| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
What are the real vulnerabilities of Linux? | |
|
||
| Time: 18:44 EST/23:44 GMT | News Source: E-Mail | Posted By: Brian Kvalheim | ||
|
Some Linux fans are tired of reading reports and articles about viruses and attacks for the Linux operating system that would be as bad as malware for Windows if the open source OS was most popular. Why waste your time worrying about a potential threat for which there is little historical or empirical evidence that it even exists, right? OK. For this article, it is accepted that in today's real world, there is little to suggest that worm writers would or could create the same degree of havoc on Linux as they have for Windows. However, that does not mean that Linux is impermeable to attack by the same kind of malicious, worm-writer-minded efforts that plague Windows. So what are the real vulnerabilities of the Linux operating system? A few experts weighed in for NewsForge. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 304 Last | Next |
The time now is
12:33:50 PM
ET.
Any comment problems? E-mail us |
| #1 By 1401 (69.40.48.240) at 12/7/2004 7:36:26 PM |
| I say the most serious vulnerability in Linux is when the user presses the power button... |
| #2 By 1643 (204.210.28.138) at 12/7/2004 10:11:29 PM |
|
#2 Kind sir, my periodic debate of your often ridiculous assumptions:
1. Default settings for workstation installations are typically locked down with a firewall, and automatic updates... So does WinXP SP2...and the interface is way more intuitive, easier to manage (group policy, Microsoft or internal updates, etc.). I didn't have the support key for the 30 trial of automatic updates from Novell Desktop Linux Distro as it was stored as an email on my mail server and I was prompted I could do it later. It took me 30 minutes to figure out how to enable the darn thing...it was so unintuitive. 2. By separating "stable" and "cutting edge.. Who separates these? Which authority (of the many groups and distros) do you get your build stable/beta build from (of course a company could employ you to tell them)? The problem with OSS, is many of the OSS talent (developers with free time) don't focus on the stable builds...the geeks and want the latest and greatest beta builds. Older versions (meaning your deployed base in an large company) don't get nearly the attention that a proprietary software vendors pays to it's installed base. In addition, because there is no unified platform base, an ISV can't distribute to a mass market and expect to generate significant return on investment once support costs are factored in. Of course, this falls on my paranoia that OSS advocates generally are advocates for their own employment (duh); and it's OSS followers (because it's cult...lol), are upset that "tech presence" in small businesses is much less today, because of assortment of cheap (and easy to use) mass marketed software. They generally prefer to have archaic (i.e. linux ) oss software that requires ordinary people to throw up their hands in dispair...which is boons to the tech's self esteem (and wallet). 3. Russell said he himself has downloaded an ISO image that was "grabbed from anywhere,"... Authenticode (or the many versions out there) is much simpler design...why force humans to verify the code? IMHO, because your normal user won't, and you have to expect this as a tech professional. Automate and KISS rule the world my friend. 4. He also said autoexecuting content, macros embedded in documents, platform and application homogeneity, and lack of different user and security policies are all Windows plagues that never have been nor will likely be a concern to Linux users... Why don’t you (and him) understand is that those "autoexecuting content, macros, etc" make users more productive...and tackling the security problem is a lot better then removing features. I think current versions of the Microsoft platform outshine the competition in strong security balanced with powerful productivity features. I would love to debat you on this :) Also, the lack of security policies management...what is hey is he talking about? You had logon scripting and system policies from 95/NT4 to AD/Group Policy today. If you don't know how to do this, get out of IT profession please...you're giving the rest of us a bad name. 5. They barely touch on this "technical superiority" that they keep mentioning throughout the article.... Linux is not technically superior to squat. Maybe I’ll grant it “good enough”, but "technical superiority"…ha. How does that kool-aid taste? 6. Beale said the faster embrace and adoption of new technology in Linux also helps secure the operating system. While Microsoft cannot make major changes without worrying about their impact on administrators that may not fully understand a firewall, the problem is not prevalent for Linux. Bite me you OSS bigots…I know what a firewall is. :) This post was edited by humor on Tuesday, December 07, 2004 at 23:26. |
| #3 By 1643 (204.210.28.138) at 12/7/2004 11:33:39 PM |
| #4 Has it ever happened before? I vaguely rememember something about a distro server was hacker a while back. |
| #4 By 1643 (204.210.28.138) at 12/8/2004 2:01:16 AM |
|
1. It is just part of the development process...
This management methodology doesn't scale in a medium to large company. Small organizations can't afford a dedicated IT staff. 2. The Linux Standards Body are taking care of any standards necessary... It's not close to a reality today, especially in enterprise management. 3. why force humans to verify the code... What machine are you talking about? I think we are talking about different things. My point was there was no verification of the ISO I downloaded from Novell (or any distro) was untampered. 4. Flaws in in this is the large problem on windows, leading to mass-mailing worms... It is not a flaw, it's a feature that exposes additional avenues of attack...and in it's present form (Office 2003 SP1) it is good balance. There is a lot of custom productivity enhancing IP stored in macros in office documents, especially excel in many offices. IT should empower users, not lock down everything so tight where users can't empower themselves. 5. I agree that they didn't build a solid case for this ... There is NO realistic case of Linux being technical superior to any OS. It's free though. This post was edited by humor on Wednesday, December 08, 2004 at 02:03. |
| #5 By 1643 (204.210.28.138) at 12/8/2004 3:07:23 AM |
|
1. I was using K3B as an example...
OK, sorry I didn't know about a super cool cd program that checks the MD5 sum for the 2 times I install Linux a year. You don't solve the way humans actually behave, you must automate the process...like authenticode. 2. It is not a flaw, it's a feature that exposes additional avenues of attack... An issue, but that does not make it negative issue. It just requires a little better thinking on the IT pros part. 3. That's the view one would have after poring through Microsoft's wealth... My opinion is based on a number of sources...primarily on my experience, facts, and my vast sceptism of unproven ideology. Linux is not close to being ready for primetime outside the world of techies servers...maybe 5 years at the earliest. #8 Closed, bad. Very, very, bad. :) |
| #6 By 1643 (204.210.28.138) at 12/8/2004 4:18:49 AM |
|
#11
My grandma has no idea what you're talking about...neither does my sister. So unless it comes up automatically with simple instructions...it's only good for techies 5%. Not because 95% users are stupid, it's just no their job to be techies...we should make it easy. This post was edited by humor on Wednesday, December 08, 2004 at 04:22. |
| #7 By 12071 (203.206.246.16) at 12/8/2004 6:23:14 AM |
| #9 Based on the collision attacks found earlier this year and this: http://developers.slashdot.org/article.pl?sid=04/12/07/2019244&tid=93&tid=172&tid=8, I wouldn't rely on MD5. Should use something like SHA-1 instead although it's not as popular. |
| #8 By 7797 (63.76.44.6) at 12/8/2004 12:32:10 PM |
|
"I say the most serious vulnerability in Linux is when the user presses the power button..."
I say its comments like those that stop people from taking you seriously! |
|
Write Comment
Return to News |
Displaying 1 through 25 of 304 Last | Next |
The time now is
12:33:50 PM
ET.
Any comment problems? E-mail us |
