Linked by Igor Ljubuncic on Mon 21st Jun 2010 09:35 UTC
Privacy, Security, Encryption I've bored the readers of my personal website to death with two rather prosaic articles debating the Linux security model, in direct relation to Windows and associated claims of wondrous infections and lacks thereof. However, I haven't yet discussed even a single program that you can use on your Linux machine to gauge your security. For my inaugural article for OSNews, I'll leave the conceptual stuff behind, and focus on specific vectors of security, within the world of reason and moderation that I've created and show you how you can bolster a healthy strategy with some tactical polish, namely software.
Thread beginning with comment 430887
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Security
by Laurence on Mon 21st Jun 2010 12:37 UTC in reply to "Security"
Laurence
Member since:
2007-03-26

Back in college, the course on Operating Systems had this to say on Linux security:

"Linux is both the least and most secure OS there is. It all depends on how much time and effort the admin puts in to properly configuring it."


Well that's not really true as, generally speaking, Linux distros ship with more secure defaults than Windows does.

However, it is fair to say that no OS is secure if you stick an experienced idiot in front of it. i.e. the kind of users who are experienced enough to know how to do stuff but not smart enough to know they shouldn't do it. (unfortunately I think we've all met at least one of these guys and I'm sure a few of you guys has made a living out of fixing their computers)

Reply Parent Score: 2

RE[2]: Security
by fanboi_fanboi on Mon 21st Jun 2010 14:04 in reply to "RE: Security"
fanboi_fanboi Member since:
2010-04-21

Linux also ships with more outdated and insecure packages, than the latest version of Windows.

Reply Parent Score: -1

RE[3]: Security
by ichi on Mon 21st Jun 2010 14:33 in reply to "RE[2]: Security"
ichi Member since:
2007-03-06

Linux also ships with more outdated and insecure packages, than the latest version of Windows.


Because Windows retail boxes update themselves while sitting on the shelves at the store, right?

Reply Parent Score: 8

RE[3]: Security - ah.. that's wat it is
by jabbotts on Mon 21st Jun 2010 15:41 in reply to "RE[2]: Security"
jabbotts Member since:
2007-09-06

Ah, thanks for that heads up. That Windows shipping with more up to date programs and patches would explain the 80 fed into my shiny new Windows machine last Friday.

Reply Parent Score: 3

RE[2]: Security
by wirespot on Mon 21st Jun 2010 15:42 in reply to "RE: Security"
wirespot Member since:
2006-06-21

Well that's not really true as, generally speaking, Linux distros ship with more secure defaults than Windows does.


And may I remind people that Linux security features are not even turned up to full blast on default installations. It's this good out of the box but it's not even trying. There's room for increasing Linux security two-fold or more. Consider:

* mandatory AppArmor-based software whitelisting;
* mandatory separate /home and /tmp partitions with noexec,nodev,nosuid;
* restricting software installation to official repositories and their mirrors and denying direct install of debs/rpms/install kits by default;
* integrating and shipping default kernels that feature better ASLR and NX bit support.

Reply Parent Score: 2

RE[3]: Security
by Laurence on Mon 21st Jun 2010 18:39 in reply to "RE[2]: Security"
Laurence Member since:
2007-03-26

"Well that's not really true as, generally speaking, Linux distros ship with more secure defaults than Windows does.


And may I remind people that Linux security features are not even turned up to full blast on default installations. It's this good out of the box but it's not even trying. There's room for increasing Linux security two-fold or more. Consider:

* mandatory AppArmor-based software whitelisting;
* mandatory separate /home and /tmp partitions with noexec,nodev,nosuid;
* restricting software installation to official repositories and their mirrors and denying direct install of debs/rpms/install kits by default;
* integrating and shipping default kernels that feature better ASLR and NX bit support.
"

May I remind you that I stated "more secure defaults than Windows" and not that "Linux's defaults are perfect" ;)

Reply Parent Score: 2