Re: firewall
On Wed, 4 Jul 2012 18:11:14 +0100
Lisi <lisi.reisz@gmail.com> wrote:
> On Wednesday 04 July 2012 17:14:29 Brad Alexander wrote:
> > The third reason we
> > are not in the same boat as windows is that we have a much smaller
> > attack surface than Windows. Windows still has over 90% penetration
> > on the desktop, Therefore, they are the low hanging fruit.
>
> How, then, do you explain the fact that Windows servers, which have a
> penetration of less than 50%, suffer on the Internet as do Windows
> home users, whilst Unix and family servers, which have over 50%
> penetration, still suffer from _far_ less malware?
>
All kinds of reasons, beginning with the fact that most malware
designed for Windows desktops works just fine on the servers, too,
though I think most servers are somewhat better protected than a home
PC. People don't sit in front of them and surf the Web, for one thing
(at least not in sensible companies).
But while there are excellent Windows admins, the fact is that it is a
point-and-click environment, with qualifications obtainable from exams
marked by computer, and hence multiple-choice. I'm not suggesting the
exams are trivial, but by their nature they ask go-nogo questions, and
the questions are mostly based on operating the Windows dialogue boxes.
Microsoft has made its billions by making computers relatively easy to
use, so you can go a long way as a junior admin or consultant by just
knowing the right box to tick. There is a relatively small amount you
can do wrong.
I'm not just guessing here: I started in network admin by being given a
small NT4 network to look after. I didn't install the server, and
occasionally had to call in the company who did, but I bought the
appropriate set of MS books with a view to going for the MSCE. That
never happened, but I got fairly familiar with what was in the books
and I could sort out most problems. I built a second PC at home and
installed NT server and workstation software multi-booting with my
production Win95 and Win98.
Then I discovered Linux, at about Red Hat 5 if I remember rightly (long
before RHEL and Fedora), and learned a great deal more about computer
and network admin in a couple of months than I had in about two years
of practical NT admin, having in that time learned what I estimated was
most of the knowledge necessary for the NT4 MCSE. What was a little
disturbing was that after a fairly short exposure to Linux, I now
*understood* a lot more about what I had been doing by rote with NT,
and that understanding was *not* required by the MCSE exam.
The bottom line is that Linux is significantly harder to drive than
Windows (and I've dabbled with Server 2000, 2003 and 2008, and a few
Red Hats, Mandrakes and Debians) and the admins are likely to know
more about what they're actually doing, because they need to.
On the other hand, a lot more Linux knowledge is transferable, because
Linux developers don't have to sell new versions every few years.
Windows doesn't actually change all that much between versions, but the
GUI and in particular the GUI paradigms (I hate that word, but it is
the right one for the mix of views and concepts that MS use to overlay
the prosaic world of IP addresses and daemons) must change noticeably
to convince buyers they're getting something better. So Windows admins
have to learn a different method of access to many configurations with
each version, getting further and further away from the nuts and
bolts, and Linux admins just need to keep track of what has now
migrated into /etc/default, or that a big configuration file is now
split into many smaller ones.
The current limit is reached with MS Small Business Server, which aims
to be a full-featured server for people who know no IT whatever. It's
very limited compared to the full Server version, because almost
everything is hard-coded. There are a lot of these about now, and
some of the people who own them do some extremely stupid things with
them...
--
Joe
Reply to: