[TriLUG] Can open source solutions be viable companies?
Fri, 28 Jun 2002 21:18:40 -0400
On Friday 28 June 2002 18:21, Tanner Lovelace reputedly wrote:
> On Fri, 2002-06-28 at 17:31, Mike Mueller wrote:
> > Are these not facts: 1) MS succumbs to attacks often and Linux
> > infrequently,
> Mike, while I whole heartedly agree with this, in the interest of
> full disclosure I must point out that one (of the many) reasons
> MS systems succumb to attacks more often is that, having 90% of the
> desktop market, attackers are more likely to target them. If the
> situation was reversed, I believe there would be more problems
> with linux. I *believe* it would be less than what currently
> happens with microsoft, but I can't prove that. So, let's not
> let us (the linux camp) get a false sense of security about this.
> We still have to make sure linux is secure (i.e. the recent push
> to update apache and openssh).
I hear ya. Good tools and no vigilance will result in failure. Now if I
assume equal vigilance in the MS camp and the OS/Linux camp, I would argue
that the Linux camp security program has more credibility. I've read some of
the explanations of recent openssh weaknesses. Even though I could not
understand the details of what I read, I felt that the circle of people that
do understand such things ensure that such writings are accurate. To this I
compare the updates from MS that contain who-knows-what that could compromise
operations and security while purportedly fixing something in IE. The Linux
security camp acts like a top rated surgeon explaining a complicated
procedure to patient that is respected. The MS security camp acts like a
pill pushing doctor writing prescriptions to all comers. I agree that Linux
by itself is not a secure solution and that uninformed or complacent or
overwhelmed people can compromise the good set of tools. that Linux provides.
I am still amazed that I don't need a virus cleaner on my Linux systems.
Maybe that will change one day.
Has TriLUG considered a "How to run a secure shop" topic for the monthly