Re: Why are there few viruses for UNIX/Linux systems?
From: erik (erik_at_geenspam.vanwesten.net)
Date: Wed, 27 Aug 2003 21:14:39 +0200
> erik <email@example.com> wrote in message
>> Since may 1. One whole patch for security reasons. In a complete
> Yes that's very nice, but the release is still very new. And the patch
> is still for a very serious security threat.
Which is most probably caught by propolice anyway.
> This voids your claim that OpenBSD releases a lot less patches than
> other UNIX like distributions.
So please enlighten us with your information on other unix systems.
Please remember that nearly all distributions found out about their
holes approx. half a year after they were found&fixed in OpenBSD. <g>
You did not do any research did you?
>> No. It is the whole philosophy of carefully scrutinizing code,
>> together with protective measures. Propolice, W^X, systrace, together
>> with well written code makes a powerful combination.
> And they are the first and only who has done this and therefore is the
> most secure UNIX/like system out there?
They are the foremost doing it. It is the _primary_ focus of this OS. It
is not the primary focus of NetBSD, nor that of FreeBSD.
It is for sure not the focus, let alone the primary focus of any linux
distribution with the exception of secure debian or whatever it's
called. That one started a few months ago...
> Why do I find this hard to believe?
Because you are ignorant?
So, please tell me where is the security audit team for linux? Ok. Need
I say more?
>> Changing, changing, changing...
> Yes, the code for it is changing but does the user interface and
> coding interface change?
>> Nope. Which vms? :-) I have a little problem starting vms on my intel
>> machines or on my mac's.
> ;) The VMS O/S.
>> I did. Main objection is that it is not yet integrated. Code should
>> be written carefully in the first place. That is where things go
> Freedom to choose has always been one of the strong points of the Open
> Source community and why stop here? If we were to integrate everything
> good into the kernel it would be even larger than it is today
> (speeking of the source and not the compiled one) so therefore it's
> quite nice to have unofficial patches which work very well on the
> And have a look at the upcoming 2.6 kernel which will have support for
> SE-linux integrated.
That's not released right now. And yes I know. And yes I do run
> BTW how does openBSD implement it's stack protection? When I added
> stack protection to Slackware I had to recompile most of my software
> in order to be protected as far as one can be by it.
It is in the default distribution. Everything is compiled with stack
protection. You have to give the switch -no-stackprotection when
compiling when you do not want it.
A nice example is DansGuardian. Looks like a very nice product, but its
stable version will shutdown before it's even started. Stackprotection
intervenes. That is seriously bad for a protective product, and is not
caught when running without stackprotection...
> And if this is the case for openBSD too then your idea of security
> being a standard part of the OS from the beginning is falling since
> the stack protection software is changing the original software code.
What on earth is giving you that idea? Ever heard of compilers, and what
they do to your source code? Now you really give away your complete
-- Remove the obvious part (including the dot) for my email address