Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] Linux Security Myths Busted (Or Why Linux is More Secure)

  • Subject: [News] Linux Security Myths Busted (Or Why Linux is More Secure)
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Tue, 19 Feb 2008 14:51:11 +0000
  • Newsgroups: comp.os.linux.advocacy
  • Organization: Netscape / schestowitz.com
  • User-agent: KNode/0.10.4
Top 10 Linux FUD Patterns, Part 5

,----[ Quote ]
| FUDsters will argue that any security software for which the source code is 
| freely available to the public is inherently not secure. This is based on the 
| assumption that the source code will either reveal the secret functionality 
| that makes the security software work or expose bugs in the security software 
| itself that can be exploited as well.    
| 
| First, if someone cannot open their source because they are afraid it may 
| reveal secret functionality, then it wasn’t properly designed from the start. 
| The worst-possible example of this is hardcoding passwords in programs, 
| especially if they are scripts stored in clear text. Good security schemes, 
| such as encryption, rely directly on information the user provides, and often 
| make use of one-way functions.     
| 
| Second, Open Source software is available for public scrutiny. If you cannot 
| read and understand the code yourself, rest assured that there are many folks 
| out there that can and do. Why? Because many businesses do actually use Open 
| Source software and have everything to lose if they don’t test it out first. 
| That being said, I consider many corporate “testimonials” sponsoring one OS 
| or another based on security or other factors to be FUD, mainly because they 
| often appear in paid advertisements and seldom reveal the details of tests 
| performed to lead to such conclusions. Independent certification and research 
| performed by government or other nonprofit entities are usually the most 
| objective and reliable.         
| 
| Aside from learning the code, another way to test an application’s security 
| strength or to see if it transmits private data is to watch (or “sniff”) the 
| port on which it communicates using a network monitoring tool. Such data may 
| be encrypted, but the (data) size and timing of requests made by the client 
| software should be consistent and reasonable. This is a technical task, but a  
| bit easier than learning how the code works. Just remember, sniffing outside 
| of your own network may be considered illegal.     
| 
| Finally, there are many Linux opponents that would jump at the chance to 
| expose real security weaknesses in Linux and its applications. These are 
| often vendors of competing software and have both the money and channels to 
| make themselves heard. When such a claim appears on the Web, look for 
| specific details about the vulnerability. If there are none, it may be FUD. 
| Also, check the software website to see if the vulnerability has been 
| acknowledged or refuted as well as any status on its repair. Never take such 
| claims at face value.        
`----

http://linuxfud.wordpress.com/2008/02/18/top-10-linux-fud-patterns-part-5/

"We should dedicate a cross-group team to come up with ways to leverage Windows
technically more."

                                --Jim Allchin, Microsoft fiend


Recent:

Microsoft is Stupid, Apple is Not  

,----[ Quote ]
| If you take a look at the history of OS design by each company, it's pretty 
| clear why this is so. Microsoft has historically made an unreliable, ugly, 
| and highly insecure operating system based on its own spaghetti/Swiss cheese 
| code. This is no secret to anyone who has followed the industry or even used 
| Windows on a daily basis. If you are a Windows users you MUST have 
| spyware/virus/malware prevention software or, sooner or later, your machine 
| is going to get nailed.      
| 
| It isn't Microsoft bashing to say any of this, it's just the truth for 
| Windows users each day of their computing lives.  
`----

http://www.extremetech.com/article2/0,1697,2257007,00.asp


Related:

Why Linux is More Secure Than Windows

,----[ Gist ]
| Much better patch management tools...
| 
| Much stronger default configuration...
| 
| Modular Design...
| 
| Better tools to protect against zero-day attacks...
| 
| Open Source Architecture...
| 
| Diverse Environment...
`----

http://freewebsoftwarereviews.blogspot.com/2007/12/why-linux-is-more-secure-than-windows.html


Linux Security: A Big Edge Over Windows

http://www.linuxinsider.com/rsstory/54742.html


The problems with Vista laid bare - What might have been

http://www.theinquirer.net/default.aspx?article=38419


Why Windows is less secure than Linux

http://blogs.zdnet.com/threatchaos/?p=311


Microsoft Windows: Insecure by Design

http://www.washingtonpost.com/ac2/wp-dyn/A34978-2003Aug23?language=printer


If Only We Knew Then What We Know Now About Windows XP

http://www.washingtonpost.com/wp-dyn/content/article/2006/09/23/AR2006092300510.html?nav=rss_technology


Why Windows is a security nightmare.

http://www.smh.com.au/articles/2004/05/21/1085120110704.html


The Structural Failures of Windows

http://www.theinquirer.net/default.aspx?article=15305

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index