Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Developer Raps Linux Security

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » The DU Lounge Donate to DU
 
Nomad559 Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jan-11-05 01:34 PM
Original message
Developer Raps Linux Security
Developer Raps Linux Security

http://www.linuxinsider.com/story/Developer-Raps-Linux-...

A developer of security software for Linux had some harsh words yesterday for what he sees as a lax attitude toward security in the operating system's community.

"Linux is being presented by commercial vendors as a professional, enterprise-ready product," Brad Spengler, of grsecurity, said. "When it comes to security, I don't see it as either professional or enterprise-ready."

Spengler has gained notoriety recently through articles posted on the Web criticizing Linux security in general and in particular the Linux Security Module (LSM).

According to the programmer, Linux kernel developers don't take security seriously. "Linus has told me personally that he is not interested in adding even the option of very useful security features that can help prevent buffer overflow exploitation because using some of these features would make applications load a small fraction slower," Spengler said.

His frustration that performance is often given priority over security is one shared by many security professionals in all areas of IT, not just the Linux realm.
Printer Friendly | Permalink |  | Top
StrongbadTehAwesome Donating Member (623 posts) Send PM | Profile | Ignore Tue Jan-11-05 01:47 PM
Response to Original message
1. well, it's still got Windows beat by a mile on security. :) n/t
Printer Friendly | Permalink |  | Top
 
GAspnes Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jan-11-05 01:49 PM
Response to Original message
2. if it's a concern, use the NSA version
http://www.nsa.gov/selinux /

The results of several previous research projects in this area have been incorporated in a security-enhanced Linux system. This version of Linux has a strong, flexible mandatory access control architecture incorporated into the major subsystems of the kernel. The system provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements. This allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications.

It's not like there's "just one Linux" out there. There are a wide range of options, from Knoppix to Berkeley.
Printer Friendly | Permalink |  | Top
 
Commie Pinko Dirtbag Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jan-11-05 01:53 PM
Response to Reply #2
4. SELinux is incorporated into Fedora Core 3
And it retains all niceties of Red Hat distros. Sleek GUI, nice admin tools, stable as rocks.
Printer Friendly | Permalink |  | Top
 
Solon Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jan-11-05 01:53 PM
Response to Reply #4
5. Isn't it also part of most other distros...
that have the 2.6 based kernel?
Printer Friendly | Permalink |  | Top
 
Commie Pinko Dirtbag Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jan-11-05 01:54 PM
Response to Reply #5
6. Maybe
Haven't tried other ones (SUSE, Mandrake etc.)
Printer Friendly | Permalink |  | Top
 
Solon Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jan-11-05 01:59 PM
Response to Reply #6
7. I use a debian based Distro...
Edited on Tue Jan-11-05 02:02 PM by Solon
KANOTIX, with kernel 2.6.9 so I figure I'm pretty safe anyways, Windows simply sucks at security. I love the updates that are availuable about every 48 hours or so as well.

ON EDIT: Dammit! I forgot to update last night, I better apt-get into it. <--extremely bad pun Be a few minutes, oh well.
Printer Friendly | Permalink |  | Top
 
AllyCat Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jan-11-05 01:51 PM
Response to Original message
3. After spending 3 hours deleting a spyware program
running through windows Media Player, I am certain Linux or Mac have to be better systems than anything by freakin' Microsoft.

Next computer, I will either figure out how to use Linux or get a Mac. I can't believe all the security software I have loaded and crap STILL gets through. I don't file share either.

Be careful loading video clips people post...I'm reasonably certain this one came from one of the on-line tsunami videos I downloaded on a lark thinking "nothing will happen to me" with this one little file.
Printer Friendly | Permalink |  | Top
 
no name no slogan Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jan-11-05 02:19 PM
Response to Original message
8. I thought OpenBSD was the security standard?
Maybe I'm missing something, but don't most places run some heavy-duty firewall hardware/software? And isn't OpenBSD known to be a very solid OS, especially when in comes to security?

Linux is great, but I'm still pretty leary of using it for ultra-secure-type apps. Keep it on the desktops and web servers, and go with a *BSD for the heavy lifting.

My $.02, of course.

Printer Friendly | Permalink |  | Top
 
Cadence Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jan-11-05 02:26 PM
Response to Original message
9. It's still better than windows. Besides I don't know anyone
that runs linux unpatched. You have to do a lot of tweaking to get it going in the first place. Just run redhat package manager and load the patch bundle you want...problem solved.
Printer Friendly | Permalink |  | Top
 
McKenzie Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jan-11-05 02:44 PM
Response to Reply #9
10. Linux is very secure if properly configured
If any distro is used out of the box it's just as vulnerable to hack attempts as Windoze but if it's tweaked it's ultra secure. It's no accident that those people who frequent the alt.2600 communities tend to use Linux.

I'm using Windblows right now but only because I've been trying to configure Red Hat or SuSE to recognise my external modem for weeks.

http://www.linuxsecurity.com/
Printer Friendly | Permalink |  | Top
 
Cadence Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jan-11-05 02:47 PM
Response to Reply #10
11. Have you tried Mandrake?
It's been awhile but I configured Mandrake to use an external modem for network monitoring.
Printer Friendly | Permalink |  | Top
 
McKenzie Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jan-11-05 03:25 PM
Response to Reply #11
12. Nope but I can get a copy
from my LUG. I'll ask and try it out. I think the trouble is the modem brand though (Copperjet) Can't find anything of any assistance on Usenet or the net...sigh.

thnx

Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Fri Aug 29th 2014, 05:38 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » The DU Lounge Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC