Ken Pergola wrote: > I was hoping someone could educate me on something that I see and hear a lot > of comments about. I hear a lot of claims that Linux is more secure than > Windows, but I don't usually see people elaborate on why this claim is made > after they make it. > > Isn't C++ the underlying language that both operating systems are written > in? > > And if so, wouldn't both operating systems be *equal* in their > susceptibility to buffer overrun attacks, for example, due to the pitfalls > of C-string functions like 'strcpy', 'strcat' in C++? Yipes Ken, I can't believe you asked this question! ;-) And I can't believe the responses, they have been well behaved! I find this whole security issue to be very confusing from a user, programmer and engineer prospective. I don't know what to believe. As a user: I find that I can get virus, trojan or zombie programs while using MS LookOut but I must use it because that's what my employer requires. I have switched to Firebird as my default browser and that works 98% of the time. The exception is internal web sites who place restrictions on the browser type, usually in the form of MS Java calls that only work with IE (grr, but I guess I can trust them). As a programmer: I need to avoid doing certain things such as buffer over runs. Good! Someone please who me examples of bad programming and ways to avoid them. And I don't mean the simple stuff like arrays (I know this) but how about the more complicated stuff. I want to write better programs. As an engineer/architect: This one drives me really nuts. I need to build a product, in a short time. I need to use standards such as SSH and SSL. But now where do I get the room to add these protocols in. I'm told here is what we want, here is the cost, make it fit. Guess what I have to get rid of first. BTW, before anyone get the wrong impression, the company I work for has shot down products that lack security. If the security isn't up to par with corporate standards then we won't go forward with it. Of course there is a certain 'level of trust'. Also I don't build hardware I build services, I'm in the networking industry. Even with my hobby projects (which I fund myself) I find I end up 'putting together something' simple and growing it out to the more complex. Security tends to be the more complex and the last thing added. One of my current projects is an HA controller. So far the hardware is looking good and the OS I've chosen even has the security components I'll need but how do I make it easy to use, install and maintain while still allowing it to be stand alone? So I now have concerns about the physical, the logical (IP), the OS, the apps and the end user. Hmm, did I miss anything? If I did I could end up with a zombie house. Heck, I wonder how long before my home is part of the computer? -- Linux Home Automation Neil Cherry ncherry@comcast.net http://home.comcast.net/~ncherry/ (Text only) http://linuxha.sourceforge.net/ (SourceForge) http://hcs.sourceforge.net/ (HCS II) -- http://www.piclist.com hint: The PICList is archived three different ways. See http://www.piclist.com/#archives for details.