Re: How safe is a "Limited" XP account?

From: Todd H. (comphelp_at_toddh.net)
Date: 02/25/05

  • Next message: André Gulliksen: "Re: How safe is a "Limited" XP account?" 
    Date: 25 Feb 2005 11:24:55 -0600

    Twisted One <twisted0n3@gmail.invalid> writes:

    > Todd H. wrote:
    > > OpenBSD is regarded by many as one of the most secure OS's out there.
    > > Neither Linux nor WinXP really come close.
    >
    > How is Linux worse?

    No default buffer overflow countermeasures, among other things.
    SE-Linux addresses that I believe http://www.nsa.gov/selinux/ but
    most distro's by default lack much in the way of stack execute
    protection and such goodies that make it much harder for the bad guys
    to exploit programs that are vulnerable to buffer overflows.

    Linux, however is moving toward OpenBSD levels of security-by-default
    faster than Windows seems to be. Windows has a tougher row to hoe
    though because the whole damned architecture was sorta caught by
    surprise that this internet things really caught on, whilst *NIX's
    have lived in a networked world essentially since birth.

    Some more info on Open BSD's goals here:
            http://www.openbsd.org/security.html

    You'll notice their advisory list is a whole lot shorter than either
    Linux (pick any distro) or Windows, but their security architecture in
    OpenBSD has been among the #1 priorities from the inception of the OS
    and code has been extremely thoroughly audited and they have a fairly
    tight knit group of developers trusted with modifications. Linux is
    much more of a "bazaar" approach with a lot more hands in the cookie
    jar.

    Linux fans, on the other hand, argue that there are more security
    tools available for Linux, so Linux has the potential to be awfully
    well secured. Even so, nearly all distros don't come that way by
    default, and most users are far from security experts and lack the
    knowledge to lock them down all that well. In practice, it turns out
    that it's not hard to find Linux boxes that are vulnerable to
    something exploitable due to an administrator not keeping up with
    patches. OpenBSD boxen on the other hand...if there is a
    vulnerability out there, they're a lot harder to exploit on that OS.

    Best Regards, 

    -- 
Todd H.
http://www.toddh.net/
  • Next message: André Gulliksen: "Re: How safe is a "Limited" XP account?"

    Relevant Pages

    • RE: Ten least secure programs
      ... contrary to the statistics. ... corrected virtually all current and yet to be discovered security issues ... with Linux. ... Subject: Ten least secure programs ...
      (Security-Basics)
    • Re: Ten least secure programs
      ... Subject: Ten least secure programs ... only someone that's hard up to bash Linux users would assume this. ... > corrected virtually all current and yet to be discovered security issues ...
      (Security-Basics)
    • RE: [Full-Disclosure] RE: Linux (in)security
      ... We simply use alternate approaches to security. ... Microsoft for their platform of choice, so, we are simply changing with the ... I have never heard of a Linux vendor saying that Linux is "secure out of the ...
      (Full-Disclosure)
    • Re: Ten least secure programs
      ... it's probably better you leave the topic alone ... I said I do not have security issues with the programs I code. ... I didn't realize you were a Linux user, ... > the most widely used and secure UNIX flavors? ...
      (Security-Basics)
    • RE: Selecting OS for High-availability/mission-critical web portal
      ... Any one of the good Linux distros would suit you fine. ... if you have no experience with any of these security won't matter. ... Linux and OpenBSD are the main candidates for this mission. ... Linux Debian with SELinux: ...
      (Focus-Linux)