Developer Raps Linux Security - Democratic Underground

Nomad559

(1000+ posts) Send PM | Profile | Ignore

Tue Jan-11-05 01:34 PM
Original message

Developer Raps Linux Security

Developer Raps Linux Security

http://www.linuxinsider.com/story/Developer-Raps-Linux-...

A developer of security software for Linux had some harsh words yesterday for what he sees as a lax attitude toward security in the operating system's community.

"Linux is being presented by commercial vendors as a professional, enterprise-ready product," Brad Spengler, of grsecurity, said. "When it comes to security, I don't see it as either professional or enterprise-ready."

Spengler has gained notoriety recently through articles posted on the Web criticizing Linux security in general and in particular the Linux Security Module (LSM).

According to the programmer, Linux kernel developers don't take security seriously. "Linus has told me personally that he is not interested in adding even the option of very useful security features that can help prevent buffer overflow exploitation because using some of these features would make applications load a small fraction slower," Spengler said.

His frustration that performance is often given priority over security is one shared by many security professionals in all areas of IT, not just the Linux realm.

Printer Friendly | Permalink | | Top

Replies to this thread

- well, it's still got Windows beat by a mile on security. :) n/t	StrongbadTehAwesome	Jan-11-05 01:47 PM	#1
- if it's a concern, use the NSA version	GAspnes	Jan-11-05 01:49 PM	#2
- SELinux is incorporated into Fedora Core 3	Commie Pinko Dirtbag	Jan-11-05 01:53 PM	#4
- Isn't it also part of most other distros...	Solon	Jan-11-05 01:53 PM	#5
- Maybe	Commie Pinko Dirtbag	Jan-11-05 01:54 PM	#6
- I use a debian based Distro...	Solon	Jan-11-05 01:59 PM	#7
- After spending 3 hours deleting a spyware program	AllyCat	Jan-11-05 01:51 PM	#3
- I thought OpenBSD was the security standard?	no name no slogan	Jan-11-05 02:19 PM	#8
- It's still better than windows. Besides I don't know anyone	Cadence	Jan-11-05 02:26 PM	#9
- Linux is very secure if properly configured	McKenzie	Jan-11-05 02:44 PM	#10
- Have you tried Mandrake?	Cadence	Jan-11-05 02:47 PM	#11
- Nope but I can get a copy	McKenzie	Jan-11-05 03:25 PM	#12

StrongbadTehAwesome

(623 posts) Send PM | Profile | Ignore

Tue Jan-11-05 01:47 PM
Response to Original message

1. well, it's still got Windows beat by a mile on security. :) n/t

Printer Friendly | Permalink | | Top

GAspnes

(1000+ posts) Send PM | Profile | Ignore

Tue Jan-11-05 01:49 PM
Response to Original message

2. if it's a concern, use the NSA version

http://www.nsa.gov/selinux /

The results of several previous research projects in this area have been incorporated in a security-enhanced Linux system. This version of Linux has a strong, flexible mandatory access control architecture incorporated into the major subsystems of the kernel. The system provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements. This allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications.

It's not like there's "just one Linux" out there. There are a wide range of options, from Knoppix to Berkeley.

Printer Friendly | Permalink | | Top

Commie Pinko Dirtbag

(1000+ posts) Send PM | Profile | Ignore

Tue Jan-11-05 01:53 PM
Response to Reply #2

4. SELinux is incorporated into Fedora Core 3

And it retains all niceties of Red Hat distros. Sleek GUI, nice admin tools, stable as rocks.

Printer Friendly | Permalink | | Top

Solon

(1000+ posts) Send PM | Profile | Ignore

Tue Jan-11-05 01:53 PM
Response to Reply #4

5. Isn't it also part of most other distros...

that have the 2.6 based kernel?

Printer Friendly | Permalink | | Top

Commie Pinko Dirtbag

(1000+ posts) Send PM | Profile | Ignore

Tue Jan-11-05 01:54 PM
Response to Reply #5

6. Maybe

Haven't tried other ones (SUSE, Mandrake etc.)

Printer Friendly | Permalink | | Top

Solon

(1000+ posts) Send PM | Profile | Ignore

Tue Jan-11-05 01:59 PM
Response to Reply #6

7. I use a debian based Distro...

Edited on Tue Jan-11-05 02:02 PM by Solon

KANOTIX, with kernel 2.6.9 so I figure I'm pretty safe anyways, Windows simply sucks at security. I love the updates that are availuable about every 48 hours or so as well.

ON EDIT: Dammit! I forgot to update last night, I better apt-get into it. <--extremely bad pun Be a few minutes, oh well.

Printer Friendly | Permalink | | Top

AllyCat

(1000+ posts) Send PM | Profile | Ignore

Tue Jan-11-05 01:51 PM
Response to Original message

3. After spending 3 hours deleting a spyware program

running through windows Media Player, I am certain Linux or Mac have to be better systems than anything by freakin' Microsoft.

Next computer, I will either figure out how to use Linux or get a Mac. I can't believe all the security software I have loaded and crap STILL gets through. I don't file share either.

Be careful loading video clips people post...I'm reasonably certain this one came from one of the on-line tsunami videos I downloaded on a lark thinking "nothing will happen to me" with this one little file.

Printer Friendly | Permalink | | Top

no name no slogan

(1000+ posts) Send PM | Profile | Ignore

Tue Jan-11-05 02:19 PM
Response to Original message

8. I thought OpenBSD was the security standard?

Maybe I'm missing something, but don't most places run some heavy-duty firewall hardware/software? And isn't OpenBSD known to be a very solid OS, especially when in comes to security?

Linux is great, but I'm still pretty leary of using it for ultra-secure-type apps. Keep it on the desktops and web servers, and go with a *BSD for the heavy lifting.

My $.02, of course.

Printer Friendly | Permalink | | Top

Cadence

(1000+ posts) Send PM | Profile | Ignore

Tue Jan-11-05 02:26 PM
Response to Original message

9. It's still better than windows. Besides I don't know anyone

that runs linux unpatched. You have to do a lot of tweaking to get it going in the first place. Just run redhat package manager and load the patch bundle you want...problem solved.

Printer Friendly | Permalink | | Top

McKenzie

(1000+ posts) Send PM | Profile | Ignore

Tue Jan-11-05 02:44 PM
Response to Reply #9

10. Linux is very secure if properly configured

If any distro is used out of the box it's just as vulnerable to hack attempts as Windoze but if it's tweaked it's ultra secure. It's no accident that those people who frequent the alt.2600 communities tend to use Linux.

I'm using Windblows right now but only because I've been trying to configure Red Hat or SuSE to recognise my external modem for weeks.

http://www.linuxsecurity.com/

Printer Friendly | Permalink | | Top

Cadence

(1000+ posts) Send PM | Profile | Ignore

Tue Jan-11-05 02:47 PM
Response to Reply #10

11. Have you tried Mandrake?

It's been awhile but I configured Mandrake to use an external modem for network monitoring.

Printer Friendly | Permalink | | Top

McKenzie

(1000+ posts) Send PM | Profile | Ignore

Tue Jan-11-05 03:25 PM
Response to Reply #11

12. Nope but I can get a copy

from my LUG. I'll ask and try it out. I think the trouble is the modem brand though (Copperjet) Can't find anything of any assistance on Usenet or the net...sigh.

thnx

Printer Friendly | Permalink | | Top

DU AdBot (1000+ posts)

Mon May 20th 2013, 07:01 AM
Response to Original message

Advertisements [?]

Top

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.