Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] SuSE security reputation, etc..
  • From: rhoerbe@xxxxxxxxxxxxxxxx
  • Date: Wed, 2 Aug 2000 20:41:56 +0200
  • Message-id: <OFF5BBF6DA.4C4993EB-ONC125692F.00659B6B@xxxxxxxxxxxxx>
To add to that, it would be interesting to compare OS by "vulnerabilites
by architectural flaws". At the top of my head, I know a few for NT and
related products (display driver run on kernel ring, PPTP-security, ..). I
assume, that MS would win this "market share execise" easily. anyway,
Moody seems to be on the MS payroll.

On the other side, Linux distributors could do even better. My wishlist
for Suse:
- configure security level (like harden_suse questions) with yast, and
make it more granular.
- by default, no shell user should be allowed to log in to ftp/telnet/pop
using the same password or at all
- have an installation option, that compares installed packages versus
ftp.suse.com and lists known vulnerabilites and available fixes, and does
updates on request

I think, that a lot of security can be gained my making defaults more
secure, or easy, selectable installation options. Few systems get the
attention, that they should ..

Rainer




Frank Hart <frhart@xxxxxxx>
Sent by: hart@xxxxxxxxxxxxxxxxxxxxxxxx
02.08.00 20:31


To:
cc: suse-security@xxxxxxxx
Subject: Re: [suse-security] SuSE security reputation, etc..

Len Rose wrote:

> http://www.abcnews.go.com/sections/tech/FredMoody/moody.html
> It really sucks that SuSE wasn't even mentioned.

What really sucked was that this article is a total piece of crap. Based
on the number of vulnerability's mr. Moody qualified a total OS. Also he
adds the vulnerabilities of every linux distro but that is nonsence,
cause there's a big chance a vulnerablility found in eg RedHat also
affects SuSE.

--
SuSE Linux 6.4 -o) | Like the ski resort of girls looking for
Kernel 2.2.16 /\ | husbands and husbands looking for girls, the
on a i686 _\_v | situation is not as symmetrical as it might
mailto:frhart@xxxxxxx | seem. -- Alan McKay

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx






< Previous Next >
Follow Ups