Message-Id: <200110010928.LAA15909@frodo.gams.co.at>
From: Bernd Petrovitsch <bernd@gams.at>
To: linux-kernel@vger.kernel.org
Subject: Re: [OT] New Anti-Terrorism Law makes "hacking" punishable by life in prison 
In-Reply-To: Your message of "Sun, 30 Sep 2001 14:16:40 PDT."
             <HBEHIIBBKKNOBLMPKCBBIENPDNAA.znmeb@aracnet.com> 
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_-1382517796P";
	 micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Mon, 01 Oct 2001 11:28:03 +0200
Sender: linux-kernel-owner@vger.kernel.org

--==_Exmh_-1382517796P
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

In message <HBEHIIBBKKNOBLMPKCBBIENPDNAA.znmeb@aracnet.com>, "M. Edward B=
orasky
" wrote:
>2. The Linux community should *not* believe that we are less vulnerable =
than
>Microsoft! We are less vulnerable *now* only because Linux is not as

I need not believe - I just see it now.

>widespread as Windows. Were Linux, say, half of the market, the
>vulnerability would be equal. The difference is strictly the number of

Plain simply wrong - Linux has more than 50% in the "Internet =

server market" (even if some company's propaganda department's do not =

admit this).
Attacker choose the weakest target (this is usually also the largest, =

but not necessarily).

>available hosts for these parasitic codes, not anything inherent in the
>details of Windows or Linux, or in the organizational mechanisms (corpor=
ate
>giant vs. "brutal meritocracy", closed source vs. open source, etc.).

It is "the details" that matter in this area.
M$ sells their software with the "everyone can install it, use, etc. =

because it is user-friendly[0], it does exactly what the user needs, =

it does everything automatically, etc." argument (which is plain simply
wrong[1]). =

Therefore lots of people install and run servers on the web without reall=
y
knowing what they are doing. Apparently they think that they install =

it and it runs on its own (which is wrong).
The learning curve on a U*ix system with some appropriate server =

software on it s much steeper. So if you get such a system on the web
you are forced to know more about it (and usually at one point =

you get to people who basically force you to think about security or =

other areas).

You could run a "secure" Win*server or workstations on the Net, but his m=
eans
that
-) you install all relevant patches immediately (not ASAP - immediately).=

-) you disable all kinds of automatic code execution features (which
   means disabling all the nifty features, setting all hosts to =

   "internet zone", disable Active-X and JavaScript[2] completely, etc.).=

If you would do this, you could as well run the service on a U*ix =

system because the functional features are the same and you get =

patches much earlier (how long took the tear-drop patch for WinNT ?).

>In fact, I suspect that the open source for Linux gives creators of vici=
ous
>attack codes a *slight* advantage, since the vulnerabilities are there f=
or

You should also list the disadvantages, not only one argument if you =

you want to be serious.

>anyone to read and exploit before they are found by an alert Linux
>community. And if Linux is to succeed in the enterprise, we in the commu=
nity
>owe it to ourselves to *enhance* that alertness -- indeed, to be more
>vigilant on security issues -- even if it's at the expense of some of ou=
r
>more favorite activities, like performance tweaking.

Read the usenet and you will see a significant difference.
Until then you are trolling.

[ TOFU-Mail deleted ]

	Bernd

[0] : Does anyone know why there are that much Win*-Books on the
      shelves if the software is so easy to use ?
[1] : If a server is badly administered the sysadmin of that server is
      also partly guilty (even if he didn't have a clue) - you should =

      also blame them.
[2] : This should actually be disabled on all browsers on the world.
      Actually this should be removed completely.
-- =

Bernd Petrovitsch                              Email : bernd@gams.at
g.a.m.s gmbh                                  Fax : +43 1 205255-900
Prinz-Eugen-Stra=DFe 8                    A-1040 Vienna/Austria/Europe
                     LUGA : http://www.luga.at


--==_Exmh_-1382517796P
Content-Type: application/pgp-signature

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Exmh version 2.2 06/23/2000

iQBVAwUBO7g3I6/rvrblD00BAQI/hwH+IDHY8chP2hvzORybIaFWid9sLQspjtKw
SI3tEfJs9gBjRtNZ6ZjfxknvJnohMX2t97Pfty6QnoRx9DxoNHbrIA==
=kLn/
-----END PGP MESSAGE-----

--==_Exmh_-1382517796P--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/