«

Some of the postings I read on this NG curdle my blood. What with
Virii, Trojans, Security lapses etc, etc.
So how secure is a good Linux distribution compared with Windows XP
that I am using now.
I do have a second HD running Suse, but it is very difficult to come
to terms with. MS on the other hand is a comparative doddle, but
secure....?
I am not trolling in order to start a flame war, just a concerned user
who is worried at some to the threats that are out there and waiting.
--

Peter James
Change AT to @ to reply

On Fri, 19 Dec 2003 20:23:17 +0000, Peter James wrote:
>
> I do have a second HD running Suse, but it is very difficult to come
> to terms with. MS on the other hand is a comparative doddle, but
> secure....?

How can MS be secure with ~70 new viruses a week.
For their lastest vulnerability protection read how to protect yourself.
http://support.microsoft.com/?id=833786
They have known about the problem for more than a few weeks.

"Peter James" <> wrote in message
news:...
> Some of the postings I read on this NG curdle my blood. What with
> Virii, Trojans, Security lapses etc, etc.
> So how secure is a good Linux distribution compared with Windows XP
> that I am using now.
> I do have a second HD running Suse, but it is very difficult to come
> to terms with. MS on the other hand is a comparative doddle, but
> secure....?
> I am not trolling in order to start a flame war, just a concerned user
> who is worried at some to the threats that are out there and waiting.

Both have traditionally been insecure out-of-the-box. Both are trying to
make amends with a firewall being automatically activated as part of
installation.

The main problem seems to be (IMHO) down to two things - firstly, you don't
generally tend to get complete novices setting-up Linux boxes; Windows, you
do. Secondly (and much more importantly) the array of apps that you get with
Windows (e.g. Outlook Express) have lots of (usually) useless bells &
whistles. With vulnerabilities or potential exploits.

Like Linux, these can be configured out. Unlike Linux, we're back to that
wetware issue.

If you're competent, you can set-up either to be more-of-less equally secure
(I'll neatly sidestep IIS on this one - excellent Intranet server, but I'll
generally take something with less bells and whistles for Internet
deployment).

Windows Update seems to be a helluva lot more reliable than the Red Hat
version - can't answer for other distros (not that I've heard of one with a
similar service..). OTOH, with so many vulnerabilities coming out on Windows
(generally for the apps), it had damn well better be!

With a decent firewall (separate box, almost certainly *nix-based) and a
sensible attitude, you shouldn't go far wrong with either.

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

Please realize that there is NO such terminology as 'virii'. The term is viruses.
Please read the following URL which explains the concept far better than I could ever do so.

http://www.perl.com/language/misc/virus.html

Dave



"Peter James" <> wrote in message
news:...
| Some of the postings I read on this NG curdle my blood. What with
| Virii, Trojans, Security lapses etc, etc.
| So how secure is a good Linux distribution compared with Windows XP
| that I am using now.
| I do have a second HD running Suse, but it is very difficult to come
| to terms with. MS on the other hand is a comparative doddle, but
| secure....?
| I am not trolling in order to start a flame war, just a concerned user
| who is worried at some to the threats that are out there and waiting.
| --
|
| Peter James
| Change AT to @ to reply

On Fri, 19 Dec 2003, "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote:
>Please realize that there is NO such terminology as 'virii'. The term is
>viruses.
>Please read the following URL which explains the concept far better than I
>could ever do so.
>
>http://www.perl.com/language/misc/virus.html
>
>Dave

Wow, that really answers the posters question. You have perfectly explained
the topic of Security comparison between Microsoft and Linux with your
succinct response.

-=-
This message was posted via two or more anonymous remailing services.

Who said I wanted to, they both have tons of flaws. I provided the information that I
wanted to. And your statement to me does nothing at all for the OP.

Dave

On Fri, 19 Dec 2003 20:23:17 +0000, Peter James
<> wrote:

>Some of the postings I read on this NG curdle my blood. What with
>Virii, Trojans, Security lapses etc, etc.
>So how secure is a good Linux distribution compared with Windows XP
>that I am using now.
>I do have a second HD running Suse, but it is very difficult to come
>to terms with. MS on the other hand is a comparative doddle, but
>secure....?
>I am not trolling in order to start a flame war, just a concerned
user
>who is worried at some to the threats that are out there and waiting.
>--
>
>Peter James
>Change AT to @ to reply

I guess my first reply didn't show up, so here goes again...

It's hard to answer that without knowing the intended use of the OS.
Is it as a client, a server, or sometimes both? If a server, what is
it running, what is it attached to or what services does it use...?

Both OS', themselves, are reasonably secure, and the BSD Unix',
particularly OpenBSD, are probably the most secure OS' available. As a
pen-tester -- as an outsider trying to get in -- I find it easier to
get into Unix and Linux systems than Windows. However, the popular and
default applications for Windows are definitely the weakest link, and
are the reason why Windows, when all is said and done, is undeniably
less secure than Linux or Unix. Windows' RPC problems tend to be more
severe too.

As long as you avoid using IE, except perhaps for Windows Update,
Outlook, and Windows Media Player, you can be reasonably safe in
Windows. Also, avoid running applications as servers if you are
running as a client unless you need to. The reason most Microsoft
boxes get owned is because the user visits a website or opens an email
which contains malware that takes advantage some particular flaw or a
combination of them. Other OS' tend to be less prone to such flaws
because their manufacturers actually put some thought into the
security implications of each new feature before giving them a go.

Of course, as long as you disable all but absolutely necessary
services in Linux or Unix, you will (all else being equal) be a bit
more secure in Linux or Unix. The key thing here is to disable
unnecessary services, like sendmail or SWAT.

That's the key, vital, ever-so-important point: All else being equal,
any major OS can be as safe as long as the user and administrator
harden it enough by removing unnecessary features, and as long as the
user uses some basic tools and some good sense ("safe hex"). A golden
rule in the security business is that "feature = potential exploit".
This is especially true where MS products are concerned, as, again, MS
doesn't pay a whit of attention to security risks of each new
"feature".

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 att yahoo dott com

On Fri, 19 Dec 2003 20:23:17 +0000, Peter James
<> wrote:

>Some of the postings I read on this NG curdle my blood. What with
>Virii, Trojans, Security lapses etc, etc.
>So how secure is a good Linux distribution compared with Windows XP
>that I am using now.
>snipped
Many thanks for all of the replies. I've learned a lot, not least the
etymology of the noun "virus". Just like going back to my schooldays.
"Now James, decline virus". "Yes sir, virus, virrii, viruses". Oh
happy days.
--

Peter James
Change AT to @ to reply

sponge wrote:
>> Of course, as long as you disable all but absolutely necessary
> services in Linux or Unix, you will (all else being equal) be a bit
> more secure in Linux or Unix. The key thing here is to disable
> unnecessary services, like sendmail or SWAT.
>
> That's the key, vital, ever-so-important point: All else being equal,
> any major OS can be as safe as long as the user and administrator
> harden it enough by removing unnecessary features, and as long as the
> user uses some basic tools and some good sense ("safe hex"). A golden
> rule in the security business is that "feature = potential exploit".
> This is especially true where MS products are concerned, as, again, MS
> doesn't pay a whit of attention to security risks of each new
> "feature".
>
My limited knowledge of Linux suggests that you can install most programs
with only "user" rights (if that is the right terminology). That is, you
don't need root access for most purposes. This is nice for protecting the
root files and those of other users, but it is not good news for preventing
trojans and worms from installing, whenever the hackers get around to
producing them. On the other hand, Win2K or WinXP in a "user" account seems
to be quite secure; I don't think anything can install without your knowing
about it. Maybe Linux can be made just as secure, but I have not found the
way.

On Sun, 21 Dec 2003 12:49:04 -0500, "James H. Fox"
<foxjh_NOMAILSPAM_AT_rcn.com> wrote:

>sponge wrote:
>>> Of course, as long as you disable all but absolutely necessary
>> services in Linux or Unix, you will (all else being equal) be a bit
>> more secure in Linux or Unix. The key thing here is to disable
>> unnecessary services, like sendmail or SWAT.
>>
>> That's the key, vital, ever-so-important point: All else being
equal,
>> any major OS can be as safe as long as the user and administrator
>> harden it enough by removing unnecessary features, and as long as
the
>> user uses some basic tools and some good sense ("safe hex"). A
golden
>> rule in the security business is that "feature = potential
exploit".
>> This is especially true where MS products are concerned, as, again,
MS
>> doesn't pay a whit of attention to security risks of each new
>> "feature".
>>
>My limited knowledge of Linux suggests that you can install most
programs
>with only "user" rights (if that is the right terminology). That is,
you
>don't need root access for most purposes. This is nice for
protecting the
>root files and those of other users, but it is not good news for
preventing
>trojans and worms from installing, whenever the hackers get around to
>producing them. On the other hand, Win2K or WinXP in a "user"
account seems
>to be quite secure; I don't think anything can install without your
knowing
>about it. Maybe Linux can be made just as secure, but I have not
found the
>way.

Unix/Linux and Windows are very similar in this regard. Yes, you can
(and should) run as a user rather than as root in any *nix-type
system, and can modify the application permissions so that users
(people from groups other than an applications "owner" or "root) can
have read, write, or execute permissions. This is key to proper
security. You can do something vaguely similar on Win2k and XP -- run
as a user, not as "admin", although you do not have the degree of
control you do on *nix. This is one reason why *nix is theoretically
more secure. In practice, though, there are so many files and items on
a Unix or Linux system (and scattered rather haphazardly about the
system no less), I've found that few administrators set proper
permissions all or even most of them.

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 att yahoo dott com