RE: Ten least secure programs
From: Brad Bemis (Brad.Bemis_at_airborne.com)
Date: 07/07/03
- Previous message: Bryan S. Sampsel: "Re: Firewall Comparisons"
- Maybe in reply to: Paul Kurczaba: "RE: Ten least secure programs"
- Next in thread: Chris Berry: "RE: Ten least secure programs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 7 Jul 2003 09:13:55 -0700 To: "Jay D. Dyson" <jdyson@treachery.net>, "Security-Basics List" <security-basics@securityfocus.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I do not find your take on this to be quite accurate (though I do like your
apples to applesauce analogy). While it is true that many Linux
vulnerabilities stem from applications and services that are not considered
'core' to the OS, the fact that these applications are provided as part of
a distribution, and are often installed by default (depending on the
installation process) should be kept in mind. Also note that many Linux
security holes in 'non-core' applications or services generally tend to
impact or affect a great number of the distributions that are out there.
- - Brad Bemis
- -----Original Message-----
From: Jay D. Dyson [mailto:jdyson@treachery.net]
Sent: Thursday, July 03, 2003 5:34 PM
To: Security-Basics List
Subject: RE: Ten least secure programs
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 3 Jul 2003, Dan Bartley wrote:
> You might want to study the statistics for the past year before making
> "my favorite OS" statements. Linux actually came out on top of the pile
> for number of security holes, number left unfixed, number of actual
> compromises and slowness in dissemination of information and fixes.
>
> FreeBSD came out among the best, or near, I believe. Windows was in the
> middle.
I'm afraid your claim (whether by accident or design) is highly
misleading. "Linux" isn't just one product. At present there are around
fifty (50) popular Linux distros supporting no less than nine (9) hardware
platforms. Even by conservative estimates, that's easily over 400+ very
different releases of one OS type.
Consider also that the vast majority of Linux issues don't stem
from the core OS, but from the various distro team's implementation of an
otherwise sound product. (That is to say, a poor implementation of a
third-party product doesn't mean that the product or Linux is flawed, but
that particular Linux team's implementation of said product.)
Given this reality, the comparison you make isn't even apples vs.
oranges. It isn't even close to apples vs. watermelons.
It's more like apples vs. applesauce.
- - -Jay
( ( _______
)) )) .-"There's always time for a good cup of coffee"-. >====<--.
C|~~|C|~~| (>----- Jay D. Dyson -- jdyson@treachery.net -----<) | = |-'
`--' `--' `Red meat isn't bad for you, fuzzy green meat is.' `------'
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.
iD8DBQE/BMuNNlg1oZSC9mkRAnSHAJ9ovQGNDzJksx3H4nwwUsO38ItFOQCfZO9U
IWCVWvJV0JWHdNgvFi67k0s=
=A9Ox
- -----END PGP SIGNATURE-----
- ---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
- ----------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Comment: KeyID: 0xB8F26ADD
Comment: Fingerprint: 6E1C D617 CD65 A203 7FD5 4C68 90E7 39F4 B8F2 6ADD
iQA/AwUBPwmcQ5DnOfS48mrdEQKZTgCgzrmJt7XTRWW9zHdWiKcz+pKRCzgAoMOn
E/sa850Am5t3u5sFBjoB+uHM
=GIby
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
- Previous message: Bryan S. Sampsel: "Re: Firewall Comparisons"
- Maybe in reply to: Paul Kurczaba: "RE: Ten least secure programs"
- Next in thread: Chris Berry: "RE: Ten least secure programs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
