[ale] Distro Reply

Jerald Sheets jsheets at yahoo.com
Tue Jan 4 20:04:48 EST 2005


Windows and secure in the same post.

HAH!

The only way it (or any other system) even remotely approaches secure is in
an empty room, unplugged from both electricity and network, and turned off. 

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Jonathan
Rickman
Sent: Tuesday, January 04, 2005 1:39 AM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] Distro Reply

On Mon, 03 Jan 2005 23:18:39 -0500, James P. Kinney III
<jkinney at localnetsolutions.com> wrote:

> As long as the XP weak link is out of the picture, SELinux makes the 
> system _VERY_ hardened from internal and external attacks.

Just because I can't resist playing the advocate for the evil one, and
because I happen to know a thing or twenty about windows security...

On what basis do you believe that a properly configured SELinux is superior
to a properly configured Windows XP SP2 machine. Both Windows and Linux are
prone to having buggy code. So setting that aside and just taking for
granted that there are no flaws (totally hypothetical here now) in the code
used to generate the software in the first place, what exactly does SELinux
offer in the way of security features that Windows XP with SP2 and an
appropriate local security policy and/or AD group policy lacks?

I know the technical answers already so there's no need to start a
discussion of MAC vs. DAC, but I'm not seeing the practical application
outside of certain defense related environments. I pretty much know the
HIPAA regs inside and out, or at least I did a year ago when I still had
some interest in it all. There is no requirement for data labeling or
mandatory access controls that is typically seen in the .mil/.gov arena.
Those are really the only practical features missing from Windows, so I fail
to see the justification for using SELinux to satisfy some imaginary HIPAA
requirement. Using that as an argument against Windows in healthcare is a
slippery slope when you consider how terribly incomplete SELinux is in the
framework of the distributions that make use of it. Comparing it to
something like Trusted Solaris reveals this immediately. SELinux is not a
magic bullet, though it is fairly useful on the server side at the present
time.

--
Jonathan
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.7 - Release Date: 12/30/2004
 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.8 - Release Date: 1/3/2005
 



More information about the Ale mailing list