[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT]: is this crap? -> wininformant headline "Most Insecure OS? Yep, It's Linux"

At the risk of being terribly unpopular I thought I'd share my personal

For 6 months I was running a Windows NT 4.0 based web, ftp and email server
(exchange 5.5) with the latest service packs (SP 6a+), and a weekly "Windows
Update". These machines for their lifetime were completely unhacked. My
email server wasn't an open relay, all was right with the world :).

4 months ago I switched to Redhat 7.2 - patched weekly with the Redhat
network. This infrastructure was hacked repeatedly, my email server was an
open relay, my ftp server was being brought down every other day, my web
server had the apache service brought down repeatedly, I was rebuilding my
boxes every three days. In short it was HELL.

I switched to Debian Woody about three weeks ago, installing the bsd based
ftp server (not that leaky wu-ftpd), the latest apache, exim, and cyrus. So
far so good - no hacks, reject log shows the bounced relay requests, and the
web service has been solid (although a browse through the logs shows the
buffer and cgi attacks being tried).

In short the article is almost right:
- Older Linux Distributions ARE vulnerable, the patches to fix
vulnerabilities on the older releases almost never work right (IMO), and
this is a problem.
- Older Windows Releases ARE vulnerable, but the patches to fix the
vulnerabilities DO work.
- Linux is maturing, and personally I like the choice and flexibility it
provides. Particularly with older equipment.

Despite the almost troll like language and bias, the authors facts are
correct. It's his conclusion that is wrong.

My off topic two cents.

----- Original Message -----
From: "Mike Dresser" <mdresser_l@windsormachine.com>
To: "Walter Tautz" <wtautz@math.uwaterloo.ca>
Cc: "Debian User Mail List" <debian-user@lists.debian.org>
Sent: Thursday, November 28, 2002 11:39 AM
Subject: Re: [OT]: is this crap? -> wininformant headline "Most Insecure OS?
Yep, It's Linux"

> On Thu, 28 Nov 2002, Walter Tautz wrote:
> >
> > Thought you might be interested in the FUD being reported at
> > The link to the story is:
> > http://www.wininformant.com/Articles/Index.cfm?ArticleID=27428
> Wonder how windows would do if I bundled
> monitor:~# apt-cache search ""  | wc -l
>    8989
> many programs with it.
> Granted, some of the problems the article states, a lot of people run that
> program, whether it be by choice or by distro default.
> Mike
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact

Reply to: