Author: Andrew Williams
Date: 13:56:02 06/27/04
Go up one level in this thread
On June 27, 2004 at 14:28:20, Bo Persson wrote: >On June 27, 2004 at 05:53:02, Andrew Williams wrote: > >>On June 27, 2004 at 05:00:53, Bo Persson wrote: >> >>>On June 26, 2004 at 21:19:46, Peter Skinner wrote: >>> >>>> >>>>This is just one of many "Windows" reasons I am switching to Linux. >>> >>>Why don't you check out some of the more recent security problems with one >>>popular Linux distribution? >>> >>>https://rhn.redhat.com/errata/rhel3ws-errata-security.html >>> >>> >>>Bo Persson >> >>This is a bit misleading, as most of these vulnerabilities don't relate to Linux >>itself, but to software distributed with Linux. Yes, I know you said >>"distribution", but I believe it's worth drawing people's attention to this >>fact. Whenever Microsoft talks about Linux security problems, they always talk >>about applications as well as the kernel. I think a fairer comparison would be >>to take the (linux kernel + XFree + kde/gnome) security problems versus Windows >>security problems. I'd take Linux *any* day by that measure. For one thing, I've >>not heard of a security problem with Linux which could mess up with *my* machine >>just because I visited a web-page. >> >>The other advantage of Linux is that if my Linux supplier proves to be too slow >>at fixing security problems, I could always find another supplier and start >>using their distribution. Or I could find someone with the necessary skills and >>pay them to fix my problem for me. But that's a different argument and this is >>*miles* off topic. >> >>Andrew > >My point was that it is a market share problem. Linux isn't inherently more >secure than Windows. I don't believe that for a second. I think that Linux has a better separation of System Administrator functionality from user functionality than Windows. And my point was that you can't compare the number of security breaches in Linux applications with the number of security breaches in the Windows system. > It is just that it is more "fun" to attack the 200M+ >Windows XP clients, than it is to attack the *significantly* fewer Linux users. > >If everyone followed the advice to use Linux instead, that would be the main >target of virus writers. It is not hard, just not worth the effort. > >What about this one: > >https://rhn.redhat.com/errata/RHSA-2004-236.html > >"Updated Kerberos 5 (krb5) packages which correct buffer overflows in the >krb5_aname_to_localname function are now available. > >Kerberos is a network authentication system. > >Bugs have been fixed in the krb5_aname_to_localname library function. >Specifically, buffer overflows were possible for all Kerberos versions up >to and including 1.3.3. The krb5_aname_to_localname function translates a >Kerberos principal name to a local account name, typically a UNIX username. >This function is frequently used when performing authorization checks." > > >or this one: > >https://rhn.redhat.com/errata/RHSA-2004-249.html > >"Updated libpng packages that fix a possible buffer overflow are now available. > >The libpng package contains a library of functions for creating and >manipulating PNG (Portable Network Graphics) image format files. > >During an audit of Red Hat Linux updates, the Fedora Legacy team found a >security issue in libpng that had not been fixed in Red Hat Enterprise >Linux 3. An attacker could carefully craft a PNG file in such a way that >it would cause an application linked to libpng to crash or potentially >execute arbitrary code when opened by a victim." > > > >Bo Persson The latter problem is an issue I didn't know about, although apparently not for my distribution (perhaps it got fixed in an earlier update for mine). But if it was a problem, and it wasn't fixed quickly I could switch distribution, because of course I have that choice. I don't think there's much mileage in swapping lists of security breaches - I think there will be more Windows ones, but maybe that's just because all these different viruses use the same exploits. To be honest, I don't think I'm ever going to persuade you. I think you should stick with Windows. Andrew
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.