On Sun, 2003-11-02 at 22:02, David Demland wrote:
> Remember the only reason that Microshaft is being hit with all the major
> security problems is because it is the largest target. Before they became
> the major security target it was Bind that was the target. Anytime there is
> just one large target all the other targets will be overlooked. It is when
> all the targets are close to the same size that it would be much harder for
> any of the targets to be singled out. This is the point that needs to be
> realized before the barrier to entry will be lowered enough that the
> consumer will benefit.
This is incorrect. Windows has a fundamentally bad security history on
all fronts. They have and still do sacrifice security for various
usability goals. Virii are domanent on windows platforms because of
these bad decisions. Windows didn't even have user rights until windows
NT4 (3?) however of course dos,win95,98,me were used by most until xp.
And even now xp ships with the default user having full admin privs. The
separation of root access and user access is most novice users first
lesson and fundamental to any security. If this wasn't bad enough their
email programs have been the prime enablement of email virii
propagation. All the services run system level by default. Almost all of
their server services have had continuing serious security problems. The
sharing features default to no password and the messenger service allows
unsolicited messages to be displayed, this has prompted almost all ISP's
(including the one I run) to block all of this traffic to protect our
customers from this software. Does this sound like a company that takes
security seriously? Or perhaps they are so deep in crap code now they
have just given up.
So why would a Free Software system like Linux be in a much better
position if the tables were turned?
1. Like organic life, diversity is a main player in minimizing
catastrophic failures. Linux is distributed by many many companies and
organizations. This in addition to the ability to easily modify your
default configuration lead to a good up front software diversity.
2. Knowledge is power, Linux is an incredibly well known system thanks
to being popular Free Software. This enables problems (not only security
ones) to be fixed quickly, and more importantly correctly.
3. Choice. Don't like bind's issues? Don't like sendmail's problems?
Then why are you using them? Use qmail, postfix or anything else. Or one
of the many other dns servers. Granted you have this choice to some
extent under windows also, however the good choices even under windows
are also free software so why run windows at all ?
4. Unix has been from the start a multi user system, therefore most
Linux programs have the multi user concept. Windows did not have this
until recently, and therefore most programs have no concept whatsoever
about users or security. Many very widely used apps rely solely on a
simple share and drive map situation. Windows and most apps that run on
it store individual user data in absurd places like the registry rather
than in the users file based profile.
Obviously I could go on forever how windows is inferior in design and
policy. However I will wrap up with one quick concept.
Microsoft a few months back stated that Linux had just as many security
problems as windows had, of course this is inaccurate and twisted.
However lets hypotheticly say this is true, if windows manages to come
up with as many security problems as Linux does without being open
source than just imagine what is left to be discovered. All things being
equal which is more secure? I'll pick Linux.
Entelin <
entelin@logicaldreams.net>