Re: Viva le Same! Linux

Subject: Re: Viva le Same! Linux
From: David Neeley <dbneeley -at- yahoo -dot- com>
To: "TECHWR-L" <techwr-l -at- lists -dot- raycomm -dot- com>
Date: Tue, 1 Oct 2002 11:41:24 -0700 (PDT)


Andrew,

I could not let your smug reference to the "propaganda
of the open source community" slide without at least
some refutation. I suppose I should add that I use
both Linux and Windows machines, among others.

Frankly, I believe that Microsoft will be in a much
different place after they launch their new from the
ground up OS (development name "Longhorn"). Then, they
may actually have a more secure system given their
present belated realization that security actually
matters.

There are *many* examples of Microsoft's present
quandry--how to build a secure system when your
architecture is so complex that many changes create
unfortunate interactions with other parts of the
system.

Furthermore, their record of fixing security problems
is execrable. For example, in the SSL vulnerability
discovered several months ago, it was found that
Apache and Windows both had the vulnerability. The
Apache Foundation issued a bug fix in 24
hours--typical of most open source bug fixes--while
the *first* Windows patch took about five weeks, and
patches for several still-supported versions of
Windows were still not completed as of last
week...nearly two months so far.

I am quite familiar with your Microsoft-centric view
of the world, but it *would* help if you got your
"facts" from somewhere other than Microsoft's PR
program.

One statement you made I agree with fully: "Security
is a much larger and more complex issue than any one
tool, technology, or business model."

It is also true that *any* machine that is networked
can be exploited, in the opinion of people whose job
it is to exploit them.

It is *not* true that Windows boxes can be "easily"
secured. For example, anyone who wants to see an
architecturally-based vulnerability can simply go to
Google and follow the links under the search terms
"shatter attack Windows".

A primary reason that UNIX and Linux systems can be
secured with a higher level of confidence than Windows
systems is that they were designed from the ground up
as multi-user and multi-tasking systems. Generally,
these systems consist of many small pieces designed to
do one thing very well. Thus, this modular approach
allows much easier understanding of everything that
interacts with each piece. When something is found to
be insecure, a fix that does not compromise other
parts of the system is much easier to develop and
distribute.

I have rarely seen Microsoft "service packs" issued
that did not break new sections of code while
attempting to address others.

There are also security holes in Windows by design.
For example, the Windows 2000 Service Pack 3 is only
accessible if a user agrees to a unilateral
modification of his original license agreement,
allowing Microsoft to enter the system without further
notice to the user, ostensibly to check for unlicensed
software. That they can do this implies strongly that
Microsoft has a "back door" to the system--and *that*
is a gaping security hole!

I will leave to your fertile imagination the ethical
implications of forcing a license change upon users if
they wish to apply patches for original software bugs!

Andrew, I am glad you and thousands of others are able
to stay profitably busy securing Windows systems.
After all, it is their architecture that creates many
of these opportunities. I am sorry, though, that you
continue to apply specious logic to your comparisons
of Windows to other systems.

As for me, I regret chiefly that more Linux
distributions do not come with a high level of
security out of the box, requiring users to
consciously turn on services that connect with the
outside world.

David


__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All-new RoboHelp X3 is now shipping! Get single sourcing, print-quality
documentation, conditional text and much more, in the most monumental
release ever. Save $100! Order online at http://www.ehelp.com/techwr-l

Buy ComponentOne Doc-To-Help 6.0, the most powerful SINGLE SOURCE HELP
AUTHORINGTOOL for MS Word. SAVE $100 on the full version and $50 on upgrades.
Offer ends Oct 31, 02 (code: DTH102250). http://www.componentone.com/d2hlist1002

---
You are currently subscribed to techwr-l as:
archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit
http://www.raycomm.com/techwhirl/ for more resources and info.


Follow-Ups:

Previous by Author: Re: synonym for "from scratch"
Next by Author: Re: Viva le Same! Linux
Previous by Thread: tech writer reveled - OT thanks and update
Next by Thread: Re: Viva le Same! Linux


What this post helpful? Share it with friends and colleagues:


Sponsored Ads