"... which is more secure - Windows or Linux?Not surprisingly, the answer is in the negative. Good discussion on why Microsoft's OS is still not really secure. Ends with the conclusion that, if you must use MS-Windows, do so, but have another computer running an OS "which has a lower-risk profile" for your mail, web and other online activities. That could be OpenBSD (registration required).
A snide answer is OpenBSD, which has an exemplary record with respect to security. But let's stick to the two most broadly used platforms in IT today.
Microsoft's hired analysts claim that Windows is more secure than Linux. Should we believe them?"
because it takes a "tough love" approach; when it spots a virus on a computer, it automatically blocks that machine, "blackholing" the user, and notifies Grant... "The Airlok has the best firewall I have ever seen," says Grant, who believes the product could even change the Web itself. "Imagine if Comcast or other ISPs started using Airloks. If someone got a virus, the system would just shut that person down before it could spread. This could make hackers obsolete."Maybe a bit of hyperbole, but the product does look good, and serves as an example of what you can do with OpenBSD as a base.
There's lots of open-source software out there that no one has analyzed and is no more secure than all the closed-source products that no one has analyzed. But then there are things like Linux, Apache or OpenBSD that get a lot of analysis. When open-source code is properly analyzed, there's nothing better.
Just as brilliant scientists are capable of making spelling mistakes, brilliant coders can also make fatal mistakes in their software perhaps because writing good software is both a science and an art.And then quotes Theo as saying:
"Also, more people in the coding community are writing code, while fewer are reading or auditing code."
This article can also be found online at:
Then on some news sites, the story starts to change. A spokeswoman from DARPA is quoted as saying "We're sorry if this review process has been misinterpreted as an effort to cancel the work." (If it was not a cancellation, then why did Mark West from UPENN phone the Hyatt Calgary and cancel the reservations -- even before OpenBSD was informed by Jonathan Smith, who in email said "Penn has been contacted by the Air Force and NO FURTHER COSTS MAY BE INCURRED, effective today, 4/17/03", "All subcontracts are terminated, effective TODAY", and "Penn must cancel/terminate contracts & obligations such as the Hyatt and travel not yet PAID. Mark, please carry this out ASAP per our contractual requirements with the government" These papers proceed to pick up the new story; some retain the old one:
Note: some material related to POSSE is mirrored here.
"Smith and colleagues at Penn, the software development consortium OpenBSD, and the Apache Software Foundation and OpenSSL Group propose to use the open-source movement - where programmers openly share incremental advances - to try to engineer better security features into mainstream computers, not only those developed just for the military and other high-security organizations. The government then benefits by purchasing more affordable, standardized computers with security features."
vi
and a default C shell, he finds nice things to
say about OpenBSD's floppy + 'Net installation, the thorough system probe and
the IP filtering and address translation.
make
options and targets, and also notes OpenBSD's
"fake" installation used to create easily distributable binary
packages as an automatic by-product of building a port.
fuzz
, a tool that tests commands with randomly generated
command line arguments. Lead developer Theo de Raadt ran it against OpenBSD
and found routine coding errors in about a dozen commands, none security-related.
The article reprints de Raadt's posting and comments. Though the exercise was
worthwhile, the tool only points to the areas to check, and is no substitute for
careful code reviews, he concludes.
Connected to spanweb.glasgow-ky.com.
Escape character is '^]'.
OpenBSD/mac68k (spanweb.glasgow-ky.com) (ttyp0)