Linked by Thom Holwerda on Sat 27th May 2006 17:26 UTC, submitted by Ricus
Windows "Windows Vista Beta 2 includes a new defense against buffer overrun exploits called address space layout randomization. Not only is it in Beta 2, it's on by default too. Now before I continue, I want to level set ASLR. It is not a panacea, it is not a replacement for insecure code, but when used in conjunction with other technologies, which I will explain shortly, it is a useful defense because it makes Windows systems look 'different' to malware, making automated attacks harder." On a related note, Microsoft is having difficulties in reaching parity between the 64bit and 32bit version of Vista concerning the amount of drivers shipped.
Thread beginning with comment 128545
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Great...
by Gullible Jones on Sat 27th May 2006 21:08 UTC in reply to "RE: Great..."
Gullible Jones
Member since:
2006-05-23

MAC not implemented by default in any form in common distros. Protection against forkbombs via PAM not used by default in any distros I've seen. PaX barely used by anyone, not stable with current kernels on architectures other than x86. Buffer overflows all over the place - VMS and several UNIXes have measures against those.

I'm not saying that Linux is a badly designed kernel, or that distros are poorly designed, or even that Linux is insecure; I just think that kernel devs and (much moreso) distro maintainers need to realize that Linux can have security issues, and will have more as it gets more popular. Developers aren't just sitting there, sure, but I think a bit more needs to be done than just patch up vulnerabilities - innate measures against more common types of vulnerabilities (e.g. buffer overflows) are a good idea.

(BTW, while we're at it... Why do all criticisms of Linux get modded down? Trollish "zomg linux sucks" ones deserve it, but it seems to me that criticisms which don't constitute trolling lose points very often.)

Reply Parent Score: 5

RE[3]: Great...
by macisaac on Sat 27th May 2006 21:20 in reply to "RE[2]: Great..."
macisaac Member since:
2005-08-28

"Trollish "zomg linux sucks" ones deserve it, but it seems to me that criticisms which don't constitute trolling lose points very often"

it isn't just linux, but criticism of just about any OS can get you modded down by some fanboy of said OS. I got modded down the other day for saying solaris is slow at compiling apps, and I actually _like_ solaris... (I just tend to prefer linux).

like someone else pointed out, the moderation system, while it can be fun, does unfortunately tend to encourage being overly conservative and cautious in your statements for fear of getting bad votes.

I agree, it's a pity some folks can't distinguish between criticism and trolling.

Reply Parent Score: 2

RE[3]: Great...
by l3v1 on Sun 28th May 2006 06:11 in reply to "RE[2]: Great..."
l3v1 Member since:
2005-07-06

I don't know what world you live in but this:
No, I am never going to shut up about Linux security, not until the devs stow their stupid "we are teh invulnerable" attitude.
is not "criticism". It's just as bad as your own words "kernel devs and (much moreso) distro maintainers need to realize that Linux can have security issues, and will have more as it gets more popular" since you just simply state Linux devs are ignorant folks with no grip on reality.

Reply Parent Score: 1

RE[3]: Great...
by aent on Sun 28th May 2006 06:37 in reply to "RE[2]: Great..."
aent Member since:
2006-01-25

I guess Fedora isn't a common distro, as it has MAC (SELinux) implemented by default and I believe other security features as well. Not to say they are perfect, as there is still no extremely easy to use GUI for managing the firewall, and thus, most people seem to have it disabled. I'm hoping the next version of Ubuntu gets a lot of these vital security features enabled as well, such as SELinux and a good firewall application, I believe its on the roadmap for Edgy.

Reply Parent Score: 1

RE[4]: Great...
by _LH_ on Sun 28th May 2006 13:29 in reply to "RE[3]: Great..."
_LH_ Member since:
2005-07-20

as there is still no extremely easy to use GUI for managing the firewall, and thus, most people seem to have it disabled

Try Firestarter.

Reply Parent Score: 1

RE[3]: Great...
by danieldk on Sun 28th May 2006 08:11 in reply to "RE[2]: Great..."
danieldk Member since:
2005-11-18

I just think that kernel devs and (much moreso) distro maintainers need to realize that Linux can have security issues, and will have more as it gets more popular.

It kinda depends on what distribution you are using. E.g. Red Hat is pretty proactive when it comes to security:

http://www.redhat.com/magazine/006apr05/features/security/
http://www.redhat.com/magazine/009jul05/features/execshield/

Reply Parent Score: 2

RE[3]: Great...
by netpython on Sun 28th May 2006 10:41 in reply to "RE[2]: Great..."
netpython Member since:
2005-07-06

Unless you think FC5 isn't a common distro flavor.It has RBAC (SELinux) instead of BAC and enabled by default (targeted policy).Unless you think SuSE Linux isnÂt a common distro.It has AppArmor included.

Reply Parent Score: 1