Linked by Thom Holwerda on Wed 20th Jun 2007 20:07 UTC, submitted by Valour
OpenBSD "If you're a software enthusiast who has never used OpenBSD before, you might enjoy installing it by yourself and figuring it out as you go. If, however, you're looking for a more practical approach to using OpenBSD 4.1 on a desktop or server machine, here's a quick guide to get you started in this spectacular operating system."
Thread beginning with comment 249397
To view parent comment, click here.
To read all comments associated with this story, please click here.
fretinator
Member since:
2005-07-06

I think Microsoft is doing better in this regard. If I remember correctly, the default install of Sql Server (or MSDE) used to have an SA password of blank - ripe for the picking! Fresh installs of Sql Server 2005 require a password and have network connectivity shut off until you specifically enable it. WIndows 2003 Server is also much more secure by default that 2000. However, I would still prefer a fresh install of OpenBSD.

One clarification to the article - it says OpenSSH if shutoff untill you specifically enable it. That makes it sound like you have to manually edit a file to enable it after install. The install asks if you want SSH enabled and it does it for you durng the install process (unless they have changed this in 4.1).

Reply Parent Score: 4

flav2000 Member since:
2006-02-08

It's good for OpenBSD to have most services shut off by default. I guess that's a good compromise between usability and security.

In reality, the even better way to be secure by default is NOT to have any UNNEEDED applications installed in the first place.

As I said, the not-enabled-by-default approach is the best compromise between usability and security - I do want to point out that you can get even better security if tools are not installed to be exploited.

Reply Parent Score: 5

Janizary Member since:
2006-03-12

Having the software installed by default but not active is no more insecure than not having the software installed - if the system is compromised, it's over anyways. It's like people not having gcc on a system as a, "security measure," it's not helping, since once a person has broken in, they can simply get it on their own.

Reply Parent Score: 3

openwookie Member since:
2006-04-25

I think Microsoft is doing better in this regard

No doubt that they have improved, they just have a long ways to go, and were an easy target to illustrate my point.


Also, I just installed 4.1 on a server yesterday. Yes, it still prompts to ask if you want ssh enabled ;)

Reply Parent Score: 3