it is the extra apps that have the holes in security.
[ your own example of sendmail shows this ]
the os doesn't include email server, webserver, ftp /ssh .vnc servers. That is the distros that include those.
one of the easiest means to secure yourself, go into the configuration of firefox or seamonkey and TURN OFF AUTOMATIC SOFTWARE INSTALLATION. if you want to install a particular addon, turn it on before clicking the install link. Don't allow a site to install an addon easily.
I find that postfix is more secure by default than sendmail [ not by much, but it is better ] and postifx can use the sendmail config files to ease the migration.
Discussion on:
View:
Show:
i guess i should have been more specific. sometimes i generalize and say "linux developers" when what i should be saying "application a" developers. i know, i know..."linux developers" actually refers to the linux kernel developers.
as my step daughter says "my bad".
as my step daughter says "my bad".
I do see vulnerabilities in the security channels for the kernel, and the base system, but not as often as for the applications. 
as well, it is most commonly coming from the developers of the particular bit of software that these vulnerabilities are being reported by. [ including applications ]
The single largest collection of vulnerable apps are actually cross platform. Web apps have the worst security design lately.
[ Web apps like the scripts running TR, not apps like sendmail / apache ]
as well, it is most commonly coming from the developers of the particular bit of software that these vulnerabilities are being reported by. [ including applications ]
The single largest collection of vulnerable apps are actually cross platform. Web apps have the worst security design lately.
[ Web apps like the scripts running TR, not apps like sendmail / apache ]
Right or wrong, for years I've heard the argument, "Just wait until Linux is as widely installed as Microsoft. Malware writers will see it as better target when it's running on more systems." It's a bit ironic to learn the malware writers don't see it as a better malware target, but as better malware delivery system.
as a malware delivery system the systems open for exploitation to do it, are directly caused by MS.
If MS didn't "wizard" the configuration and MS admins rely on said wizards, they would not assume that a wizard configured tool is secure.
If MS didn't "wizard" the configuration and MS admins rely on said wizards, they would not assume that a wizard configured tool is secure.
You put a linux box in place and a windows box in place. Which one will be exploited first, just sitting there?
Now, if you install applications, then they are opening up avenues of attack.
And the big difference is, if it is a windows box, they load on a keystroke logger and get all of your information. If you have a linux box with a compromised sendmail config, someone could send an email through your system. Compare this to how many windows email servers are working as a relay that is forwarding spam?
Should Sendmail be secure? Sure. Do I use it? No. We use Domino on Linux and it has been a good combination.
Now, if you install applications, then they are opening up avenues of attack.
And the big difference is, if it is a windows box, they load on a keystroke logger and get all of your information. If you have a linux box with a compromised sendmail config, someone could send an email through your system. Compare this to how many windows email servers are working as a relay that is forwarding spam?
Should Sendmail be secure? Sure. Do I use it? No. We use Domino on Linux and it has been a good combination.
With all the better MTA products available for the platform, sendmail stopped being my fave choice several years ago...and that's from someone who used to run it on the UUCP net.
Even if you do want to run sendmail, having any single layer talking to the net is asking for trouble. Sendmail with a proxy in front of it is safer. In today's environment anything not using layered security is asking for trouble.
The main difference is that on Linux we have a choice - and can thus make "natural selection" work for us. On Windows you generally don't.
Even if you do want to run sendmail, having any single layer talking to the net is asking for trouble. Sendmail with a proxy in front of it is safer. In today's environment anything not using layered security is asking for trouble.
The main difference is that on Linux we have a choice - and can thus make "natural selection" work for us. On Windows you generally don't.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
