[thelist] anybody know what drugs HP is on?

[judah at wiredotter.com]

At 09:30 AM 8/24/2001 +0100, Nick wrote:
>What am I missing here? Tell me if I am wrong but how could Windows ever be
>accused of being more secure than Linux?

I would say a couple things about security and Linux and Windows:

1) Many Linux distributions ship with incredibly unsecure services turned 
on by default.  I remember installing RedHat 5.2's Server configuration and 
it installed RPC, Telnetd, and a buggy Anonymous FTP server.  That's like 
putting up a big sign that says "Kick Me".  On the bright side, I just 
installed Dell's system builder edition of RedHat 7.1 and it was much 
better.  It replaced telnetd with sshd (thank god our encryption laws 
finally allow that) and, more importantly, it installed a number of server 
daemons, but it had them *turned off by default* which is ever so 
nice.  Combine that with the fact that it required you to configure an 
ipchains based firewall on first boot up, and it was pretty nice.  Only 
took me about 30 minutes to lock down this box.  Much better than previous 
RedHat installs.

2) Windows security blows.  That isn't really subject to debate.  But on 
the other hand, there isn't as much that you can do with the box if you do 
exploit it.  Windows isn't designed to be useful for remote users.  Linux 
is.  You crack the password of a user account on a Linux box, then you can 
go in, hide evidence in the logs and start downloading and compiling 
software and using the account as a launching point for other 
attacks.  Without the aid of a remote control sort of trojan (like BO), 
those sorts of tasks are much more difficult on windows boxes.  It's just a 
consequence of the nature of the two OS'es.

So I would argue that Linux certainly can be more secure than Windows, but 
it doesn't necessarily mean that a certain box *is* more secure.  And the 
consequences of an insecure Linux box can be greater in many cases than an 
insecure Windows box.

My $.02

Judah