On Thu, 2002-10-31 at 21:07, Alan Brumley wrote: > I can't believe how hard y'all are prodding our Admin! If you mean me, I hope that's not how it's being taken! I am just discussing... and worried that folks in high profile positions be careful not to make blanket statements about the security of things they do not use. > I recently switched to Linux and I'm really digging it. I still don't feel > as safe as I did running my NT box. Iptables is what helps me sleep at > night but that's another topic. I should probably be more worried than I > am. You have backups, right? (poke, poke) > It's still amazing to see how many security alerts I get in my inbox from > redhat though! Again, IPtables makes me feel a little better. Yes, but you're not really RUNNING all that stuff, are you? There is absolutely no reason there should even be an "Everything" installation option on RedHat. That makes me nuts that they even have that... Hopefully you've signed up for RedHat Network or installed APT-RPM, or something to handle finding and downloading updates easier, eh? That's important... for later when you lose interest and aren't as motivated to fiddle with the machine... in a home/non-work environment... it'll update itself while you do other things. (GRIN) Secondly, if you look carefully at most of those security notices, they're EXTREMELY hard to exploit... Linux is generally going through "code cleanup" over the last year or so and people are finding time to find really obscure bugs... generally. I also see less of a lag time from when an exploit is published to when the patches are released from the Linux vendors vs. Microsoft. > I am slowly falling more in love with *nix in general, but the comment about > the vast number of script kiddies being attributed to the lack of security > of the microsoft products gets me. The fact is, more people use Windows > than any other OS. There's more fingers probing ports on the OS because if > you find a weakness, the payoff is better. I'm not a hacker, but I'd rather > crack into 100,000 dialup/cable modem machines rather than 10 webservers. > You can do a lot more damage and cause a lot more havoc. Case in point.. > Macintosh. The OS is surrounded by the same secrecy, but they are hacked > far less. Why? Not as many people trying and the payoff isn't as grand! > The developer community for *nix is not that large. Don't get me wrong, > it's BIG, and on paper, it should be better than "Corporate owned" OSes, but > in reality today, it's barely better, not a slam-dunk like is often > portrayed. If someone's writing a DDoS they'd go after Windows desktops, no doubt. Someone wanting free file space on big bandwidth is probably going to target Unix boxes (because generally the chances that they'll hit your home box on small bandwidth is low in an automated scan). > PS: if anybody is a linux security "expert" and has some time to chat, drop > me an email. Well, hard to say if I'm an "expert", but I'll e-mail you off-line... (GRIN). -- Nate Duehr, nate@natetech.com -- http://www.piclist.com#nomail Going offline? Don't AutoReply us! email listserv@mitvma.mit.edu with SET PICList DIGEST in the body