Re: firewall
On Wed, Jul 4, 2012 at 3:46 PM, Joe <joe@jretrading.com> wrote:
> On Wed, 4 Jul 2012 18:11:14 +0100
> Lisi <lisi.reisz@gmail.com> wrote:
>
>> On Wednesday 04 July 2012 17:14:29 Brad Alexander wrote:
>> > The third reason we
>> > are not in the same boat as windows is that we have a much smaller
>> > attack surface than Windows. Windows still has over 90% penetration
>> > on the desktop, Therefore, they are the low hanging fruit.
>>
>> How, then, do you explain the fact that Windows servers, which have a
>> penetration of less than 50%, suffer on the Internet as do Windows
>> home users, whilst Unix and family servers, which have over 50%
>> penetration, still suffer from _far_ less malware?
>>
>
> All kinds of reasons, beginning with the fact that most malware
> designed for Windows desktops works just fine on the servers, too,
> though I think most servers are somewhat better protected than a home
> PC. People don't sit in front of them and surf the Web, for one thing
> (at least not in sensible companies).
>
> But while there are excellent Windows admins, the fact is that it is a
> point-and-click environment, with qualifications obtainable from exams
> marked by computer, and hence multiple-choice. I'm not suggesting the
> exams are trivial, but by their nature they ask go-nogo questions, and
> the questions are mostly based on operating the Windows dialogue boxes.
>
> Microsoft has made its billions by making computers relatively easy to
> use, so you can go a long way as a junior admin or consultant by just
> knowing the right box to tick. There is a relatively small amount you
> can do wrong.
Excellent points, Joe. In addition, Windows was designed from the
ground up as a single-user operating system, which means that all of
the files on a system were accessible by the user. Then, over the
course of time security and file restrictions were bolted on.
Unix/Linux, OTOH, were designed as multiuser environments. So the
concept of file permissions, root-only parts of the filesystem and so
forth were baked in early on. The latter approach is far easier to
maintain/enhance than the former.
Add to that the fact that MS (and apple) packs software in a black box
and tosses it over the wall to consumers. This means any vulnerability
that the Bad Guys are able to reverse engineer are in the wild until
the company gets around to patching it. Which is something MS has
gotten very, very good at over the years. Call it reactive security.
With Open Source software, OTOH, anyone can find a problem and fix it.
Consequently, in a lot of cases, the fix for a problem is included
with the description of the problem. No, this does not happen all of
the time, witness the recent authentication bypass in MySQL or the
kernel bug that was there for 8 years...But then again, there is a bug
in the 16-bit code in windows that was first reported in 1994 that MS
says that they will not fix...So there are corner cases on both sides.
> The bottom line is that Linux is significantly harder to drive than
> Windows (and I've dabbled with Server 2000, 2003 and 2008, and a few
> Red Hats, Mandrakes and Debians) and the admins are likely to know
> more about what they're actually doing, because they need to.
I disagree with this. I have been doing Linux almost exclusively since
1998, and in fact, have only had a windows box on my desk for a total
of 1 year in that period. I'm as lost in a windows environment as a
windows user would be if dropped cold-turkey into Linux.
--b
Reply to: