LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - News (https://www.linuxquestions.org/questions/linux-news-59/)
-   -   Linux security is a 'myth', claims Microsoft (https://www.linuxquestions.org/questions/linux-news-59/linux-security-is-a-myth-claims-microsoft-283969/)

JerryMcFarts 01-30-2005 03:13 AM

Linux security is a 'myth', claims Microsoft
 
This is the article:

http://www.vnunet.com/news/1160853

I really did not post this article because of the title of the article:
"Linux security is a 'myth', claims Microsoft"

Because

A.

I partly believe that Linux security is a myth, for example of when hackers can achieve enough fame from making a mockery of Linux as it does with Windows, then we will see where Linux stands on the front of virus's and breaking's. Please don't flame me, I am a totally in love with Linux, and I know that in a common install Linux is more secure that Windows, but everyone has their price (even hackers). Thats all i have to say on that, no further comment. (this is not what I want to talk about)

B.

I brought this article attention because of this statement:

Quote:

McGrath went on to claim that another Linux myth centres on the number of open source developers who work to create the operating system.

"There a myth in the market that there are hundreds of thousands of people writing code for the Linux kernel. This is not the case; the number is hundreds, not thousands," he said.

"If you look at the number of people who contribute to the kernel tree, you see that a significant amount of the work is just done by a handful.
"There are very few of the improvements that come through the wider community. There are more skilled developers writing for the Microsoft platform than for open source.
Sure, it is propaganda, Microsoft can't seriously know all the efforts of all the different people behind open Source. And yes the handful that donate to the tree are supported by hundreds of others with their patches/bug reports. They use scare tactics, yes, but also they would never say something that couldn't be true because it's not in their best interests. So saying false statements will lose the opinions of their share holders, etc.

What I am getting at is that the Linux community really needs to band together and keep it's focus. The fathers of this blessed O/S have worked hard to get it to where it is today, and we need to find the heart and strength in the new programmers of today to bring us forth to tomorrow.

I have already made it a personal goal in my life to contribute to the Open source Community. I am struggling to learn my Programming (C, C++, Perl, Scripts, Java) and playing catch up so that one day I may fill a hole that needs to be filled. I am computer Science and Engineering Technology major. I don't need to be able to program well, i just need to be able to read and understand it, But I feel that this is a righteous cause and I want to be noble.

I am calling out to people of the Linux/Open source community, to look around. This is a great place and time we are in, the reins are held tight and we are moving forward, but there will be a time when the reins will be passed down to the next generation, and we need to be ready for that time to come and to keep the spirit alive.

I am not trying to be offensive or dismantle what we have. I am wanted to keep people logical and fundamentally on the ground so that we see what is true and not what we want to see. I am saying to look deep inside yourself and if you believe in open source fight for it. Not in rants, raves, and flames. Fight for it where it counts, and that is hard work. (code, patches, and programs)

Who knows what will happen when our chief advisers step down, i.e. Linus Tolvalds. Are we ready? We always need to be ready, we have no choice, it is our freedom.

Thank you for Listening and fight for the righteous Cause,
Bryon

Mambo93294 01-30-2005 06:53 PM

I'm sick and tired of trolls. Taking advantage of these rubbish articles. What's the best way to deal with them? Ignore them or smack down with their pathetic points of arguments.

Troll:

Quote:

For eg) Security comes from anonymity.

1. Use an OS no one would ever think of using and you are more secure.

2. Make the system completely non-user friendly and not very compatable and you will have a more secure system
Me:

Quote:

: There are many linux distributions that are designed to be use friendly. For example Mandrake Linux. Your generalisation is vague.

BTW how's Xandros going? lol
When is Mandrake Linux going to preinstalled on peoples computers. I'm sick of Microsoft monolopy.

BTW I don't use Mandrake Linux. I use Slackware. Mandrake is just an appropiate example.

Brian1 01-30-2005 07:11 PM

Security is only as good as you make it. New linux distros are more secure out of the box than Windows anything out of the box.

Brian1
" Google the Linux way @ http://www.google.com/linux "

jschiwal 01-30-2005 07:25 PM

Quote:

"There a myth in the market that there are hundreds of thousands of people writing code for the Linux kernel. This is not the case; the number is hundreds, not thousands," he said.
...
There are more skilled developers writing for the Microsoft [/b]platform[/b] than for open source.
Notice that even if the first line is true, he's comparing the number of people coding for the kernel vs the number of people writing for the entire platform.

Donald_McM 01-31-2005 06:45 AM

microsoft is totaly wrong.. linux is more secure agianst viruses than windows....

JerryMcFarts 01-31-2005 11:47 PM

-delete-

J.W. 02-01-2005 02:28 AM

What exactly is it that you want to retract? I'm having a hard time trying to figure out what you mean, since you were the one who started the thread but (apparently) now want to claim it's a mistake.

The article itself has merit; it simply gives some insight into the Microsoft point-of-view. -- J.W.

daft 02-01-2005 04:11 AM

Linux Security is No myth

Most Security breaches are made becose of flauws in applications.
In windows these applications are mostly run as administrator rights (most users have that), this becose you cant do shit with a (normal) user account.
in linux all programs that dont have to be root arnt root so most attacks result in a Local root attack.
That kinda reduces the odds isnt it.

Tux_Phoenix 02-01-2005 01:03 PM

Quote:

When is Mandrake Linux going to preinstalled on peoples computers. I'm sick of Microsoft monolopy.

I know this isn't probably what you ar elooking for but there are a few computer distobuters that are selling computers with Linux OSs preinstalled. HP for one and I have even seen them in my local walmart. I am not sure how the sales are doing from these machines but consitering there is usaly a 100-200 price difference in the same computer with MS on it I would buy the Linux one just to same th e money. (And if I wasn't a linux user, and couldn't get into linux I would just install a pirate copy of Xp) But I think this is a move in the right direction to get the Linux OS out there to more home personal PCs.

here are some links:
http://opensource.hp.com/
http://h10018.www1.hp.com/wwsolutions/linux/index.html
http://www.walmart.com/catalog/produ...3A3951%3A41937

These are just a few.

Ephracis 02-03-2005 02:28 AM

McGrath is way off. One of the main reasons why the Windows operating system is so vulnerable to virii is that it uses ActiveX which allows IE to install and run software. This is refused by such browsers as Firefox (although there are plugins but who would be dumd enough to use them?). Linux has not made that dumb mistake so getting a virus to actually run in Linux is very difficult. Even if you get the virus to run on the system you have too many variants of the Linux system and the virus must be pretty good written to be able to handle a handfull of different systems. Even if you manage to overcome those two problems you have one more: you need to give the virus root access if you want to do something else then just mess with the users home-dir.

These three main things (there are certainly more) make at least writing virii alot harder in Linux than in Windows.

JerryMcFarts 02-03-2005 11:19 AM

This isn't a security Post.
 
Hi, thank you guys for the replies, but i don't think you understand what I am trying to get accross. This post isn't about security but about goals of personal people. I posted this for a morale boost to show how I got in the spirit and how I set a goal in life to help the Open Source Movement (which i think is very vaild) and for others to do the same. I wanted people to look at themselves and think,

"Man, I can make a difference."

And in Open source / Linux You can! :-) That to me is the #1 reason i love linux.

It isn't because of security it is about freedom.

Security to me is the same with every system, in the fact that you make it as secure as you make it. I ran fine on windows, and i am sure with most of the computer literate people here you would too.

I wanted to give a morale broost in saying

"We work for the good of tomorrow"
Good Luck Programmers!
~Bryon

Ephracis 02-03-2005 11:28 AM

JerryMcFarts, it's funny you bring this up. I myself started to think those thoughts a couple of weeks ago and it resulted in a promise to myself that I would someday do some sort of tribute to the opensource/linux community. I started to feel kinda guilty since I was using software that other created for me but I didn't give anything back.

Keep the spirit alive. :)

daft 02-05-2005 07:35 AM

btw other securety thing
with sudo you can also make a limited root admin so you can update configure your box. but you can rm -rf /
stupid class m8 did that when i was helping some one else with C

hari_seldon99 02-06-2005 04:30 AM

Quote:

Originally posted by MezzyMeat
JerryMcFarts, it's funny you bring this up. I myself started to think those thoughts a couple of weeks ago and it resulted in a promise to myself that I would someday do some sort of tribute to the opensource/linux community. I started to feel kinda guilty since I was using software that other created for me but I didn't give anything back.

Keep the spirit alive. :)

Hey, you can always pay them :p . Donate to Mozilla or the FSF or to any other developer(s) whose stuff you like the most. I do.


Seriously, though, Microsoft's propaganda is beggining to piss me off.
Their anti-Linux campaign has assumed the proportions of Rabochy Put now. This only proves that they are afraid of the OS and know that Linux/FreeBSD will eventually surpass them in terms of user base. Apart from gamers and vendor-locked-in developers, the only windoze users I have seen so far are silly yuppies who don't know any better. MAC users are a little better, though it's still proprietary ( I guess all prop tech is not ALL bad).

Also, there are companies like Novell & IBM that are behind Linux (questionable abt IBM), so Linux people have got some power in the PR department.


http://www.novell.com/linux/truth/

http://news.bbc.co.uk/1/hi/technology/3600724.stm

http://www.cyber.com.au/users/conz/r..._campaign.html

http://lwn.net/2001/0607/a/esr-big-lie.php3

dick_onion53 02-08-2005 09:01 PM

Quote:

Seriously, though, Microsoft's propaganda is beggining to piss me off.
Their anti-Linux campaign has assumed the proportions of Rabochy Put now. This only proves that they are afraid of the OS and know that Linux/FreeBSD will eventually surpass them in terms of user base. Apart from gamers and vendor-locked-in developers, the only windoze users I have seen so far are silly yuppies who don't know any better. MAC users are a little better, though it's still proprietary ( I guess all prop tech is not ALL bad).
Well...... Once Linux becomes user-friendly (in terms of people don't need to hop on the Konsole in order to do something), it just may beat Microsoft down into the ground. I hate Microsoft [as a company] because they just buy their way into the market rather than actually trying to make a good product or service. The Xbox for example - it's a piece of shit. Yet some how its in second place in the console wars. Why? It's cause they advertise and brainwash the general public into thinking its worth the $150 when its not. Just as an aside to gamers, we all know xbox doesnt have crap for games.

I don't hate windoze as I've expressed many times before, but I still hate Microsoft (which is why I downloaded windoze rather than paying for it). I don't see how they can possibly charge for windows though, doesnt Bill have enough billions? ;-)

Anyway, the reason Linux isnt going mainstream is cause its very un-user friendly. Most average people just want to get the job done, not play around with the console for eight hours. Drivers support is also very poor. Some of the newer distros (like Debian and Mandrake) have made things a little easier - but not as easy as windows.

I believe Linux has the potenial to surpass windows --- just not at its current state.

Please don't flame me people, if you disagree with me --- go to the shooting range and take it out on a copy of windows ;-)

hari_seldon99 02-08-2005 11:44 PM

Quote:

Originally posted by dick_onion53
[B]Well...... Once Linux becomes user-friendly

Linux is already very user friendly. What it is NOT is that it is not idiot-proof. This explains why the bulk of windoze users are idiots. I just had a conversation with one such idiot who chided me for installing Debian on a departmental machine. He said that Linux was a waste of time and that if he wants better performance, he'd simply buy a newer more expensive computer. The reason why this makes him an idiot is because he's a grad student who makes even less money than I do, and I'm starving! Ultimately, windoze users who are not gamers or specialized developers are just plain and simple mental retards who can't type two keys on the bloody keyboard. As far as I'm concerned, they can have their stupid windoze with their stupid wireless connections, which I'll hack with kismet and use their routers to surf the web and upload pictures from gostse.cx to their "My Documents" folders using a netbios-backdoor.

tormented_one 02-08-2005 11:59 PM

I know this is off subject but another good interview with gates(note it is old).

http://www.cantrip.org/nobugs.html

speel 02-09-2005 12:12 AM

POWER TO THE OPEN SOURCE PEOPLE!

dick_onion53 02-09-2005 01:21 AM

Quote:

Originally posted by hari_seldon99
Linux is already very user friendly. What it is NOT is that it is not idiot-proof. This explains why the bulk of windoze users are idiots. I just had a conversation with one such idiot who chided me for installing Debian on a departmental machine. He said that Linux was a waste of time and that if he wants better performance, he'd simply buy a newer more expensive computer. The reason why this makes him an idiot is because he's a grad student who makes even less money than I do, and I'm starving! Ultimately, windoze users who are not gamers or specialized developers are just plain and simple mental retards who can't type two keys on the bloody keyboard. As far as I'm concerned, they can have their stupid windoze with their stupid wireless connections, which I'll hack with kismet and use their routers to surf the web and upload pictures from gostse.cx to their "My Documents" folders using a netbios-backdoor.
Do you relize that you just called 90% of all computer users "mental retards"? Actually I think its quite the opposite -- linux is very idiot proof but its not user friendly. In windoze, all you gotta do to disable you system is delete something on the root drive like msconfig.sys or something. On linux its not quite that simple. To do something on linux is not "two keys", more like 500 keys alot of time. Which is fine for some people and horrible for others. And people use windoze for reasons other than cause they are "mental retarts." For example, my printer nor tv tuner card have ever worked under linux. So i use windoze to watch tv and print - does that mean i'm a retard? Hell no.

All I have left to say to you is think before you post cause that is a very ignorent statment to make.

Ephracis 02-09-2005 02:11 AM

I believe that Linux will be as easy or even easier then Windows, within the year of 2005. The main distros that makes me think this is Mandrake, Fedora and especially Xandrox.

But I don't think that Linux will make its way to the market yet. That's because not enough manufactures support Linux in their products. If Linux should go more mainstream they need more people makeing good software for them, more software and hardware that can support Linux without us Linux hackers having to fix this by ourselves. This will not happen this year, though. We will have to wait a little longer, I think.

dick_onion53 02-09-2005 02:21 AM

I agree with you for the most part but I got some comments...

Quote:

I believe that Linux will be as easy or even easier then Windows, within the year of 2005.
I don't think in 05' but in the next couple of years i believe linux will make a "friendly leap."



Quote:

....especially Xandrox.
Don't you mean Xandros? lol


Quote:

But I don't think that Linux will make its way to the market yet. That's because not enough manufactures support Linux in their products. If Linux should go more mainstream they need more people makeing good software for them, more software and hardware that can support Linux without us Linux hackers having to fix this by ourselves. This will not happen this year, though. We will have to wait a little longer, I think.
Damn well put.

hari_seldon99 02-09-2005 02:28 AM

Quote:

Originally posted by dick_onion53
[B]Do you relize that you just called 90% of all computer users "mental retards"?

Yep! They're here, they're wierd, get used to it.

Quote:

Actually I think its quite the opposite -- linux is very idiot proof but its not user friendly.

Now you are talking semantics.

Quote:

In windoze, all you gotta do to disable you system is delete something on the root drive like msconfig.sys or something.

Huh??? Break out the prozac man! Can you turn off the netbios-ssn service? No, and don't give me all that Zone Alarm firewall+ "Disable File & print Charing" crap, because that what it is, crap. I just ran nessusd on a so-called-firewalled machine with file & print sharing "disabled" on the TCP/IP config dialog and one of the plugins managed to sneak backdoor thru the microsoft-ds/netbios-ssn ports right into the My-Documents folder of a user and look at all his pron pics.


Quote:

On linux its not quite that simple. To do something on linux is not "two keys", more like 500 keys alot of time.

Not if you write shell scripts, or use the sphinx engine to talk to your shell, like I do. I hardly even USE the keyboard anymore.


Quote:

Which is fine for some people and horrible for others.
Life is horrible. Anybody who says differently is selling something.

Quote:

And people use windoze for reasons other than cause they are "mental retarts." For example, my printer nor tv tuner card have ever worked under linux.
Mine never worked on windoze. My Hauppauge WINTV card was supposed to be "optimized" for windoze, but I couldn't even install the drivers manually. No probs in linux, though. TV cards are notorious for getting multiple driver versions released (often beta versions of poor
and buggy quality) then becoming unsupported by upgrades like service fake-2. The Linux drivers for most TV cards (even the fancy-shmancy HD ones) will always be better than the windows ones. The bttv drivers for the Brooktree chipset have been around for many years (or so I read on the bttv sf.net website). TV cards are really low-tech and it's hard to think up
new hardware features, so proprietary companies just don't support them for very long and
force people to buy new cards if they want to use it with a newer OS/computer. MythTV just rocks.


Quote:

So i use windoze to watch tv and print - does that mean i'm a retard? Hell no.
No, just unambitious. Dunno which is worse.

Quote:

ignorent statment to make.
I see that you are using a windoze spellchecker there.

Ephracis 02-09-2005 02:41 AM

Wow, flame war? :P
(hari_seldon99 vs. dick_onion53)
Hah, it's getting hot in here...

Quote:

Originally posted by dick_onion53
don't you mean Xandros? lol
Yeah, spelled wrong, but shit the same. I still think that Xandros has almost gone over the line, it is almost as lameily (?) easy as Windows. Though, since it is running on the Linux kernel it HAS to be better then Windows, right? :P

dick_onion53 02-09-2005 03:00 AM

Well, Well hari_seldon99, I really didnt want to make this an argument but its not like i have anything else to do.


Quote:

Huh??? Break out the prozac man! Can you turn off the netbios-ssn service? No, and don't give me all that Zone Alarm firewall+ "Disable File & print Charing" crap, because that what it is, crap. I just ran nessusd on a so-called-firewalled machine with file & print sharing "disabled" on the TCP/IP config dialog and one of the plugins managed to sneak backdoor thru the microsoft-ds/netbios-ssn ports right into the My-Documents folder of a user and look at all his pron pics.
Say what you will, my ports are 100% stealth. And, no matter the o/s, you computer can get hacked. Linux gets hacked all the time as well as windows and mac. You should know that. No matter how hard it is, it WILL get hacked.

Quote:

Not if you write shell scripts, or use the sphinx engine to talk to your shell, like I do. I hardly even USE the keyboard anymore.
Well, according to you, everyone is an idiot, and most people don't know how to write a shell script.

Quote:

Life is horrible. Anybody who says differently is selling something.
LOL cant argue with you there.

Quote:

Mine never worked on windoze. My Hauppauge WINTV card was supposed to be "optimized" for windoze, but I couldn't even install the drivers manually.....
Don't give me this bullshit. I couldnt care less if you card works under linux. Mine doesnt. Its a PCTV Rave, its not some forgein piece of shit. It works fine under windoze.

Quote:

I see that you are using a windoze spellchecker there.
Were you using a Linux spell checker when you spelled "charing or pron?"

J.W. 02-09-2005 03:09 AM

I'm all for a lively debate, but let's keep things civil here please, and avoid any personal attacks. Thanks -- J.W.

dick_onion53 02-09-2005 03:21 AM

Quote:

Originally posted by J.W.
I'm all for a lively debate, but let's keep things civil here please, and avoid any personal attacks. Thanks -- J.W.
No problem man.

hari_seldon99 02-09-2005 03:36 AM

Quote:

Say what you will, my ports are 100% stealth. And, no matter the o/s, you computer can get hacked. Linux gets hacked all the time as well as windows and mac. You should know that. No matter how hard it is, it WILL get hacked.

Humbug! I'm behind 2 hardware firewalls, netfilter in my linux (configged with shorewall), snort, tripwire, and kmessage popups for any red flags. The chances of anyone digging thru all that are very very small (Not 0, but 100% security is a pipe dream, much like Quantum Computing). There is NO windoze box on the face of the good lord's green earth that has this much security (unless it's behind a linux router, and even then it can fall to trojans). Linux has a harder permission structure than windoze and so even if hacked, there's not much he an do unless you've been a lazy boy (girl?) and forgot to set cronjobs that security-update ur rpms or test ur paswds with John-The-Ripper.

Quote:

Well, according to you, everyone is an idiot, and most people don't know how to write a shell script.


Idiocy is curable (except in Republicans and the Bharatiya Janata Party., of course).





Quote:

Don't give me this bullshit.
Tsk,tsk. Such language!



Quote:

I couldnt care less if you card works under linux. Mine doesnt. Its a PCTV Rave, its not some forgein piece of shit. It works fine under windoze.


Well you're the one who brought it up pilgrim! Your implication in the last post was "Oh, dear me! My expensive white-collar TV-card doesn't work in Linux, so Windoze is holier than Christ, Muhammad, and The Lord Krishna!" Absurd!
One caveat for ALL linux users. RESEARCH YOUR HARDWARE BEFORE YOU BUY IT. I know it sucks ass, but blame it on the proprietary companies who don't release their chipset diagrams to the open-source developers. It's not the fault of linux at all. Linux developers are trying very hard to design drivers, but with little cooperation from the manufacturers, they have to take the hardware apart themselves (they also have to BUY it first, that costs MONEY), and often do a lot of reverse-engineering, no easy task. It takes TIME (example is all this business with the prism & broadcom chipsets in wireless B & G cards that typically have no native support & have to be used thru ndiswrapper for now). In the meantime, google ur hardware & find out what drivers work for it on linux and THEN buy the stuff. Compile the drivers in if necessary, find out what applis work best with the driver and off you go!


Don't run off to radioshack like a cross between a headless chicken and a yuppie and ask the chump behind the counter for a television card "thingamajiggie" . He'll invariable sell you what he's paid to sell you.



Quote:

Were you using a Linux spell checker when you spelled "charing or pron?"
[/B]
I'm not using any spellchecker, I'm talking. Sphinx is still beta-ish, but wait a few months. BTW, pron is a word, a quasi-euphemism for "porn", spelled that way to avoid filters. Don't believe me? Well, then don't. I won't die.

hari_seldon99 02-09-2005 03:39 AM

Oh, all right! Gloves back on! No more verbal duelling.
Man, and just when this day was turning interesting.
Nothing like a few good insults and jabs to spice up the night!

dick_onion53 02-09-2005 04:21 AM

Well hari_seldon99, J.W. has order a cease fire. Lets call it a draw ah?

hari_seldon99 02-09-2005 04:27 AM

Yeah, can't piss off the Grand Moderator and High-Priest from the Holy Land of the Linuxquestions.org Webserver, or risk excommunication. Don't want to be a Galileo any more than the next bloke, I suppose.

J.W. 02-09-2005 05:29 AM

Quote:

Originally posted by hari_seldon99
Oh, all right! Gloves back on! No more verbal duelling.
Man, and just when this day was turning interesting.
Nothing like a few good insults and jabs to spice up the night!
--
Yeah, can't piss off the Grand Moderator and High-Priest from the Holy Land of the Linuxquestions.org Webserver, or risk excommunication. Don't want to be a Galileo any more than the next bloke, I suppose.

This is exactly what LQ is *NOT* about.

Geez - talk about being mis-quoted. A couple of points of clarification:

1. Per the LQ Rules which everyone agreed to follow when they became members, discussions need to avoid personal attacks and disparaging/insulting remarks to other LQ'ers. A comment suggesting that another LQ'er increase his/her Prozac dosage hardly qualifies as a neutral remark.

2. All moderators are responsible for keeping discussions on topic. If a given conversation shows the signs of getting off-track (as evidenced by 4 letter words, insults, and challenges, etc, such as we've seen here) then the participants should not be surprised to see a request to stay on topic. This hardly equates to being "pissed off" or being on some sort of High Executioner power trip as you apparently suggest.

If you have any questions about this, Email me. Meantime, let's drop the attitude and keep the discussion moving in a positive direction. Thanks. -- J.W.

hari_seldon99 02-09-2005 05:45 AM

Hey, man! I was only kiddin'! Didn't mean nothin'. There should be some protocols built in to suggest tone-of-voice or something. Ease up on the umbrage, my friend. Excess negativity is not good for health.
You folks at admin are workin' way too hard. I abjectly and respectfully suggest a short vacation. Such things lead to great happiness and joy in life.

Ephracis 02-09-2005 09:01 AM

Quote:

Originally posted by hari_seldon99
One caveat for ALL linux users. RESEARCH YOUR HARDWARE BEFORE YOU BUY IT. I know it sucks ass, but blame it on the proprietary companies who don't release their chipset diagrams to the open-source developers. It's not the fault of linux at all. Linux developers are trying very hard to design drivers, but with little cooperation from the manufacturers, they have to take the hardware apart themselves (they also have to BUY it first, that costs MONEY), and often do a lot of reverse-engineering, no easy task. It takes TIME (example is all this business with the prism & broadcom chipsets in wireless B & G cards that typically have no native support & have to be used thru ndiswrapper for now). In the meantime, google ur hardware & find out what drivers work for it on linux and THEN buy the stuff. Compile the drivers in if necessary, find out what applis work best with the driver and off you go!
I agree. Every day I think of all those people working hard to get stuff working in Linux and also making Linux stuff work in Windows. Love those guys. :)

Btw, I agree with hari_seldon, you need to ease up a little, J.W. :)

J.W. 02-09-2005 12:14 PM

Well, as long as things stay friendly and the conversation doesn't fall apart, then no trouble. To be honest I'm pretty surprised that anyone would interpret my earlier comment (post 25) as some sort of heavy-handed, uptight, and irate demand. That's not the way I intended it to come across. As I've said before, as mods we often see threads spin wildly out of control when a little jostling in a discussion turns into a flame-war, so we try to monitor things pretty closely. Sorry if the tone wasn't right -- J.W.

tormented_one 02-09-2005 04:05 PM

I know this article may not be real clear but It came from linuxnews.com.

http://linuxtoday.com/infrastructure...20900826OSHLKE

I don't agree with the guy but he says the same thing.
Honeypot experiments are good sources of info. An unpatch linux distro lasts like 4 months in the net as opposed to 4 minutes for a unpatched windows box. Symantec has some good honeypot articles.

KimVette 02-09-2005 05:53 PM

You have to admit: Linux is a risk to Microsoft's security. :D

JerryMcFarts 02-10-2005 04:26 PM

WoW Guys
 
You guys showed me that I failed at the purpose of this thread. I wanted show people a bigger picture, but now when people come to read this post, they will leave with just the notion of two people bickering.

Oh, well I tried. But I wont Give Up! :-) Maybe not on this thread, but my spirit is alive, and the Open Source Psychology is in my veins.

Signing off,
~Bryon

dick_onion53 02-10-2005 09:55 PM

You are a good man Jimmy, and odd man, but a good one. Although I love opensource, I havnt paid for software in years so it doesnt matter much to me, but thats just me.....

hari_seldon99 02-10-2005 10:28 PM

Hey, I use Linux as much as the next geek. There are those in this thread (who shall remain nameless) who went so far as to imply that proprietary windoze was better than opensource GNU/Linux simply because they said so, and chose to ignore the facts in the face of business-class propaganda. Most people nowadays get windoze illegally, & then fill up their compus with pirated software downloaded by bittorrent that is riddled with trojans and spyware programs from Gator INC. that use keystroke loggers to steal credit card nos, and lo and behold, some redneck in Oklahoma is driving a pickup truck in your name! This demonstrates their hypocrisy, claiming on one hand that software that costs is better and that the only people who use opensource are seditious communists or whatever, then briskly firing up their azureus to download alcohol from suprnova.org and snickering with their false sense of sagacity. I am a bloke with principles so I don't use warez at all. The GPL offers the best of both worlds, (essentially) free software that's typically of superior quality to anything from microsoft, and open-source standards that maintain the quality , safety and (yes) trust that you cannot get from binaries compiled by people not willing to submit their source-code for scrutiny.

dick_onion53 02-11-2005 05:27 AM

That statment is so full of false crap that its not even worth arguing with. I can tell you have never downloaded something.

This especially caught my eye though:
Quote:

Most people nowadays get windoze illegally, & then fill up their compus with pirated software downloaded by bittorrent that is riddled with trojans and spyware programs from Gator INC
The whole point of pirated software is to get a program that costs money. 99% of the time "pay" programs DO NOT contain spyware. Although some keygens or crack will through in a trojan, its not common.

hari_seldon99 02-11-2005 05:58 AM

Quote:

Originally posted by dick_onion53
That statment is so full of false crap that its not even worth arguing with. I can tell you have never downloaded something.

I don't get it.
The above statement isn't even coherent enough for sober people to understand.

Let me see...
" I can tell you have never downloaded something"

Trying to get past the obvious grammatical boo-boo's, I assume you intend to accuse me of not downloading "something".

So, when you fail to make your arguments using sensible statements, you respond with personal attacks. Bravo! This is quite typical.

Never fear, though. Even after being street-bullied by moderators, I shall not hesitate to speak the truth.

However, I find it vaguely offensive and hypocritical that a bald personal attack like this is allowed, but a few quips made by yours truly are modded down as "flamebait" or whatever. Even slashdot is better moderated than this!

Sorry, but I won't take this bait and stoop to this level of defamation, so I shall conclude with a simple question and a few comments.


Question:If I have never downloaded "something",then how do you explain my vieweing of this page, which is "something" that I have "downloaded" from the Linuxquestions.org mailman server using my Firefox client to my host machine, then rendered by the gtk-GUI that acts as a frontend to the client engine???eh???




Quote:

The whole point of pirated software is to get a program that costs money.

Comment:

Ahem, an interestingly worded statement. You ought to work for the People's War group. The pay is crap, but you get to meet a lot of oddballs.


While being factually true, the statement attempts to legitimize the act of piracy by implying that "the best way to get cool stuff is to steal it". You almost sound like a Maoist.
No. I'll still follow the law.



Quote:

99% of the time "pay" programs DO NOT contain spyware. Although some keygens or crack will through in a trojan, its not common.

The 1% is bad enough.
GPL'ed software is 100% spyware-free.
Works for me! I don't have to live with the constant uncertainty of getting my SSN stolen.

In conclusion:
Your statements are actually worse than "crap". They are apparent thruths that try to justify crimes.

KimVette 02-11-2005 01:14 PM

Quote:

Originally posted by hari_seldon99

GPL'ed software is 100% spyware-free.
[/B]
If you're downloading from sources other than the original projects, how can you be sure someone didn't patch the GPL program and slip a keylogger or VNC into place? Can you REALLY be sure? Even from the original source, it can be risky - there have been instances of such trojan horses managing to find their way into OFFICIAL source trees, and they have been generally found right away, but it goes to show that the risk is there.

On the other hand, Microsoft's network has been breached, gigs worth of Source leaked, so with security like that who knows what the heck is getting checked into the Windows tree? (How's that for a 180* spin on FUD? :D)

Similarily, some of the most trusted big names (IBM was one) have been affected by viri, and in at least one case thousands of CDs were produced and shipped to customers before the problem was discovered.

My point?

There is no magic bullet for security. You may mistrust Microsoft, but when you go to GPL software, whom are you trusting? If you're a head-in-the-sand CYA corporate suit, you're going to choose Microsoft, because if your company gets hacked, well, you can point at Windows and say "See, we're FORCED to go with Windows because that's what everyone uses - it's not MY fault our chosen platform got hacked." On the other hand, you may be in a large company with vast resources which can afford to audit the source packages, so you download the GPL source from the project page(s), execute a comprehensive code review, standardize on the GPL package, and rest knowing that you KNOW what is in the code, and don't have to deal with the unknowns of proprietary Microsoft code.

From BOTH directions, it's FUD and propoganda, and either way there is risk of a trojan horse getting slipped into the code. With open source code, you have the opportunity to grab the source, download it, and compile it yourself - then you can be reasonably sure that all obvious security holes have been prevented. If you're of the CYA mindset, you choose Microsoft and when something bad happens, you point the finger at Gates, and since Microsoft is an established and well-respective company, your head won't roll.

Me? I am all for picking the right tool for the job. Don't take a round peg, cram it into a square hole, and claim that it's a perfect fit. The user is a TOTAL novice? Linux probably isn't right in 99% of those cases - Mac, then Windows, then Linux would probably be the best order to recommend platforms for such users. The user wants to do a lot of gaming, online banking and trading, etc? Then Windows is probably the best choice - but because it's 90% of the marketplace, you will need antivirus, spyware removal, and other utilities. The reason is this: it is the most prevalent platform, so that's what tends to be targeted.

Blanket statements simply don't work (oops, this is one, sorry, my bad!)

To claim that GPL is 100% safe and trustworthy is misleading.

To claim that it's better to trust {Microsoft | Apple | Sun | other} because they (presumably) pay people to put the code through QA cycles is misleading - and misguided. You wouldn't believe the lack of competence of just basic computer literacy skills that many so-called quality assurance engineers exhibit. I'm not referring to usability testing, where you WANT some novices, but in the actual QA team where testing core components of products (GUI, functional, back-end, etc.) is done. You also wouldn't believe how many known fatal defects that many products have, and product management decides to ship the thing anyway, not considering that it is nearly always cheaper to delay a release and prevent irate customers than to deal with firefighting and spin control when you risk losing a huge software deal because you knowingly shipped poop.

hari_seldon99 02-11-2005 02:09 PM

Quote:

Originally posted by KimVette
[B]If you're downloading from sources other than the original projects, how can you be sure someone didn't patch the GPL program and slip a keylogger or VNC into place?

netstat -tap|grep LISTEN
ps -ef|grep AMEX :)

Quote:

Can you REALLY be sure?

No, hence the above.


Quote:


On the other hand, Microsoft's network has been breached, gigs worth of Source leaked, so with security like that who knows what the heck is getting checked into the Windows tree? (How's that for a 180* spin on FUD? :D)

Yep WIN 200 source code got stolen & spread on OPenFT.


Quote:


There is no magic bullet for security.


I never said that. I did say that Security is never 100%.

Quote:

You may mistrust Microsoft, but when you go to GPL software, whom are you trusting?

Richard Stallman.



Quote:

To claim that GPL is 100% safe and trustworthy is misleading.

Blasphemer! Idolater! Pagan! Oh,never mind, just kidding :)

KimVette 02-11-2005 05:56 PM

hari_seldon99, you missed the point. I was basically taking each side's argument and poking holes through each - because while each side has valid points, this is not a perfect world, and exploits exist and will always exist in some fashion in both proprietary and open source packages -- and to completely discount the validity of using open source or proprietary software based on such blanket statements is to ignore reality.

hari_seldon99 02-11-2005 07:42 PM

Quote:

Originally posted by KimVette
hari_seldon99, you missed the point. I was basically taking each side's argument and poking holes through each - because while each side has valid points, this is not a perfect world, and exploits exist and will always exist in some fashion in both proprietary and open source packages -- and to completely discount the validity of using open source or proprietary software based on such blanket statements is to ignore reality.
[p]
I do not disagree with you at all. Open source software does have vulnerabilities. My point is not "Open Source software is better than Proprietary Software." My point is that the "Open Source development model is inherently superior to that of proprietary organisations as far as security is concerned (at least)."
[/p]

[p]

This is so because vulnerabilities are more quickly reported and patched in the decentralized network of open source developers worldwide. The open-source development model permits millions of developers to work in a decentralized fashion & still produce results quickly and efficiently. Microsoft has to hide all the source code and lock it up in a vault in Redmond. So all of it's developers have to be sworn in and kept physically in one cage to work. WE cannot scrutinize their code for flaws except by their results, which are usually crappy. Open-Source developers can patch bugs in the codes of other open-source developers simply by downloading from cvs servers using a PDA at starbucks if needed. As further examples, when ddos attacks first started to emerge in the internet, one of the nastiest ones was the ICMP attack called the ping-of-death. Linux patches that tackle this came out in a matter of hours after the problem was reported. Microsoft, with all it's money and resources and fake glamor, took six MONTHS to launch a windows update patch for the POD. Also, the recently reported IDN vulnerability in web browsers have been fixed using a Firefox extension, while vulnerabilities for Internet Explorer reported months ago have yet to be fixed. Proprietary software has to be designed by a medeival mind-set of isolated teams closely guarding their code.
[/p]

[p]


Small degenerate teams of developers cannot, statistically, equal the productivity of small-to-moderate teams of developers who work together in a decentralized way, and that can only be done if the source code is accessible to all.
[/p]

Mambo93294 02-15-2005 08:01 AM

What a flame war. :o

oberon-ken-obi 02-15-2005 08:39 PM

Hi yas
A flame war is where someone posts a "personal opinion" or an outright statement and others (rightly or wrongly) post antagonistic or inflamatory statements after it. Many times the attacks are of a personal nature, it usually gets off topic (but not always) but mostly just interupts intelligent, coherent exchanges by those that wish to calmly discuss the matters at hand.
Many times I have come to the conclusion that we must all sometimes (mostly?) agree to disagree. But I digress...

Security issue.

I can only speak from personal experience, of the 3 operating systems I've used recently, and I must stress here that I am a relative newbie on all, but have had more exposure to Win(x) platform.

Linux Fedora Core 2 with Firestarter (ipTables GUI frontend)
Win2kServer with ZoneAlarm
WinXP pro SP1 with ZoneAlarm

Only the Linux install has never been breached.
Others have been compromised to varing states of inconvenience. Resolution has been to save data to Linux machine and reninstall. It is generally easier to reinstall a windows OS (lol, it needs to be) than a Linux install. /start flame now. But fixing a problem is (IMHO) easier on Linux.
Leads me to a saying that may be used in the circumstance.

LINUX:- Configuration, not Re-installation.


Regards

Allan

hari_seldon99 02-15-2005 08:55 PM

Quote:

It is generally easier to reinstall a windows OS
You're the first chap I've encountered who's ever said that.
Personally, It took 3 hours to install/reinstall windoze (It didn't have drivers for my scsi card & I didn't have a floppy drive, so I had to attach a floppy with the drivers from the windoze driver CD). Mandrake installed in 20 mins.

oberon-ken-obi 02-15-2005 09:16 PM

Hey hari_seldon99

Maybe I should have added that when I install windows I have no odd real new or real old harware. Only do minimal install ie only what I explicitly need in terms of services no telnet, ftp, server stuff etc. and only a few applications

1. EverQuest game (DirectX only, damn Verant/Sony/SOE!!) this is really the only reason I have for owning a WinBox at all :+)
2. Mozilla, but looking at Firefox now.
3. Need for speed III. Brum brum
4. Office 2000 but just Word and Excel
5. Visual Basic 6 only because I cant get #^%$ Kylix to work on Linux, and I love to tinker with a programming language. Not clever enough to get my head around C++, Java, and really do not need the power either.

No scanners, printers, cameras. Maybe this will make a difference, im not sure.

Regards

Allan

hari_seldon99 02-15-2005 09:30 PM

Quote:

Originally posted by oberon-ken-obi
Hey hari_seldon99

Maybe I should have added that when I install windows I have no odd real new or real old harware. Only do minimal install ie only what I explicitly need in terms of services no telnet, ftp, server stuff etc. and only a few applications

1. EverQuest game (DirectX only, damn Verant/Sony/SOE!!) this is really the only reason I have for owning a WinBox at all :+)
2. Mozilla, but looking at Firefox now.
3. Need for speed III. Brum brum
4. Office 2000 but just Word and Excel
5. Visual Basic 6 only because I cant get #^%$ Kylix to work on Linux, and I love to tinker with a programming language. Not clever enough to get my head around C++, Java, and really do not need the power either.

No scanners, printers, cameras. Maybe this will make a difference, im not sure.

Regards

Allan

My whole point is that linux supports a lot more hardware (that don't have proprietary chipsets) than windoze. My Linux installation is pretty complete. SSH, proftpd, webmin, OOffice, Firefox, NVU, gcc, Wireless applis, Full KDE/GNOME, CUBE & SMAC for games, and the whole thing takes abt 30-45 mins + 20 mins for network update.

Basic windoze with no drivers for my TV card or any extra peripherals on a 4 Ghz 512 Meg RAM takes 3 hours minimum.


All times are GMT -5. The time now is 01:07 PM.