I'm going to point out something that Crispin has been too polite (appropriately so) to state- When I load Immunix, it is to a very reasonable degree, secure. And I can very easily complete the process. The one thing they could make easier is the creation of subdomain configurations. There is a reason why I recommend it to my customers as an excellent distribution and why Counterpane among others is using it as the basis for their log collection appliances- It is an excellent platform for those who are too busy or lazy to keep up with all the constant patching that is generally needed. You are protected against the majority of buffer overflows and if a daemon is cracked, if you've got subdomain running it won't do them much good. Security can be done well. The .NET version of IIS starts down the right approach of not installing anything but the most basic functions as default. Toby Crispin Cowan writes: > That's all true, but beside the point. Barry Shulak asked whether > Microsoft products were as bad as the jeers at the CRIME meeting > suggested, and why. I have argued that they are every bit as bad, and worse. > > It is true that security is complex, and that most organizations cannot > afford the operational costs of high security. What is hidden is that > most organizations are paying through the nose for either the added > expense of trying to secure Microsoft's broken systems, or for the added > expense of just being vulnerable. There are alternatives if one takes > off the "Microsoft only" blinders. You can buy and use many > non-Microsoft products (based on Linux and *BSD) that are a vast > improvement over Microsoft for price, performance, security, and > occasionally even ease of use, and definitely ease of use *securely*. > > >The simple fact is, the markets are deciding what is important. And that > >has some security people upset. But in my experience, the free-market is > >much better at deciding the fate of than centrally controlled > >organizations. > > > Where did anyone suggest a centralized authority replace the free > market? This is all just information to help our tiny little segment of > the market make a better informed decision :) > > Crispin > > -- > Crispin Cowan, Ph.D. > Chief Scientist, WireX Communications, Inc. http://wirex.com > Security Hardened Linux Distribution: http://immunix.org > Available for purchase: http://wirex.com/Products/Immunix/purchase.html > >
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:40:16 PDT