TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
Subject:Re: Viva le Same! Linux From:Andrew Plato <gilliankitty -at- yahoo -dot- com> To:"TECHWR-L" <techwr-l -at- lists -dot- raycomm -dot- com> Date:Tue, 1 Oct 2002 22:19:16 -0700 (PDT)
Round and round we go, where the logic starts - nobody knows!
> I believe any reasonable examination of Microsoft
> operating systems and Web software yields an abundance
> of evidence that it is much less secure than the
> various other choices.
Oh, what evidence? Could you describe that evidence? Can you provide exact
examples of how MS less secure and other more secure.
Also, could you please define "secure" for me. I want to know what you think the
word "secure" means.
What most people here do is they say "oh, well there are more bugs in MS boxes
and therefore is less secure." This is fundamentally flawed reasoning. There are
more bugs because there are more people pounding on MS boxes.
MS also patches those bugs. And therefore, the bug doesn't exist any more. So the
bug comparison chart won't do it.
If you're going to make statements that there is evidence out there - let's see
it. I want to know what leads you to this conclusion.
> It's also true that architectural differences make the
> situation *much* more difficult with Microsoft stuff.
> For example, a few months ago the Gartner Group
> strongly advised their corporate clients to move off
> Internet Information Server and go instead to the free
> Apache web server--even if they still insisted for
> some reason upon using Windows as their server OS of
> choice. According to Gartner, the security flaws are
> simply too numerous and too severe. It should be noted
> that Gartner does not make such recommendations
> lightly--and they have not to my knowledge ever
> participated in any of the "religious wars" about one
> type of software against another.
Gartner is to objectivity as George W. Bush is to an Iraqi Appreciation Society.
Anybody in security knows that.
That's not to say there isn't a compelling reason to move off IIS. The most
compelling reason is simply that it is a lightning rod for hackers. They see an
IIS banner and they unleash hell on it - for the sole reason it is IIS.
But again, that gets back to that "Microsoft is evil because they're big." thing
- and not a real technical issue.
> The simple fact remains that attaining a highly secure
> UNIX or Linux environment is far easier than
> attempting to reach the same level with any version of
> Windows. As you are probably aware, there is even a
> secure version of Linux developed by the NSA.
Now, David, I asked the same thing of Jan. Have you ever secured a Linix, Unix,
or Windows machine. Was it ever your job, and I mean "paid and have to perform"
job to secure any one of these system?
What I am driving at is - do you really know what it takes or how to secure
systems? Because if you don't, then how can you say "Unix is easier to secure."
You've never done it and you can't quote somebody who has.
> To attempt to excuse Windows as being a "bigger
> target" is simply nonsense. If Microsoft's "security
> by obscurity" model were correct, one would assume
> they would be *less* vulnerable than other systems.
MS is hardly obscure. And they are less vulnerable - because more people beat on
Windows boxes. The rate of bugs found in Windows is actually decreasing as Linux
bugs are starting to increase. You know why? More Linux users.
> Again, the huge monolithic bodies of code lumped into
> an architecture never designed originally with
> security in mind assures that tens of thousands of
> bugs still reside in their systems (inevitable with
> source code containing 25 to 40 million lines!), some
> of which at least result in security holes.
Oh, so you have seen the Windows source code and you know it is "huge monolithic
bodies." How do you know that?
Did you know that NT was actually designed off of a UNIX kernel?
> You are correct, however, in observing that most
> people will not take the steps known to be reasonably
> necessary to provide reasonable security from most
> threats. However, information regarding the various
> resources that must be locked down and why is readily
> available for Linux systems--while to a distressingly
> large extent Windows users are subject to Microsoft's
> relatively poor responsiveness to new threats. Time
> after time, the Linux community has fixed security
> holes or bugs within 24 to 48 hours of discovery--a
> record far different from Microsoft's dilatory
> practices.
I replied to this once already now.
The Linux community can off-load the entire compilation process off to users.
Hence they don't have to regression test every code change on thousands of
platforms. That buys them an enormous amount of time.
Moreover, MS has many times the products and features that a core Linux system
does, and hence there is a tremendous more stuff to check.
And lastly, MS is under the microscope every time they release bad code. If they
release a bad patch, open-source lunatics scream and howl about how horrible MS
is. But when a bad Linux fix come out - everybody holds hands and pitches in to
help.
Face it David, your hatred of MS is based upon the fact that they have 92 billion
in the bank and you don't.
> I agree that the differences in vulnerability between
> typical Linux or UNIX systems and typical Windows ones
> are similar--but radically different in degree.
Will you please cite some actual examples to back up this claim, please. Thank
you.
Andrew Plato
__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All-new RoboHelp X3 is now shipping! Get single sourcing, print-quality
documentation, conditional text and much more, in the most monumental
release ever. Save $100! Order online at http://www.ehelp.com/techwr-l
Buy ComponentOne Doc-To-Help 6.0, the most powerful SINGLE SOURCE HELP
AUTHORINGTOOL for MS Word. SAVE $100 on the full version and $50 on upgrades.
Offer ends Oct 31, 02 (code: DTH102250). http://www.componentone.com/d2hlist1002
---
You are currently subscribed to techwr-l as:
archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit http://www.raycomm.com/techwhirl/ for more resources and info.
