mailing list archives
Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept)
From: bkfsec <bkfsec () sdf lonestar org>
Date: Wed, 11 May 2005 17:08:20 -0400
James Tucker wrote:
Well, yeah, but I still wouldn't be throwing away GNU/Linux just yet on
that front. I would argue that it's still entirely possible to build a
GNU/Linux system that is more secure than a MS Windows system,
relatively speaking. (Note: I am not saying that GNU/Linux doesn't have
its share of security issues and I am not saying that one can't create a
well-secured Windows server.)
I can understand that this is drifting off track, but as part of the
community, how can you relaibly justify this? I don't mean to be
facetious, but I have never seen any such justification in existence,
furthermore if other aspects are considered such as average required
development time to a 'secure' system the argument can be easily
swung. Such a comment may have been more acceptable if one were to
use openbsd as an example, arguably. Again there are aspects which
must be considered, but if we are refering to the operating system
alone then should we consider the default install, the number of
discrete settings which must be changed? the length of a script which
performs these actions automatically? such judgements are hardly
quantifiable - due to scalar issues.
Remember, if the choice was clear, someone would have 'won' already.
I know it because I've done it before. Having access to the code means
that you can change things you don't like and also that you can
construct them from the ground up to meet your needs. Dependancies can
be removed. Packages and services can never be installed if you don't
Obviously, if you're going to create a system that is very difficult to
get into, it's going to take some time. However, having access to the
code and the will to modify the system you can do some very good things.
Just by that fact one can construct a more secure system with a Free
Software OS than any other proprietary system.
Keep in mind, I'm not talking about getting Red Hat and turning off all
of the services. I'm referring to building a custom system from source
packages - although, you can, if you want, reverse any GNU/Linux
distribution in the same way, if you so chose, but sometimes it's better
to start from the ground up.
I don't need statistics to tell me that it can be done.
Incidentally, the very acts that I'm referring to are the ones that put
OpenBSD into existance. And, if it makes you feel better, I'd include
OpenBSD in the statement.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/