Inline comments:
On Friday 27 June 2008 08:26:27 Brian Martinez wrote:
> Ehren Benson wrote:
> > I am of course being OS Agnostic here, but any OS is only as secure as
> > its user. It's not Microsoft's or anyone else's responsibility to make
> > it so that all attempts by end users to make their machine as insecure as
> > possible by being ignorant fail.
> >
> > In our department in the past the number of machines compromised have
> > been probably 8 to 1 Linux due to people being irresponsible with their
> > root password.
>
> How do you say "I am of course being OS Agnostic here" and then go on to
> compare Windows and Linux compromises, attempting to make Windows sound
> better...???
>
> I don't know that I agree with Steve about "the builders are to blame."
> If my machine gets compromised I blame myself in the majority of
> situations. 0sec/0day exploits are another story altogether...
If I said or implied that 100% of the problem was the builder, I apologize.
But it *is* a diseased op system, and difficult to deal with properly.
>
> But the problem you make sound like a bigger issue on Linux is EXACTLY
> the same problem that is a *HUGE* deal on Windows. When you install
> Windows, or when you load it for the first time on your newly purchased
> computer the default account no matter what its called has Administrator
> privileges. And since there are [let me pull a number out of thin air
> here] 100 times more Windows machines as there are Linux machines, I see
> it as a 100 times bigger problem. Albeit the same problem, but its the
> scope that is worse. That is how you get these zombie/bot networks.
It's at least 1000 times. But the problem is even worse on Windows, in
that there is software out there that really fights if the user is not the
administrator. I don't know of any software like that in unix-like land.
>
> I don't doubt for a minute that there are zombie networks comprised of
> Unix boxen, but I highly doubt there are 100s if not 1000s of zombified
> unix networks like you have with Windows. And that's just simply
> because as I said there are X number more Windows machines in existence
> than there are Unix. Having said that I guess I can see why Steve says
> "the builder is to blame." Or at least the realtor (marketing
> department) who works for the builder.
I think if you looked at the number of deadly IP stack problems (RPC
and the like) on Windows, it dwarfs the number of similar problems on
Linux, and is even better for the BSDs, AIX and Solaris. This is not to
say those other op systems haven't had problems, but I don't expect
to hear of remote code execution problems in OpenBSD. I do, from
past experience with Windows.
>
> At any rate, the blame is probably almost always going to lie in several
> places not just the end user and not just Windows or Linux or OSX or
> _Whatever_OS and furthermore most people aren't going to blame
> themselves anyway. As a generality "users" are almost always out of
> their element, they often carry a "well I didn't think that could happen
> to me" attitude. Hell, even I carry that attitude and I know better!
Well, sure. But look at Macs and how much better they've stood up.
Of course Apple needs to be looking at the Darwin code base better
than they have been for problems, but at least they have Net/Open/
FreeBSD to look at. Thats a huge advantage.
>
> *frustrated with your post*
> ./brm - a windows admin stuck inside a unix admin's body
>
>
> (P.S. It has been awhile since I've installed a fresh Linux box, but it
> seems like they typically make you create a non-root user during the
> install.)
> (P.P.S. I am currently running NO anti-virus software on my Vista
> machine. Nor have I been running any for a few months. I know who to
> blame if/when I get a virus, *me*)
Vista does show signs of being better! If it wern't so odd in other aspects
I'd have more hope for it.
I am *REALLY* hoping that Windows 7 will do things like break with binary
compatibility, among other things. Once MS cuts ties to supporting
legacy code they can make a better OS. I think there are enough good
people there that they can do that. But the marketing people have to
get out of the way. We might be hearing interesting stores of internal
battles, soon.
--STeve Andre'
|