[svlug] FUD -- Louderback/ZDTV

[kmself@ix.netcom.com]

Actually, it's less FUD than a very immature troll.

My questions:

  o Was this written before or after the LoveLetter Microsoft Outlook/VBA
    worm emerged?  How about a sense of perspective, eh?  Rant of my own 
    -- I'm getting really sick of "journalistic" web pages which don't
    provide a dateline or publication date.  Only slightly less annoying
    than the wholly unethical revising of online stories while neither
    noting the change nor retaining the original content.

  o If Unix is the Swiss cheese of operating systems, what's WinXX --
    the holes?

The one minor bit of truth -- yes, there *will* be backdoors found
in GNU/Linux software.  But they will be found, and fixed.  Under
proprietary systems there are neither then means (source) nor ability
(licenses allowing modification and redistribution) to be able to
identify and address security exploits.

The real measure of security isn't so much a count of exploits found
as it is the time window between first awareness of an exploit and the
general distribution of a fix.  By this measure, Microsoft and proprietary
Unices fall far behind Linux, and are pitiable in comparison to ground-up
secure systems such as OpenBSD.


http://www.zdnet.com/zdtv/freshgear/interact/story/0,3679,2562607,00.html

    Jim's Rant 
    By Jim Louderback

    Remember Claude Rains in Casablanca, who was "shocked" to find that
    gambling was going on? Well that's how I felt last week when I heard
    the report that Red Hat's Linux has a secret backdoor that exposes
    the system to unauthorized egress.

    Gee, what a surprise that a backdoor exists in an open software
    system, available for free, built on an OS (Unix) full of more holes
    than Swiss cheese.  The big surprise to me is that we haven't found
    more holes in Linux.

    Let me put this as plainly as possible. If you use open-source
    software written by who knows how many people, expect it to be
    unsecured. Do you eat the dip at parties? You never know who has
    been sticking their half-eaten cracker back in. Well open source
    is the same way. You never know when you'll peek around behind a
    subroutine to find a double-dipper. You'll never know just how sick
    your server might be.

    We're going to hear a lot more about backdoors, traps, fake passwords,
    and other holes in Linux very soon. If security is important, head
    for an organization that understands secure software. IBM, HP, Sun,
    even Microsoft, is better than an open-source model.


-- 
Karsten M. Self <kmself at ix.netcom.com>         http:/www.netcom.com/~kmself
    What part of "Gestalt" don't you understand?
    http://gestalt-system.sourceforge.net/
GPG fingerprint: F932 8B25 5FDD 2528 D595  DC61 3847 889F 55F2 B9B0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.svlug.org/archives/svlug/attachments/20000507/5a8c2a90/attachment.bin