[Sussex] What path does one take

Ian mu mu.llamas at gmail.com
Thu Oct 19 10:57:20 UTC 2006


Yeah, interesting one really. It depends how you look at it still for me.
For example I haven't really known apache being broken into, but I have
known a lot sites being broken into commonly on apache. Thats the code
apache is serving not apache, but thats kind of what I'm saying. A default
Linux server will be pretty stable, a default win2k3 server I will be pretty
stable (assuming kept up to date).

The user/privilege level I still think overplayed. I see so many people use
root when they don't have to (myself included, it was actually ubuntu that
started me thinking how slack I had become when I found it stopped me doing
lots of things for a good reason). Also just because I'm not root, if I run
something as a user, and my user account gets hacked, It's still created
a huge problem. I could have viruses now and I wouldn't know as I don't run
a virus checker. You can take a machine down as a none privilege user with a
single shell command.

I'm not saying Linux is less secure, it isn't, so not trying to compare
windows to linux so much, just I personally believe there's a false sense of
security with it. I've actually seen a lot of people do something like
chmod/chown -R and simply include a leading slash by mistake messing up a
whole heap of stuff as well (work colleague, not me), or deleting files
(which are significantly harder to recover imo) when he had no reason to be
using root. There's ways around it all, but I find user mistakes and
confidence one of the biggest holes of the lot (be it running something as
root, some typing mistake etc).

In other words, Linux may be *that* good, but I don't believe the users are
;).

Ian




On 10/19/06, Vic <lug at beer.org.uk> wrote:
>
> > So I take the opinion that Linux is only really more stable and less
> > viruses because less software is typically installed on it
>
> No - I fundamentally disagree with this.
>
> It's been Microsoft's position for the longest time that the greater
> numbers of infestations of MS products compared to Linux is down to the
> installed base, and many commentators have swallowed this line. Yet it
> doesn't hold water.
>
> Consider the web-server market. According to Netcraft, Apache has some
> 70-odd % of all web servers. Now that's not exactly equal to 70% Linux,
> but it's good enough for rock 'n' roll. IIS has somewhere around 20%.
> Linux has *much* greater penetration in this market.
>
> So this means that Linux/Apache is the one that gets broken into, rather
> than Windows/IIS, does it? I've yet to see a stat that supports that...
>
> The main reason IMHO why there is no real virus problem with Linux is that
> there is proper privilege separation. It is enforced (and if you listen to
> the SELinux guys, it's likely to be enforced more strongly in the future).
> Now modern versions of Windows *could* do something very similar (although
> there are fundamental flaws in the scoping of its registry, AIUI) - but
> almost every user runs without that separation, because if they used it,
> things would be as "difficult" or "complex" in the Windows world as they
> are in the Linux world (I use quote marks because I don't believe
> privilege to be either difficult or complex - but it does require a little
> thought from time to time).
>
> All the above might change if Linspire and its view of life become
> prevalent... :-(
>
> > and people have false confidence in it.
>
> I don't think there's many people have "false" confidence in it. Linux
> just *is* that good.
>
> Vic.
>
>
> __
> Sussex mailing list
> Sussex at mailman.lug.org.uk
> E-mail Address: sussex at mailman.lug.org.uk
> Sussex LUG Website: http://www.sussex.lug.org.uk/
> https://mailman.lug.org.uk/mailman/listinfo/sussex
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/sussex/attachments/20061019/d217d9d0/attachment-0001.htm 


More information about the Sussex mailing list