system's wetware.

I have to totally disagree with your inference that open source leads to a less secure system.

Can the people who developed 128-bit encryption algorithms break it? No.
Can the developers of OpenSSH break into any system running it? No.
Can the Linux kernel developers enter a secret password to get into any Linux system out there? No.

With open source, you are *assured* there are no back doors, and if there are, you can eliminate them yourself.
Does Windows (i.e. the close source example) have back doors? Who knows except the developers, but the fact it *might* (and lets face it, probably does) contain back doors makes it a higher security risk.

Bugs in the code leading to a vulnerability are a moot point, because no system out there is bug free, open or closed source. The bottom line is compiling source code an only making it available as a binary executable does not make a system more secure than one which gives it source code to anyone.

Just because you know how the code works doesn't mean you can get around it.

[Dodge7]

I heard this quote from a "good guy" hacker about the Mac OS not having virus problems: "obscurity is not security". So true. I think if you made Mac OS, Liniux, or whatever the most popular OS the hackers would find security holes galore.

And making his people use that awful open office? I used it, until I saw how my resumes looked wihe opened by MS Word, becuase of Open Office .doc format issues.

Yeah, I think the story is true, people never think the security break in will happen to them.

[Ind-PC_student]

You are wrong, openoffice is not horrible, and my .doc cvs are tracking great interest with employers.

And I add when I worked at the watford racial equality council, the volunteers did not mind a bit to try a copy of OOo, the difference is they had some training before hand, thanks to a tutorials web site which is still there but i forgot the link.

To add it worked flawlessly with office 2005 on the ms extensions.

[glc]

I've never seen Office 2005.........

[Ind-PC_student]

mistake it was actually 2003 it was a small typo.