Re: Security followup

Subject: Re: Security followup
From: Andrew Plato <gilliankitty -at- yahoo -dot- com>
To: "TECHWR-L" <techwr-l -at- lists -dot- raycomm -dot- com>
Date: Wed, 15 Jan 2003 11:48:50 -0800 (PST)


Decker F. Wong-Godfrey wrote...

> If your statement was in fact true, then we'd see a lot more rootkits
> for Linux systems, we'd see more script kiddies out there breaking
> through back doors--but we don't.

No we wouldn't. Windows systems outnumber Linux boxes almost 5 to 1. As such,
even if hacker efforts were completely equal across both platforms, Windows
would still see more attacks - because there are more of them.

Also, there are LOT of rootkits and hacker tools for Linux. Its the platform we
use when we do security audits. In fact, I would estimate that hacker tools on
Linux outnumber or at least match hacker tools on Windows. As such, I would
estimate that it would actually be easier for a hacker to use a Linux box as a
zombie client, since they know Linux better.

> There are not "many" viruses that are platform independent. And the few
> that are, can do little if any damage to a Linux box compared to the
> damage they can do a Windows machine.

You have proof to back that up? You have independent testing conducted from a
reliable source to back up that claim?

> Worms, trojans and other nasty things that run quite nicely on Red Hat
> or Mandrake Linux are usually running on machines that were poorly
> configured or just mismanaged. Even so, the damage done is more often
> annoying than debilitating.

You could say the same for ANY computer ever made. Which is my ultimate point -
how a machine is setup, used, and configured has a much greater impact on its
security capabilities than the core platform used.

> I think you've done a great service to people who are stuck running
> Windows machines. The more secure they are, the better off we all are. I
> just don't think it's fair to assume that Linux can be heaped into the
> same category as Windows. There's many many things that make Linux a
> more attractive choice for people concerned about security. Antivirus
> scanners and "securing" a system are things to think about--but most
> people don't want to become security experts, along with everything else
> they've got to do. With Linux, they don't have to become a security
> expert. They don't need to be terrified of clicking the wrong link on
> the Internet. They don't need to worry about clicking on every
> attachment in the In-Box. With Linux, people can concentrate on getting
> things done rather than concentrate on keeping their system safe.

I realize that the open-source movement has a strong need to make people
believe that their technologies are better. This coupled with the obsessive
anti-Microsoft sentiment out there make for a lot of misleading and downright
inaccurate propaganda.

Security is not an absolute measurement. Its a dynamic, moving target that in a
moment's notice can change. I remember back 2 years ago when Apache nuts
boasted how Apache was "immune from all forms of attack!" Then a flurry of
Apache-based worms and hacks came out and those nuts had fun eating their foot.


To a security person, Linux CAN is and is in the same category as Windows: its
a platform, its in use, and it has security vulnerabilities. It is possible to
hack into Linux boxes. The "ease" of hacking those systems is highly variable.
And unless you have a mountain of security data that the rest of us don't -
then there really isn't any hard and fast proof that either platform is more or
less secure. Its all very dependent upon how the systems are used, the
environment they are placed, services they run, and on down the list.

The PERCEPTION among many people is that Linux is more secure. I emphasize that
this is a PERCEPTION not a fact. This perception can be altered when you start
to consider a lot of relevant information such as market penetration,
availability of programming APIs, and so forth.

As a security professional, my attitude is that all platforms are subject to
attack and ALL platforms have to be secured. Use of one platform over another
merely changes the issues, but it doesn't change the core fact that any
platform is subject to intrusion.

Andrew Plato

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Help Authoring Seminar 2003, coming soon to a city near you! Attend this
educational and affordable one-day seminar covering existing and emerging
trends in Help authoring technology. See http://www.ehelp.com/techwr-l2.

A new book on Single Sourcing has been released by William Andrew
Publishing: _Single Sourcing: Building Modular Documentation_
is now available at: http://www.williamandrew.com/titles/1491.html.

---
You are currently subscribed to techwr-l as:
archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit
http://www.raycomm.com/techwhirl/ for more resources and info.



Follow-Ups:

References:
Re: Security followup: From: Decker F. Wong-Godfrey

Previous by Author: Re: Security followup
Next by Author: Re: Security followup
Previous by Thread: Re: Security followup
Next by Thread: Re: Security followup


What this post helpful? Share it with friends and colleagues:


Sponsored Ads