[svlug] FUD -- Louderback/ZDTV
kmself at ix.netcom.com
Sun May 7 18:07:52 PDT 2000
Actually, it's less FUD than a very immature troll.
o Was this written before or after the LoveLetter Microsoft Outlook/VBA
worm emerged? How about a sense of perspective, eh? Rant of my own
-- I'm getting really sick of "journalistic" web pages which don't
provide a dateline or publication date. Only slightly less annoying
than the wholly unethical revising of online stories while neither
noting the change nor retaining the original content.
o If Unix is the Swiss cheese of operating systems, what's WinXX --
The one minor bit of truth -- yes, there *will* be backdoors found
in GNU/Linux software. But they will be found, and fixed. Under
proprietary systems there are neither then means (source) nor ability
(licenses allowing modification and redistribution) to be able to
identify and address security exploits.
The real measure of security isn't so much a count of exploits found
as it is the time window between first awareness of an exploit and the
general distribution of a fix. By this measure, Microsoft and proprietary
Unices fall far behind Linux, and are pitiable in comparison to ground-up
secure systems such as OpenBSD.
By Jim Louderback
Remember Claude Rains in Casablanca, who was "shocked" to find that
gambling was going on? Well that's how I felt last week when I heard
the report that Red Hat's Linux has a secret backdoor that exposes
the system to unauthorized egress.
Gee, what a surprise that a backdoor exists in an open software
system, available for free, built on an OS (Unix) full of more holes
than Swiss cheese. The big surprise to me is that we haven't found
more holes in Linux.
Let me put this as plainly as possible. If you use open-source
software written by who knows how many people, expect it to be
unsecured. Do you eat the dip at parties? You never know who has
been sticking their half-eaten cracker back in. Well open source
is the same way. You never know when you'll peek around behind a
subroutine to find a double-dipper. You'll never know just how sick
your server might be.
We're going to hear a lot more about backdoors, traps, fake passwords,
and other holes in Linux very soon. If security is important, head
for an organization that understands secure software. IBM, HP, Sun,
even Microsoft, is better than an open-source model.
Karsten M. Self <kmself at ix.netcom.com> http:/www.netcom.com/~kmself
What part of "Gestalt" don't you understand?
GPG fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: not available
Url : http://lists.svlug.org/archives/svlug/attachments/20000507/5a8c2a90/attachment.bin
More information about the svlug