Re: Secure OS's
On Wed, 28 Apr 2004, Roberto Sanchez wrote:
secure means different things to everybody ...
security is something *-YOU-* do or don't do ...
NOT what the distro is
- its how you build your boxes
- its how you allow people access to your boxes
- its how you backup your boxes
- its how you harden your boxes
- its how you "blah" yoru boxes
security or "secure OS" has NOTHING to do with which
linux distro vs another(linux) distro since its supposed
to be the same ... in theory ...
- in terms of context here, you're thinking of linux
kernel being more secure or the distro itself ??
any distro can be equally insecure as the next
and with the case of GPL software, they are basically identical
in their vulnerabilities if all else is equal and left alone too
there some "pixie dust" you can add to the linux kernel to
make it more secure ... but if the rest of the "OS" ( distro )
is insecure, it wont matter ... or the way the systems is used
List of [self-proclaimed] secure [linux] OS
http://www.Linux-Sec.net/Distro
> > I have just been wondering about the security of debian verus the other "Secure"
> > OS's. I am refering to OS's like OpenBSD, Immunix, and Adamantix. I am new to
> > this area and I was wondering,
> >
> > 1. What is the difference between more secure OS's and Debian?
> None. Debian can be as secure or insecure as you make it.
in my book, there is no such thing as "more secure" or "secure os"
as compared between different linux distro
- they are the same/identical potential security problem to me
but openbsd does have a better stack than linux ( from what i hear ),
in which case, any flavor of linux is inferior to openbsd
some folks like to add stackshield into gcc ... that, in theory should
make those apps that was compiled with that modified gcc more secure
than the generic gcc compiled versions
other folks like to tweek the kernel differently to be more secure
gazillion ways to try to be "better"
http://www.Linux-Sec.net/Kernel/
> > 2. What are the security Advanatages of Debian versus more secure OS's?
> Again, it depends on how secure you make your particular configuration.
"debian" or any distro that runs *.deb and apt-get
has the advantage that you can do "security updates" automatically
- with a couple extra lines, so can *.rpm based machines
be made equally secure if has the same version of application
and configuration installed
- if the pc asks you any questions during its upgrade ...
its interactive updates and if youhave a 1000 boxes,
you're gonna be answering that question 1000 times .. NOT good
no such thing as "more secure os" in linux land
> > 3. Why doesn't all open source strive to be "more" secure?
> Because security must be balanced with convenience.
and they are mutually exclusive of each other
and the open source folks have proved time and time, they
are more respondant to fixing known vulnerabilities faster
and willing to admit there's a possible problem
opensource strive the hardest to be more secure
private companies or private distro does NOT try as hard
as they are typically dependant upon the open source folks
for the security of their product
> > 4. What are the performance advantages of Debian versus more secure OS's?
> Depends on what hardware/tasks you have. Also depends on whether
> you use optimized packages, or rebuild the basic packages yourself with
> optimizations.
no such thing as "more secure OS"
fun stuff ...
c ya
alvin
Reply to: