[Gllug] just preaching to the converted !

Simon Morris mozrat at gmail.com
Sat Oct 22 17:36:30 UTC 2005


On 22/10/05, Steve Nelson <sanelson at gmail.com> wrote:
> A security consultant friend of mine was recently hired to do some
> intrusion tests on professionally hosted windows and unix machines for
> a medium-sized ISP.  He was able to compromise more linux machines
> than windows machines.  I asked him why he thought that was... his
> answer: "Often people are more dilligent in patching windows machines
> than linux machines... many people will leave a linux system unpatched
> for many months, leaving dozens of nasty exploits open...."
>
> My point?  A professional sysadmin will keep a windows system as
> secure as a linux system, if they're any good.  In the last two years,
> my company (which has 1000s of windows, solaris and linux machines)
> has had one exploit... and that was due to a client refusing to patch
> php on a redhat box.

There's an interesting difference in thought between the Windows and
*nix world I find.

Windows people are typically keen to upgrade OS versions to fix
security issues and the assume that the next version will be more
secure than the last

*nix people often prefer to run older versions of software in the
knowledge that a lot of the holes have been patched and found out.

I heard a lot of people slag off the previous Debian Stable (Woody)
for being very very old, but not often for being very very insecure.

We had HP in to install a server recently for a service we outsourced
to them (Printer monitoring or some foo) and the server they turned up
with was Red Hat 7.3

Linux people can be lax about applying new patches but at least the
software lifecycle is longer on Linux.

Windows 2000 is end of life now AFAIK and security updates will stop
in the not too distant future, for most Linux distributions you can
get patches and updates for a longer period of time.


--
~sm
Jabber: mozrat at gmail.com
www: http://beerandspeech.org
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list