Top 10 Linux FUD Patterns, Part 5
,----[ Quote ]
| FUDsters will argue that any security software for which the source code is
| freely available to the public is inherently not secure. This is based on the
| assumption that the source code will either reveal the secret functionality
| that makes the security software work or expose bugs in the security software
| itself that can be exploited as well.
|
| First, if someone cannot open their source because they are afraid it may
| reveal secret functionality, then it wasn’t properly designed from the start.
| The worst-possible example of this is hardcoding passwords in programs,
| especially if they are scripts stored in clear text. Good security schemes,
| such as encryption, rely directly on information the user provides, and often
| make use of one-way functions.
|
| Second, Open Source software is available for public scrutiny. If you cannot
| read and understand the code yourself, rest assured that there are many folks
| out there that can and do. Why? Because many businesses do actually use Open
| Source software and have everything to lose if they don’t test it out first.
| That being said, I consider many corporate “testimonials” sponsoring one OS
| or another based on security or other factors to be FUD, mainly because they
| often appear in paid advertisements and seldom reveal the details of tests
| performed to lead to such conclusions. Independent certification and research
| performed by government or other nonprofit entities are usually the most
| objective and reliable.
|
| Aside from learning the code, another way to test an application’s security
| strength or to see if it transmits private data is to watch (or “sniff”) the
| port on which it communicates using a network monitoring tool. Such data may
| be encrypted, but the (data) size and timing of requests made by the client
| software should be consistent and reasonable. This is a technical task, but a
| bit easier than learning how the code works. Just remember, sniffing outside
| of your own network may be considered illegal.
|
| Finally, there are many Linux opponents that would jump at the chance to
| expose real security weaknesses in Linux and its applications. These are
| often vendors of competing software and have both the money and channels to
| make themselves heard. When such a claim appears on the Web, look for
| specific details about the vulnerability. If there are none, it may be FUD.
| Also, check the software website to see if the vulnerability has been
| acknowledged or refuted as well as any status on its repair. Never take such
| claims at face value.
`----
http://linuxfud.wordpress.com/2008/02/18/top-10-linux-fud-patterns-part-5/
"We should dedicate a cross-group team to come up with ways to leverage Windows
technically more."
--Jim Allchin, Microsoft fiend
Recent:
Microsoft is Stupid, Apple is Not
,----[ Quote ]
| If you take a look at the history of OS design by each company, it's pretty
| clear why this is so. Microsoft has historically made an unreliable, ugly,
| and highly insecure operating system based on its own spaghetti/Swiss cheese
| code. This is no secret to anyone who has followed the industry or even used
| Windows on a daily basis. If you are a Windows users you MUST have
| spyware/virus/malware prevention software or, sooner or later, your machine
| is going to get nailed.
|
| It isn't Microsoft bashing to say any of this, it's just the truth for
| Windows users each day of their computing lives.
`----
http://www.extremetech.com/article2/0,1697,2257007,00.asp
Related:
Why Linux is More Secure Than Windows
,----[ Gist ]
| Much better patch management tools...
|
| Much stronger default configuration...
|
| Modular Design...
|
| Better tools to protect against zero-day attacks...
|
| Open Source Architecture...
|
| Diverse Environment...
`----
http://freewebsoftwarereviews.blogspot.com/2007/12/why-linux-is-more-secure-than-windows.html
Linux Security: A Big Edge Over Windows
http://www.linuxinsider.com/rsstory/54742.html
The problems with Vista laid bare - What might have been
http://www.theinquirer.net/default.aspx?article=38419
Why Windows is less secure than Linux
http://blogs.zdnet.com/threatchaos/?p=311
Microsoft Windows: Insecure by Design
http://www.washingtonpost.com/ac2/wp-dyn/A34978-2003Aug23?language=printer
If Only We Knew Then What We Know Now About Windows XP
http://www.washingtonpost.com/wp-dyn/content/article/2006/09/23/AR2006092300510.html?nav=rss_technology
Why Windows is a security nightmare.
http://www.smh.com.au/articles/2004/05/21/1085120110704.html
The Structural Failures of Windows
http://www.theinquirer.net/default.aspx?article=15305
|
|