RE: [SLE] Linux security and "recent C library exploits"
Even if linux is not quite super secure, which I don't think any operating system is, there is the stability level you get with Linux that far surpasses anything MS could produce. The ROI is alot more and the TCO is a lot lower then MS. My point in case is, my first year at this company I spent approximately $30,000 on hardware software for Linux and completely rebuilt the whole network. The previous years they spent around $100,000 using MS and were not completely complient with licenses. The same network set up would have costed around $150,000 - $200,000 going with MS. The email server alone would have cost almost $70,000. Ryan -----Original Message----- From: Greg Freemyer [mailto:freemyer@NorcrossGroup.com] Sent: Friday, March 14, 2003 12:46 PM To: suse_reply@jimmo.com; suse-linux-e@suse.com Subject: re: [SLE] Linux security and "recent C library exploits" This makes me think about the early days of cc. One of the original authors put some logic in cc to recognize that it was compiling a password routine. (Don't ask me how.) Anyway, whenever it detected one, it automatically added a backdoor so that he could login. cc had that "feature" for years, before he went public. It was never independently detected even though the gcc source was open. I think it was the cc that was used to compile unix, so this guy had root access to every UNIX box for a long time. If that could be done with UNIX, just imagine what sort of goodies could be inside of VC++. Greg -- Greg Freemyer
Hi All!
I am having a heated email debate with someone about the merits of Linux versus Windows. I made the claim that it was common for Microsoft to deny bugs, to which he replied:
If I wanted to make this a really long reply I could easily pull a ton of quotes and security alerts showing that unfortunately it is now the
Linux
extremists who make such silly "no vulnerabilities here" or "inherently secure" claims. Or the one thing MS never did -- redefine Linux as everything except the part which currently has errors. I have even had people tell me the recent C library exploits weren't part of Linux even as every major vendor was recompiling the whole kernel and practically
every
distribution package.
For the most part, there is a lot of handwaving by this guy with few facts. However, this seems like a "fact" that I am having trouble discounting. Although a lot of Linux people might claim Linux is "inherently secure", most of what I have seen has the qualifier that Linux is "inherently" more
secure thatn Windows. (let's ingore the "I have even had people tell me" which is a common lead in to many of his statements.)
I take the comment "Or the one thing MS never did -- redefine Linux as everything except the part which currently has errors" as implying that Linux people try to discount problems in Linux by saying something with a bug is
"not really part of Linux". (Possibly because I reminded him that Linux was the operating system and not all of the commands and applications).
However, the "recent C library exploits" is bothering me. Granted, I am not "up to date" on which libraries are used and what problems it has. However, I would hope that I would catch the fact that "every major vendor was recompiling the whole kernel". So, did I miss something or is this just more of this guy's hot air?
Regards,
jimmo -- --------------------------------------- "Be more concerned with your character than with your reputation. Your character is what you really are while your reputation is merely what
others think you are." -- John Wooden --------------------------------------- Be sure to visit the Linux Tutorial: http://www.linux-tutorial.info --------------------------------------- NOTE: All messages sent to me in response to my posts to newsgroups, mailing lists or forums are subject to reposting.
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
participants (1)
-
Ryan Benner