To add to that, it would be interesting to compare OS by "vulnerabilites by architectural flaws". At the top of my head, I know a few for NT and related products (display driver run on kernel ring, PPTP-security, ..). I assume, that MS would win this "market share execise" easily. anyway, Moody seems to be on the MS payroll. On the other side, Linux distributors could do even better. My wishlist for Suse: - configure security level (like harden_suse questions) with yast, and make it more granular. - by default, no shell user should be allowed to log in to ftp/telnet/pop using the same password or at all - have an installation option, that compares installed packages versus ftp.suse.com and lists known vulnerabilites and available fixes, and does updates on request I think, that a lot of security can be gained my making defaults more secure, or easy, selectable installation options. Few systems get the attention, that they should .. Rainer Frank Hart <frhart@home.nl> Sent by: hart@pingala.netpromote.co.at 02.08.00 20:31 To: cc: suse-security@suse.com Subject: Re: [suse-security] SuSE security reputation, etc.. Len Rose wrote:
http://www.abcnews.go.com/sections/tech/FredMoody/moody.html It really sucks that SuSE wasn't even mentioned.
What really sucked was that this article is a total piece of crap. Based on the number of vulnerability's mr. Moody qualified a total OS. Also he adds the vulnerabilities of every linux distro but that is nonsence, cause there's a big chance a vulnerablility found in eg RedHat also affects SuSE. -- SuSE Linux 6.4 -o) | Like the ski resort of girls looking for Kernel 2.2.16 /\ | husbands and husbands looking for girls, the on a i686 _\_v | situation is not as symmetrical as it might mailto:frhart@home.nl | seem. -- Alan McKay --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com