| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Windows isn't only OS with flaws, Linux hole found | |
|
||
| Time: 15:47 EST/20:47 GMT | News Source: Business Week Online | Posted By: Adrian Latinak | ||
|
On the surface, it was just another turn of the endless cycle of software release, hole discovery, and patching: operating system vendor Red Hat issued an advisory Tuesday warning the world about a serious security hole in a file transfer program that comes with Linux, and urged customers to download a patch. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 164 Last | Next |
The time now is
2:49:46 PM
ET.
Any comment problems? E-mail us |
| #1 By 1845 (207.173.73.201) at 11/30/2001 4:28:07 PM |
| Thanks troll. |
| #2 By 61 (65.34.111.50) at 11/30/2001 6:03:19 PM |
| #4, and incase you don't realize, it's not Windows with the hole, it's a piece of software shipped with it. |
| #3 By 2332 (165.247.2.208) at 11/30/2001 11:36:16 PM |
|
#4 - Funny, cause that's a distinction that often gets missed when people start talking about IIS holes.
How exactly do you define an OS? Is it just the kernel? Is it just the kernel plus the command interpreter? The fact is, an "OS" is only as secure as the applications you run on it. The thing that makes this hole funny is that wuFTPd is open source, and this hole has existed since version 1.0 was released several years ago. Where were all those proverbial "eyes" that open source zealots love to talk about? And if you think this was isolated, what about that huge remote root hole in the telnet daemon that shipped in every version of BSD and Linux (except for OpenBSD) that allowed remote root with a fairly simple exploit? It had been there for almost 20+ years with nobody finding it. Countless revisions, thousands if not millions of "eyes" viewing the source. WHERE the hole is doesn't matter. When was the last hole in the NT kernel found? (File system, memory management, process management, etc.) I'll give you a hint... never. It's been modules running off the basic kernel that have had holes. While FTP certainly is a fairly "high level" module, telnet is pretty basic. The OS and the applications that run on it are blurred in their distinctiveness, so arguing "it's not Linux" is kind of moot. |
| #4 By 931 (24.98.84.49) at 12/1/2001 7:57:07 AM |
|
Itn't funny how when like they find a hole in IIS or WMP or IE or basicly anything microsoft it's front page news, or at least front pages 'technology' news.. But when the same happens for an *nix basic app\os it's more or less burried and only those who care seem to find the information..
Yes I know win32 in a more used platform, so yes I expect it to get a little more covereage.. but it still never ceases to amaze me. |
| #5 By 135 (208.50.201.48) at 12/1/2001 2:57:34 PM |
|
I'm surprised this is the only Linux problem that has received signifigant press.
RedHat has been sending these announcements out far more frequently than Microsoft. Today I received one about a vulnerability in OpenSSH. |
| #6 By 2332 (165.247.2.88) at 12/1/2001 9:12:28 PM |
|
#10 - That bug is pretty funny... but it's not part of the kernel, although that's not really the point of my previous post.
There are countless ways to crash *any* system, no matter your privs, so the fact that obscure combination of character codes crashes Windows is only funny, not a major bug. #15 - A couple of things... 1.) You say: "Linux distros never blame a user (a.k.a. Bill Gates stating people should have been smart enough not to open Lovebug attachments at work). Actually, Linux distros blame the user all the time. I can't tell you how many times I've heard "ya but no Linux user would ever run [insert crappy application here]" in an attempt to try and sidestep their own hipocracy. 2.) You say: "... nor do they label obvious bugs as features (a.k.a. a common answer on the MS Knowledge Base)." Example? Microsoft is pretty good about fixing bugs in most cases. Just because an application doesn't appear to act in the way users would want it to act doesn't make it a bug. It's only a bug if it doesn't act in the way the programmer intended. That's a definition. Oh, and at least Microsoft HAS a Knowledge Base. Microsoft has the single largest support resource of any company on the planet, and it's invaluable to I.T. people and to home users. Every Linux help resources usually consists of poorly written (often plainly wrong) FAQs that aren't even searchable, must less a "knowledge base." 3.) You say: "I don't claim that Linux is a replacement for Windows, but it is more solid and secure out of the box any day, and is far more customizable from an admin standpoint. Windows 2000 is a major step in the right direction, but there are still some flaws lingering from past versions, and some of those flaws have flowed into XP." Well, Windows 2000 *is* as stable as Linux. Period. Dispute that all you want, but I use both (a lot), and they are both extremely stable. Far more customizable? How so? Name a single thing you can customize in Linux (any windows manager) that I can't in Win2k or XP. Of course any application the size of an OS is going to have bugs and flaws... that's given - both for Windows and Linux. Microsoft, however, has been *innovating* unlike the various Linux developers, who have spent all their time both catching up or copying what Microsoft has done. Active Directory, for instance, is more than just an evolution of existing directory services... it's leaps and bounds better in countless ways. .NET is the "next big thing," so much so that I'm betting my personal carrier on it's success. I could go on, but could you? Can you name a single development out of the Linux community that was *new*? I can't... |
| #7 By 135 (208.50.201.48) at 12/1/2001 10:07:05 PM |
|
#15. Your "proven facts" are nothing more than ill-informed opinion. Linux is *NOT* more secure, is *NOT* more stable, does *NOT* have fewer bugs. The open codebase does *NOT* mean bugs are fixed faster, etc.
You may not be a staunch Linux supporter, but you've fallen for every lie that they propogate. :( |
| #8 By 135 (208.50.201.48) at 12/2/2001 1:38:13 AM |
|
No #23, you are wrong.
That's pretty unique, being ill-informed in both the political and computer realm. |
| #9 By 135 (208.50.201.48) at 12/2/2001 12:19:52 PM |
|
#25. Back what up? I'm not the one making the claim, you are.
Did you bother to go down the list of all those sites and see what they did? the telia.com, and tuan.com throw up a default Apache page. bizbase.com doesn't work. Most of the others have "Hi, this is my website" or something equally boring. I also went down half the list, and about half the machines are running some older version of wu-ftpd. If I was a more malicious sort, I'd use that fact to obtain root and disprove your point by doing a shutdown on those machines just to disprove your point. Honestly, do you not question why most of these machines are in Japan? I suspect it has to do with something in the network link confusing Netcraft's analysis and that these uptime figures are not correct. Good grief, use some critical thinking skills before you go around making ridiculous claims. |
| #10 By 61 (65.34.111.50) at 12/2/2001 1:30:58 PM |
|
#31, no, BSD is not still the choice. Your choice is choosing what you feel would benefit you the MOST, and then securing the box...
And by the way, it is a PROVEN fact that out of the box (that means right after install), Windows is more secure than Linux, ANYBODY who has worked with both OS's knows that. But OOB doesn't really matter, it's how much you can configure it for security purposes, and if you have a decent SA, then it doesn't really matter what you use. As far as stability, like he said, most of those sites aren't getting any real traffic... heck, I can keep my server at home up for a year or more with no problem, but then again, only a max of ten people are using it at a time. I really think it's pretty stupid how you make such blatently fanatical statements. |
| #11 By 2332 (165.247.1.13) at 12/2/2001 2:11:01 PM |
|
#31 - The Netcraft survey only looks at those machines that are exposed on the net. It doesn't look at the most reliable Windows, Windows 2000 Datacenter, which nobody in their right mind would use as a web server. Enterprise web sites typically consist of many machines making up a web farm, which means the uptimes of any individual machine doesn't really matter as long as the site remains available, which it does. Uptime itself, especially when web sites are concerned, is irrelevant.
Does that mean that Windows boxes are more likely to crash? No. It means that the admins of Windows boxes realize that their web site is running off a web farm, so they can feel free to bring down a server to do work on it instead of taking the extra effort to keep it up during that work. I've administered web farms for about 7 years now, and Windows 2000 makes that administration really easy - much easier that any unix package I've seen. As far as BSD being more secure... kinda. OpenBSD is very secure right out of the box because everything is disabled. (I like that, personally... but Microsoft has only recently adopted that ideology.) It also has a very stable code base which people have put a lot of work into. The rest of the BSD family (NetBSD, FreeBSD, etc.) is no more "secure" that NT/2k. How quickly people forget things like that massive remote root telnet hole which was in all versions of BSD (except Open) for over 20 years. You also must remember that BSD has such as small market share, there are very few "hackers" interested in drilling into it to find holes since their resulting exploits would have little impact. #18 - Can you post some proof? A KB article? A study of some kind? MFC is slow... so slow, it's almost not worth using it in most cases. While I might buy that Encarta uses MFC (it's slow too... :-) I seriously doubt and of the Visual Studio IDE or SourceSafe was written with it. The Visual Studio IDE exposes a LOT of COM interfaces, which means it was probably written with ATL, not MFC. Obviously, there are some applications (like company wide data sources) that absolutely have to be up as much as possible. Windows 2000 Datacenter GUARANTEES 5-9's of uptime (99.999%). No other OS does that. And alas, most Datacenter stats wouldn't show up on your list. The point is that uptime alone is not the only measure of reliability, and even when you only look at uptime, Windows does very well. |
| #12 By 135 (208.50.201.48) at 12/2/2001 2:35:00 PM |
|
I wish 63.178.193.134 would just adopt the ActiveWin id of OftenWrong. It'd make life a lot easier.
|
| #13 By 3108 (200.63.129.176) at 12/2/2001 4:56:23 PM |
|
#37 It ios the first person that realizes that the netcraft surveys are crap, you are right, from the point of view of surveys and statistics they are all bad formulated and bad evaluated, anyway it is important to knew that in order to know people that follow this false surveys because you will know that they are not good IT professionals.
I have spoken. |
| #14 By 2332 (129.21.145.80) at 12/2/2001 8:10:58 PM |
|
#40 - I said Active Directory was innovative, and I stand by my statement. I've used (and still use) NDS, and it simply doesn't hold a candle to Active Directory. NDS failed because Novell is a stupid company with horrible leadership. Their failure had little to do with Microsoft - in fact - the success they had, had a lot to do with Microsoft cooperation and support of Novell.
NDS does only a fraction of what AD does, although I would argue that it does do some things better, like how it manages site hierarchies. I still can't get used to the DNS model that AD uses, but that's personal preference... all in all, AD is far superior. |
| #15 By 2332 (129.21.145.80) at 12/2/2001 8:13:04 PM |
|
#39 - just because those applications have a dependency on mfc42.dll doesn't mean they were written entirely with it. Good tip though... I forgot about that neat util.
My original point was that MFC is slow and is used in very few cases. I still think that's the truth... but a lot of my opinion of MFC is based on unhappy projects that weren't well suited for it to begin with. |
| #16 By 135 (208.50.201.48) at 12/2/2001 8:48:51 PM |
|
#40. Actually the Microsoft Netware clients tended to work a lot better than the Novell ones.
Actually I wonder if one of the things that didn't do Novell in was their anti-piracy techniques. As much as people complain about Windows XP... Netware was there first and much more painful. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 164 Last | Next |
The time now is
2:49:46 PM
ET.
Any comment problems? E-mail us |
