[ale] OT Linux Story

Dow Hurst dhurst at kennesaw.edu
Fri Jun 6 14:17:14 EDT 2003


That is an important point about what does a critical update truly 
represent.  Most of MS bugs are kernel related or so married to the 
kernel that you have a root type compromise.  Linux under the Unix model 
of separation of user and kernel doesn't have a comparable rate.  In 
fact kernel level bugs in the stable kernel are extremely rare.  
Applications under Linux do have bugs being fixed all the time and so 
several may be a mild security vulnerability.  Any security vulnerablity 
is normally classed by a Linux distribution vendor as a critical update, 
even if the vulnerability is really mild.  If you separate your normal 
user login from a trash user login for interacting with a brower then 
you further insulate yourself from vulnerabilities.  Reading the CERT 
summaries shows this up clearly in that practically every MS posted 
vulnerability is severe while most Unix and Linux vulnerabilities are mild.
Dow


Thomas Holmquist wrote:

> heh? linux has 3x critical updates than MS? umm no... THE LINUX APPS 
> MIGHT, BUT NOT _LINUX_. When you patch windows XP, your patching a 
> WINDOWS bug...
>
> haswes at mindspring.com wrote:
>
>> Forgive me I wasn't following the whole thread. but remember SQL 
>> slammer worm?  BofA was hit by that from what I heard. You can't piss 
>> of a CEO and CFO together to many times.
>>
>> And I liked this quote.
>> "My Linux server at home has three times the number of critical 
>> updates than my Windows XP box, which sits right next to it. It's 
>> just a fact that all the guys hacking Microsoft are Linux guys, 
>> that's the game here," Hanks said.
>>
>>> From the following link.
>>
>> http://security.ziffdavis.com/article2/0,3973,1115539,00.asp
>> Another ASP page...
>>
>> Adrin
>>  
>>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>

-- 
__________________________________________________________
Dow Hurst                  Office: 770-499-3428
Systems Support Specialist    Fax: 770-423-6744
1000 Chastain Rd. Bldg. 12
Chemistry Department SC428  Email:   dhurst at kennesaw.edu
Kennesaw State University         Dow.Hurst at mindspring.com
Kennesaw, GA 30144
*****************************************************************
This message (including any attachments) contains confidential  *
information intended for a specific individual and purpose,     *
and is protected by law.  If you are not the intended recipient,*
you should delete this message and are hereby notified that     *
any disclosure, copying, or distribution of this message, or    *
the taking of any action based on it, is strictly prohibited.   *
*****************************************************************


_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list