jump to navigation

What are the real vulnerabilities of Linux? December 7, 2004

Posted by rjdohnert in Software reviews.
trackback

Not a bad article It just dismisses many of the concerns that people have with Linux, and of course what can we expect from a Linux zealotry site. WAKE UP CALL, no operating system is 100% secure. For those of you that believe Linux is hacker proof and cant be cracked, I guess you believe in Santa Claus, the Easter Bunny and The tooth fairy. If you believe a virus cant be written for Linux a little tip, Thorazine comes in Vanilla Flavor now. One of the Linux vendors Beale who creates Linux security hardening software (If its so secure why would you need security hardening software) had this to say:

” Beale said the faster embrace and adoption of new technology in Linux also helps secure the operating system. While Microsoft cannot make major changes without worrying about their impact on administrators that may not fully understand a firewall, the problem is not prevalent for Linux.
“We don’t have this problem in Unix/Linux — sysadmins understand the system deeply, can cope with change by understanding it and planning for it, such that the addition of a firewall doesn’t shut down their servers,” Beale said. “If they don’t, we deem them incompetent and make sure that they don’t run a shop on their own or get promoted to senior-level.”

Whatever this guy is smoking let me have some, Linux does not embrace new technologies faster, I mean these developers havent even planned for IPv6 yet. Windows has support for IPv6 back in Windows NT 4. And i mean Jesus Christ, cant we get wireless devices working on Linux without having to rebuild a kernel for christssake? Linux fundamentally has the same shortcommings that have plagued the Unix world for over 30 years which is where I get my trademark statement that ussually gets me jumped by the linux guys “Same design mistakes 20 years later revisted” And if you look there are really no major changes in the system, both require users to be Text parsing experts, bothe require admins to go around their ass to get to their elbows in terms of installing software and hardware drivers and thats how come catastrophic events, such as the PayPal blunder where they screwed up a PHP Project (snicker) and toasted all of their server systems they were down for almost a week, 4 days to be exact. Where as Windows admins typically have the Program Go Back from Symantec for Windows 2000 or System restore for Windows Server 2003 have very little to worry about, in 20 minutes they can have everything fixed back the way it was and working. Linux may or may not be a more reliable system but its not perfect and will always be plagued with the shortcommings of UNIX, designed by developers and Power users for Developers and Power Users.

The “expert” Beal states:

“Part of this is that the system administrator has much more granular control over the [Linux/Unix] system,” he said. “Part of this is that Linux/Unix is just far simpler, and even better documented, than Windows, so the interactions between components that you might want to configure or deactivate are much better understood.”

Bullshit, Linux is not far better documented or easier to use thats why viruses are not as prevalent on Linux. I can think of better words for Linux and simple is no where near that list, ask my mother to build a driver module from source, change a runtime and reboot in terminal mode and change to directory /etc/linux-2.4.11/drivers/system/linux/xyz and load the module and dont forget to cp /media/usbkey/firmware.gz / /etc/linux-2.4.11/drivers/firmware/ and edit a config file to load the module at boot and your ass will get slapped. Linux is a very complex system, complexity is a friend sometimes. the easier you make an Operating System the less complex it becomes, hence the more vulnerable you make it because you have to switch this off and this off.

So yes, Beale and his associates are on something, drinking the Linux koolaid and boasting how powerful it is while Im sitting here on my Windows machine, with my security tools set up, so I know when I have a problem and not waiting for dancing skulls being rendered on a 25 year old Windowing system to tell me I have been hacked. Secure your environments, dont believe hype. Beale made the statement “We don’t have this problem in Unix/Linux — sysadmins understand the system deeply, can cope with change by understanding it and planning for it, such that the addition of a firewall doesn’t shut down their servers,” “If they don’t, we deem them incompetent and make sure that they don’t run a shop on their own or get promoted to senior-level.”. If he is willing to say that Linux is totally safe and you can rely on the operating system to keep you safe he is the one that is incompetent and should not “run a shop on his own” or “get promoted to senior level”.

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: