Re: [Nolug] Suggestion for a meeting topic

From: Chris Jones <techmaster_at_gmail.com>
Date: Fri, 24 Aug 2007 00:00:41 -0500
Message-ID: <945e1c690708232200v2bd0753esa162121596f83998@mail.gmail.com>

True, due to the fact that it is open source, Linux tends to be under more
scrutiny, thus more secure, than windows. But, in the hands of an amateur,
Linux can be made just as insecure as Windows. ;) And of course the only
way to make a computer truly hack-proof is to disconnect it from the
internet and unplug the power cord. Even the most secure BSD box inside the
Pentagon could theoretically be hacked by a smart enough hacker with enough
determination. However, I can definitely say that a good number of Windows'
insecurities are because of poor code, and less so because of poor
administration...while Linux is the exact opposite.

Another way to explain what I'm trying to say... basically there are two
ways to break into a system. Front-door hacking, and back-door hacking.
Front-door hacking involves gaining access to a system just as a legitimate
user would. This typically involves cracking a user's password, finding a
default account that is wide open, some social engineering, or something to
that effect. Back-door hacking means finding flaws in the code that allow
you to gain access to the system through root kits, worms, DOS attacks,
buffer overflows, etc... Say what you want, but to the average Joe, Windows
is far easier to secure the front door, than Linux is. However, the back
door of Linux is so secure, because the code is so well written, you're
better off brute forcing your way into the front door. As we all know, you
can have the most secure Windows system in the world, and next week somebody
will find a new weakness in Windows, and next thing you know your system is
infected with a SQL worm that somehow wriggled its way into your system
through some obscure MOTD service in Windows. But, in Windows, I know how
to tell if there's been a breach, and I know how to track it down and
eliminate the threat, and the hole that it used to get in. In Linux, I
would love to have more knowledge in this area.

On 8/23/07, Joey Kelly <joey@joeykelly.net> wrote:
>
> Well, I have to take exception to this. Windows isn't written from a
> security
> standpoint, but from a feature standpoint. We real almost every week of
> another zero-day attack, and that's because the code base has so many
> holes
> in it that it's easy for crackers to poke at it and find vulnerabilities.
> So
> while you can say that your Windows box is fully patched up, that really
> doesn't buy you anything.
>
> On the other hand, if your Linux distro and applications stack is a sane
> one,
> and you're patched up, you're good to go. There just aren't that many
> zero-day events in the open-source world, in large part because of the
> peer-review process.
>
> --
> Joey Kelly
> < Minister of the Gospel | Linux Consultant >
> http://joeykelly.net
>
> How many spyware pop-ups did you get on your Windows computer today?
>
>

___________________
Nolug mailing list
nolug@nolug.org
Received on 08/24/07

This archive was generated by hypermail 2.2.0 : 12/19/08 EST