[Leaplist] Why Open Source won't work on "Vista computers"

Phil Barnett philb at philb.us
Wed Dec 27 04:03:10 EST 2006 

On Wednesday 27 December 2006 02:27, Chris wrote:
> Phil Barnett wrote:
> >On Wednesday 27 December 2006 01:56, Chris wrote:
> >>I'm seriously ignorant
> >>of any clear and present threat in the FOSS world that this
> >>would deal with.
> >
> >I guess you've never been rootkitted. Or hacked. Or compromised.
> >
> >I have. Tripwire may be able to tell you what happened after the smoke
> > clears, but then it's too late. Yes, Linux has this need.
>
> No, I haven't, and given my expertise compared to yours,
> I'm going to attribute this to sheer dumb luck on my part.
> I'm going to hang my ignorance out on the clothesline here
> for the neighbors to see, and ask if these don't represent
> O/S defects that are better solved by hardening the affected
> pathways? For example, and I know this is heresy, and I hope
> I don't get struck by lightning, but if you had been running
> OpenBSD do you feel you would have had the same exposure?

Doesn't matter. I thought this was about the need for this in OSS, not an 
inter-OSS saber rattling contest.

Anyway, the time I got broken into, they came in through Apache. I suspect 
that this compromise would work fundamentally the same on BSD. It's seldom 
been BSD or GNU/Linux that gets compromised. It's all the other stuff we run 
to make the OS useful.

> Maybe more importantly - do you feel you have the same
> exposure today? If not - what changed?

Not the same, but not significantly better. SELinux layer adds some 
protection. But it's not the same as an operating system that knows what it 
should be running and disallows EVERYTHING else.

> And, given the ugly details of implementation I mentioned,
> how do you see implementing something like this across
> the plethora of distros we have?

Do you want to be playing a guessing game of which threat will be the one to 
make your OS fall apart? Or which OS will likely stand up to the barrage? I 
don't. I want to sit safe in the knowledge that the OS I run was planned to 
be secure and be nearly impossible to compromise because it understands what 
software should be running. If you want to compare GNU/Linux and BSD to 
Windows, we are already miles ahead of them. But that doesn't mean there  is 
no room for improvement.

-- 
My other computer is your Windows machine

More information about the Leaplist mailing list