[ale] [WAY OT] Reps was: Torvalds \"SCO Smokes Crack\"!!

runman at speedfactory.net runman at speedfactory.net
Fri Aug 22 12:22:21 EDT 2003


Yes, if the Apache, Sendmail, and Bind that one uses is not the audited version that comes with it.  If you want to install the buggy versions, then yes, you have to accept the faults inherent in them and you are on a par with any other *nix/bsd.  No one says differently.  Not me nor the community.  Since a slew of vulnerabilities or a whole "class" of them are due to boxes that come with holes in them OpenBSD has closed them and left them to the operator(s) to open up.  Stupid Operator Error can mess anything up.

When OS sytems are compared, OpenBSD has a consistent history of proactivity and security - Linux doesn't.  When default installs are compared, then OpenBSD comes out on top.  When the amount of patches/time interval are compared OpenBSD is again the winner.  When given a choice to run the 3 biggest server apps (web server, mail server, dns server) OpenBSD's security audited versions again are better than Linux's versions from the original sources.  As for doing stupid things like installing ftp or running poorly written web apps ... well, *nothing* stops that - on any system.  Apples were compared to apples - it's just that OpenBSD apples are more secure.

As for the default install not doing anything ... well, ... that's pretty secure, isn't it ????

Greg

> On Fri, Aug 22, 2003 at 12:02:12AM -0400, Greg wrote:
> > hmmm, OpenBSD ... 1 hole in default install in 7 yrs...
> 
> Yes, ***BUT*** the default OpenBSD does not do anything!
> 
> Once you make it into a REAL system by adding Sendmail, Apache, mutt,
> GPG or PGP, ftp, etc. it has about the same remote vulnerability rate
> as Linux.  How 'bout that.
> 
> Compare apples to apples and leave the FUD for M$.
> 
> > I feel pretty secure
> > ... but we OpenBSD types are above petty distro wars so I'll just move along
> > ... nothing to see that hasn't been seen before ...
> 
> > Greg
> 
> Bob Toxen
> bob at verysecurelinux.com               [Please use for email to me]
> http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
> http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
> Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
> 
> "Microsoft: Unsafe at any clock speed!"
>    -- Bob Toxen 10/03/2002
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list