[opensource] Linux vs. Windows

Nick Hurley hurley at todesschaf.org
Wed Oct 25 15:11:09 EDT 2006


"Sean Lee" <lee.2817 at osu.edu> writes:
> There are people who run tests stating that if your computer becomes a
> target, then an attack is an issue.  I won't deny people crawl the net for
> open targets, but for the most part.. being on OSU's network will protect
> you from most of the well-known major attacks.  Run window's update, get an
> anti-virus, and frequently run adaware and spybot.

Wrong. In my time at OSU, a Linux server I ran (on the OSU network) was
constantly bombarded by attacks from the popular worms of that time.

> The point I was making was that linux is just as hard to secure as windows.
> Take a SuSE install out of the box (since that comes installed on a bunch of
> computers) and I can rootkit the machine in 10 minutes.  I won't give the
> details of this hack, but novell is already changing the configuration for
> the next release, but that still doesn't change the fact that it can be done
> on any OS.

I'm curious as to what sort of exploit (local? remote?) you are using to
rootkit the machine, and, if it's remote (I'm presuming it is, otherwise
it wouldn't really be relevant to this discussion), what service is
being exploited to install the rootkit (personal email reply would be
fine, if you don't want to release the details of an already-known
exploit to the list).

> This is my final message to this list on this topic, I'm writing suggestions
> to Brian, not taking up attacks.. If you want to discuss security further,
> I'll be happy to chat with you in a private e-mail.

I don't think anyone here was taking up attacks (and I apologize if I
read an implication in your sentence about taking up attacks that wasn't
there), I (at least) was just trying to help fix misconceptions that
some may have regarding security. If I came across as an asshole while
doing so, well, I've had a bad day. It happens :-)
-- 
Peace,
  Nick

   Verbing weirds language.
              --- Calvin.


More information about the Opensource mailing list