Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept)
From: bkfsec <bkfsec () sdf lonestar org>
Date: Wed, 11 May 2005 17:08:20 -0400

James Tucker wrote:

Well, yeah, but I still wouldn't be throwing away GNU/Linux just yet on
that front.   I would argue that it's still entirely possible to build a
GNU/Linux system that is more secure than a MS Windows system,
relatively speaking.  (Note: I am not saying that GNU/Linux doesn't have
its share of security issues and I am not saying that one can't create a
well-secured Windows server.)

I can understand that this is drifting off track, but as part of the
community, how can you relaibly justify this? I don't mean to be
facetious, but I have never seen any such justification in existence,
furthermore if other aspects are considered such as average required
development time to a 'secure' system the argument can be easily
swung. Such a comment may have been  more acceptable if one were to
use openbsd as an example, arguably. Again there are aspects which
must be considered, but if we are refering to the operating system
alone then should we consider the default install, the number of
discrete settings which must be changed? the length of a script which
performs these actions automatically? such judgements are hardly
quantifiable - due to scalar issues.

Remember, if the choice was clear, someone would have 'won' already.


I know it because I've done it before. Having access to the code means that you can change things you don't like and also that you can construct them from the ground up to meet your needs. Dependancies can be removed. Packages and services can never be installed if you don't need them.

Obviously, if you're going to create a system that is very difficult to get into, it's going to take some time. However, having access to the code and the will to modify the system you can do some very good things.

Just by that fact one can construct a more secure system with a Free Software OS than any other proprietary system.

Keep in mind, I'm not talking about getting Red Hat and turning off all of the services. I'm referring to building a custom system from source packages - although, you can, if you want, reverse any GNU/Linux distribution in the same way, if you so chose, but sometimes it's better to start from the ground up.

I don't need statistics to tell me that it can be done. Incidentally, the very acts that I'm referring to are the ones that put OpenBSD into existance. And, if it makes you feel better, I'd include OpenBSD in the statement. -Barry

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]