William Chops Westfield wrote: > On Dec 16, 2004, at 8:10 AM, Herbert Graf wrote: > >> >> Sorry, no. Most *nix distros get "dumb" users to run as "normal" users, >> that means the worst damage they can do to a system is their own home >> directory. >> > Oh. You have personnel to manage the "non-home" directories? Cool. > With that much help, I could probably make a windows system secure, too. Actually the most successful commercial Linux distros automate this part. Other commercial *nix's are horribly lacking here, perhaps AIX being an exception. > Besides, nowadays the obnoxious things that a cracker might do with > a compromised system don't necessarily involved a need for root > access. :-( There's two threads here: What can someone do once they're "in" and what can they do to other machines on the Net. On the first, I contend that they can do less to a compromised *nix system if they compromised it as a non-root user. On the second, I contend that they can do whatever they want from either system. Thus giving *nix a slight edge. > I know several people with professional unix administration experience > and > quite a lot of brains that discovered the hard way that their net-visible > unix system was a lot more difficult to keep secure than they expected. See automation comment above. Many admins are too lazy to implement it, however... and they get the fruits of their laziness. XP finally built-in tools for such patch automation from the vendor about two years ago, which made me super-happy to see them do it. > (of course, it helps that a unix system sort of starts out secure and > becomes > less so as you make it do useful things, while a windows box (prior to > SP2, > anyway) starts out horribly insecure and requires expertise to MAKE > secure > to a point where you even dare to connect it to the internet... Very enlightened comment, Bill. Now answer me this one... because I think it's an excellent example of what I am asking people regularly. If someone is pressed for time and needs to engineer a proper solution for any common computing problem. From a purely-engineering and risk-assessment standpoint... Which type of system should they start with? The secured one that they have to make conscious decisions to make less secure, or the unsecured one they have to lock down? Which is more likely to have mistakes? I think James' experiences with Linux may have been with a Linux distro that "broke ranks" and switched their security model around to match the "everything's running, you turn it all off" model when he tried to migrate PICList to Linux. Nate _______________________________________________ http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist