[bf1942] Hi

[AthlonRob]

On Mon, 2004-01-19 at 23:57, Drew Broadley wrote:
> I would like to direct your points to the fact that most linux distro's
> in a standard install are as much as or more of a security issue as
> Windows. Adjusting thing's like with windows and removing exploitable
> non useful applications/daemons/services that get installed by default
> at installation increases the security on BOTH platforms.

The kinds of security issues most Linux Distributions ship with are
different than those inherent to Windows, however.  A default Linux
distribution, today, will not enable a bunch of potentially exploitable
servers.  This is especially true if you start looking at the 'easy to
use' distributions such as Mandrake, Xandros, Lindows, or whatever
else.  Some do, however... so I will be gracious and grant you shipping
equality between Windows and Linux when it comes to enabled exploitable
services running.

Once you look at the system not as a server, but as a workstation,
however, things are greatly skewed in Linux's favor.  To begin, in Linux
you run things as a user with very limited powers.  To do any real true
damage to the system, you need to be root.  Even *if* the local
applications on the system (the mail clients, the IRC clients, IM
clients, or whatnot) are exploitable allowing somebody to remotely
execute code through them, that code is essentially sandboxed in the
sing user's account... it doesn't wreck havoc on the rest of the system.

Then there is the whole issue of 'peer review' which is thus far pretty
much up-in-the-air as to its effectiveness.  I do believe people tend to
write better code, definitely more secure code, when they know
potentially millions of people will be glancing at it.

Rob