Re: Security followup

Subject: Re: Security followup
From: "Decker F. Wong-Godfrey" <dfgodfrey -at- milmanco -dot- com>
To: "TECHWR-L" <techwr-l -at- lists -dot- raycomm -dot- com>
Date: Wed, 15 Jan 2003 12:20:12 -0800




How many attacks are done by "Hackers" compared to the number done by "script kiddies?" Script kiddies don't need to know anything about the system they are breaking (and often don't), they just need to be able to run a program. Script kiddies are the ones who have the time and the inclination to break boxes, to make a name for themselves. The "Hacker" is a relative anomaly.


And this is relevant how? It doesn't really matter *who* runs the script.


I don't see what the question of relevancy is. When someone says that the chances of your computer being broken into are greater because there are more hackers on a particular platform it seems inherently related to the idea that only hackers are the ones breaking into your computer. It's just not true. The point was that it's not the hackers that need to be worried about as much as it is the script kiddies.

Also, without hackers, you have no script kiddies. Hackers do the work
that leads to the tools run by script kiddies.


I don't disagree, but who has the greater potential for doing damage, three hackers, or one hacker (with a multitude of easily exploitable vulnerabilities) and 200 script kiddies?

And the fact that the Hacker decides to run Linux says something about the relative security of a Linux system, doesn't it?


Not necessarily. It may say that Linux is more fun to play with, or that
Windows is a terrible development environment. Or both.


If you spend your time trying to break other people's programs so you can gain access to remote machines, isn't that going to be something you're probably trying to avoid having happen to you? Real hackers write their own OS anyway. :-)

If your statement was in fact true, then we'd see a lot more rootkits for Linux systems, we'd see more script kiddies out there breaking through back doors--but we don't.

Sure we do. I have no idea what your basis for saying this is.
Linux boxes get rooted all the time. I'd agree that Linux is more
secure than Windows (what isn't?), but that's no grounds for not
paying a *lot* of attention to making your system secure -- Windows
*or* Linux.

Sorry, I guess I should have been more clear about this. The statement is drawn from the logical conclusion drawn from the first post. More hackers on a platform means that there are more vulnerabilities. If, in fact, there are X more hackers on Linux than there are on Windows, that would mean that there are X more exploitable vulnerabilities on Linux than there are on Windows.

This is not true.

I'm not advocating auto-pilot administration. I am saying that there are big differences between the problems one has running Windows and the problems one has running Linux. I'm not saying that Linux is a security panacea. I am simply saying that the number of security concerns related to running a properly configured, and updated Windows machine still greatly exceed the number that one has running a Linux box simply because of the way UNIX and Linux are engineered.

I want to be very clear that I am not advocating irresponsibilty. I said it in my last post, and I'll say it again, Andrew's advice is good no matter what OS you're running.


I kinda wonder how many techwrlers are using Linux, though?



Exactly why I feel that responding to misinformation is so important. Your OS is your choice. There's things that make Windows a better choice, and there's things that make UNIX (Linux, Solaris, Mac OS X) a better choice. The inherently superior design of UNIX systems means for a more secure system overall. Leading people to think that the problems one has on a Windows box are the same ones that they will have on a Linux box is misinformation in my eyes.



^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
A new book on Single Sourcing has been released by William Andrew
Publishing: _Single Sourcing: Building Modular Documentation_
is now available at: http://www.williamandrew.com/titles/1491.html.

Help Authoring Seminar 2003, coming soon to a city near you! Attend this
educational and affordable one-day seminar covering existing and emerging
trends in Help authoring technology. See http://www.ehelp.com/techwr-l2.

---
You are currently subscribed to techwr-l as:
archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit
http://www.raycomm.com/techwhirl/ for more resources and info.



References:
Re: Security followup: From: Andrew Plato
Re: Security followup: From: Decker F. Wong-Godfrey
Re: Security followup: From: Paul DuBois

Previous by Author: Re: Security followup
Next by Author: Re: Security followup
Previous by Thread: Re: Security followup
Next by Thread: Re: Security followup


What this post helpful? Share it with friends and colleagues:


Sponsored Ads