Full Disclosure mailing list archives
Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept)
From: bkfsec <bkfsec () sdf lonestar org>
Date: Wed, 11 May 2005 17:08:20 -0400
James Tucker wrote:
Well, yeah, but I still wouldn't be throwing away GNU/Linux just yet on that front. I would argue that it's still entirely possible to build a GNU/Linux system that is more secure than a MS Windows system, relatively speaking. (Note: I am not saying that GNU/Linux doesn't have its share of security issues and I am not saying that one can't create a well-secured Windows server.)I can understand that this is drifting off track, but as part of the community, how can you relaibly justify this? I don't mean to be facetious, but I have never seen any such justification in existence, furthermore if other aspects are considered such as average required development time to a 'secure' system the argument can be easily swung. Such a comment may have been more acceptable if one were to use openbsd as an example, arguably. Again there are aspects which must be considered, but if we are refering to the operating system alone then should we consider the default install, the number of discrete settings which must be changed? the length of a script which performs these actions automatically? such judgements are hardly quantifiable - due to scalar issues. Remember, if the choice was clear, someone would have 'won' already.
*sigh*I know it because I've done it before. Having access to the code means that you can change things you don't like and also that you can construct them from the ground up to meet your needs. Dependancies can be removed. Packages and services can never be installed if you don't need them.
Obviously, if you're going to create a system that is very difficult to get into, it's going to take some time. However, having access to the code and the will to modify the system you can do some very good things.
Just by that fact one can construct a more secure system with a Free Software OS than any other proprietary system.
Keep in mind, I'm not talking about getting Red Hat and turning off all of the services. I'm referring to building a custom system from source packages - although, you can, if you want, reverse any GNU/Linux distribution in the same way, if you so chose, but sometimes it's better to start from the ground up.
I don't need statistics to tell me that it can be done. Incidentally, the very acts that I'm referring to are the ones that put OpenBSD into existance. And, if it makes you feel better, I'd include OpenBSD in the statement. -Barry
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) Day Jay (May 06)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) khaalel (May 06)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) bkfsec (May 06)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) me (May 10)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) James Tucker (May 10)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) bkfsec (May 11)
- Message not available
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) khaalel (May 11)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) James Tucker (May 11)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) bkfsec (May 11)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) Valdis . Kletnieks (May 11)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) bkfsec (May 06)
- Message not available
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) bkfsec (May 11)
- Re: KSpynix ::: the Unix version of KSpyware? (Proof Of Concept) khaalel (May 06)