Originally posted by steerpike
My point is - plenty of people are trying to destroy your PC. And they don't have to sit down in front of it to do it - just login at an internet cafe anywhere in the world.
Each to their own - I prefer a system which has security built in and where an ugrade is just a download away.
Steer, no machine is failsafe. I've little doubt there exist hackers that have access to virtually any PC in the world. We don't hear about them because they don't have an ego most teenagers have, as such perhaps here and there $1mil gets lost and we never even know it.
I rest safe that I am not important enough to warrant such attention. Either way should I need failsafe equipment, I certainly woudn't rely on any software firewall to keep me safe. For your average Windows user however, the SP2 firewall is sufficient to keep the 'read it online' hacker away from your PC.
pc
Originally posted by CliffLandin
Microsoft actually recommends that you do a complete format of your harddrive and reinstall windows every six months. Six months! I didn't restart my comp for six months.
Could you tell me where they state this ? As we are running certain servers that cannot be re-installed, I highly doubt this applies to all pcs.
If you think that the 80mb service pack 2 is keeping your comp completely safe, you are dreaming. McAfee is crap. I recommend that you go and get Kaspersky anti-virus and buy Ad-Aware [b]PRO. They are both more effective than McAfee. [/b]
I would not believe in a software firewall ever to keep my pc entirely safe. Most users however that have a ISP supplied IP would be largely safe behind a windows SP2 firewall. Granted, I have a static IP and as such use a hardware firewall, and any serious firm that needs their data protected would go for a dedicated firewall provider. For the avergage Joe Shmoe, the SP2 firewall is largely secure.
Here is a little interesting fact: If you do format your computer and install Windows updated to the latest services pack and then you install AA-Pro it will find spyware on your computer. Yes, MS is spying on you. It will actually find it if you don't upgrade to the latest service pack, but it will also find it if you upgrade to SP2.
I've no doubt MS is sending back information regarding their OS. Nowadays most software houses implement this policy. You know Adobe sends registration information even before you 'activate' any of their products ? Half Life II the same.
And trust me, your comp isn't safe just because you are running McAffe and service pack 2. Really, I wouldn't lie to you.
I know Cliff, neither is a Linux machine that runs on a software firewall. http://www.zdnet.com.au/news/software/0,2000061733,39116229,00.htm
"An analysis of hacker attacks on online servers in January by security consultancy mi2g found that Linux servers were the most frequently violated, accounting for 13,654 successful attacks, or 80 per cent of the survey total. Windows ran a distant second with 2,005 attacks. A more specific analysis of government servers also found Linux more susceptible, accounting for 57 per cent of all breaches."
pc
Originally posted by pcaspianThat's whatcha get when you send a boy to do a man's job! Stick Linux to a desktop where it belongs and run your Apache server on BSD instead๐
I know Cliff, neither is a Linux machine that runs on a software firewall. http://www.zdnet.com.au/news/software/0,2000061733,39116229,00.htm
"An analysis of hacker attacks on online servers in January by security consultancy mi2g found that Linux servers were the most frequently violated, accounting for 13,654 successful attacks, or 80 per cent of ...[text shortened]... rvers also found Linux more susceptible, accounting for 57 per cent of all breaches."
pc
- Joined
- 03 Sep 03
- Moves
- 87628
Originally posted by steerpikeUhm, if I login as root I can cause just as much damage to a unix/linux box. Windows 2000 and on are definitely multiple user. You aren't logging on as Administrator are you? It would be unfair to compare the security of logging into a linux box as non-root with the security of logging into a w2k box as Administrator.
A little experiment. Sit down at any machine running Windows, go to the the Systems folder and start installing scripts, renaming and deleting files. And you have trashed Windows completely -- just as a virus does.
Now try it on a Linux/Unix machine. File premissions means you can not see the operating system files, cannot delete the OS files and can no ...[text shortened]... y would have to change three decades of programs to put security in to stop the virus plague.
For others: it also isn't fair to compare linux to windows 95 or 98. Those are how old now? Did you ever try to run linux back in 95 or 98. It sucked in comparison, sure it was "stable" but there wasn't anything other server-stuff that you could do with it.
--tmetzler
Originally posted by John GThat is news to me. I have SQL server databases that have run for 7 years now without EVER being repaired.
Yeah, that sounds about right. SQL Server needs repairing nearly every day.... and how often do you need to reboot Windows? Every 3 months or so?
You need to try Oracle mate - it doesn't break down all the time, and Linux stays up for years.
But that's because I also write the software that puts the data into them and I check for nulls and empties and set appropriate values before it is fed to the poor engine.
If you put crap into the database -- triple extended Chr(34) or tripled up apostrophes or Null values or Empty variants.. you totally destroy any index in any database.
Then there is the "ability" to feed NULL values into large binary text fields... and empty graphics into blobs... they all screw the data.
But that's the way it goes. I will stand by SQL Server.
Mainly because my customers won't shell out for Oracle. <grin>
Originally posted by tmetzlerWhat server stuff could you do in Windows 95 or 98 which didn't suck? I don't recall anybody using Windows 95 or 98 as a server, and if they did it was a big mistake.
For others: it also isn't fair to compare linux to windows 95 or 98. Those are how old now? Did you ever try to run linux back in 95 or 98. It sucked in comparison, sure it was "stable" but there wasn't anything other server-stuff that you could do with it.
--tmetzler
Originally posted by tmetzlerRemember the ILOVEYOU virus? That caused heaps of damage to heaps of PCs, but how many of them do you think had administrator logged in when that script was run?
Uhm, if I login as root I can cause just as much damage to a unix/linux box. Windows 2000 and on are definitely multiple user. You aren't logging on as Administrator are you? It would be unfair to compare the security of logging into a ...[text shortened]... root with the security of logging into a w2k box as Administrator.
If you try running the same script on a Unix-type file system, the most that virus could do is corrupt your home directory and perhaps fill up your user-quota (if you are not root), everything else you only have read-access to, if that.
EDIT: One thing that makes me laugh about Windows, every time you want to know when the file was last accessed, it will always show the current date and time, because Windows accessed it to see when it was last accessed, but before the old date is read, it is overwritten with the new date. Right click on any file, and click properties, or even use the API. Just another extra piece of useless information incorporated into the OS.
EDIT: deleted an inadvertent smiley dquote-paren. "๐ ๐ ๐the article about mi2g doesn't have much info; here is more:
http://www.mi2g.com/cgi/mi2g/press/121104.php
and:
http://www.mi2g.com/cgi/mi2g/press/faq.pdf
(scroll down to "Which Operating Systems are most vulnerable to Digital Attacks?" )
i just picked up a copy of Linux User & Developer magazine with a Fedora Core 3 DVD included (LU&D a British magazine but Fry's, the local electronics superstore, has it). but need time to install it.
anyway, due to AOL and the kids' games, Linux is not up much on my PCs (and never when connected to the internet). but i like it because mostly i use unix with my work.
Originally posted by StarValleyWyWhy have a dog and bark yourself?
I have SQL server databases that have run for 7 years now without EVER being repaired.
But that's because I also write the software that puts the data into them and I check for nulls and empties and set appropriate values before it is fed to the poor engine.
The whole point of a database (ie a database managment system or DBMS) is to mangage data integrity and security. If you don't need that you might as well store your data in text files - performance can even be better with text files without the overhead of managing integrity. I proved this when I was forced to redevelop a Delphi/Paradox application in Perl/txt after the cowboy who developed the original app refused to support it.
Proper databases (even SQL-Server) have everything you need to manage integrity - unique indexes, CHECK contraints, UPDATE, INSERT and DELETE triggers etc.
Front-end and middle tier software is supposed to manage BUSINESS rules such as company policy,
If you are doing all the work yourself, I'm not surprised you are not having too much trouble with SQL Server, although you will have if your client ever tries to integrate the database with other systems.
Originally posted by StarValleyWyJust spent the last two days in a farm hut. No phone, no computer and overlooking empty beaches as far as you can see with big waves rolling in from the Southern Ocean
On a more personal note.
Have you ever thought of just getting away from all the crap that you think is universal truth when you get out?
Why not go to Arizona and learn how to rebuild airplanes?
You would be good at that. If you dare.
Lived down there about fifteen years ago - when I was still married and my children were small. And there were empty houses right next to those beaches, with a Mount Fuji look-a-like right in behind.
I think Arizona is a bit far inland for my liking. But you are right about getting away from the crap.
Originally posted by CrowleyTouchy wee soul, aren't we? I reread your post and it says "I've used DOS and then windows since I was a kid. Everything churned out by MS was pretty crappy, but if you didn't know how to work in shell, linux and unix were pretty much out of the question. " And I didn't see you updating us on either your view of MS products or shell programming in Linux.
Great. Did you even read my post? I explained why most people use Windows today.
Because [b]at that time you still needed to know how to navigate a shell to get anything done in early releases of Linux.
'The masses' use Windows today and it won't change very quickly - Why change something that works? Sure it crashes once a week, but the user just ...[text shortened]... can basically pick up an old PC off a scrap heap, hook it up to a CDROM and install Linux on it.[/b]
I see you are using a version of Redhat from 1999 - have you installed anything more recent so you can give us your considered opinion of the usability of a recent distribution?
Originally posted by pcaspianDon't forget to include the rest of the page:
http://www.zdnet.com.au/news/software/0,2000061733,39116229,00.htm
"An analysis of hacker attacks on online servers in January by security consultancy mi2g found that Linux servers were the most frequently violated, accounting for 13,654 successful attacks, or 80 per cent of the survey total. Windows ran a distant second with 2,005 attacks. A more speci ...[text shortened]... rvers also found Linux more susceptible, accounting for 57 per cent of all breaches."
pc[/b]
However, the rise in digital attacks probably reflects a lack of training and deployment expertise rather than inherent security problems in Linux, mi2g officials suggested.
Most Windows setups are constructed with about two or three "Microsoft Certified Systems Engineers" all standing around a server rack pointing and clicking, who have studied common holes and problems with Windows, and their workarounds.
Linux can be more secure, but it's not going to work miracles if you install it and run Apache just like that. You have to set the security up. If no MCSEs set up the government servers (if they were running Windows), do you think it would be secure?
Don't buy a pet dog and expect it to know all the tricks.
I would like to counter this much quoted argument that the reason Linux doesn't get hacked so much is because it's not as popular.
Firstly, Unix was around when Windows didn't exist and nobody got a virus.
Secondly, Apache is by far the most popular web server in use. It is not Linux but generally runs on Linux or some other flavour of unix. It has a far better record of security than that weird thing Microsoft sell.
The problem isn't really one of the technical ability of Microsoft, of course they can produce secure software. However, to appeal to the masses, you need to have things happen automatically, you need to embed icons in binary files, you need to be able to get an e-mail containing a spread sheet to automatically open, in short, you need the user to know as little as possible in order to make things happen. This is a perfectly legitimate way forward in my view but it is extremely open to abuse. If Microsoft made their software secure, management wouldn't know how to use it any more and it would be replaced in a matter of minutes. Microsoft know this.
Originally posted by DreamlaXOne more little trick to watch out for:
Don't forget to include the rest of the page:
However, the rise in digital attacks probably reflects a lack of training and deployment expertise rather than inherent security problems in Linux, mi2g officials suggested.
Most Windows setups are constructed with about two or three "Microsoft Certified Systems Engineers" all standing around a se ...[text shortened]... , do you think it would be secure?
Don't buy a pet dog and expect it to know all the tricks.
"mi2g said its study focused on "overt digital attacks" and did not include other methods of intrusion such as viruses and worms."
Surely a worm or a virus attack is also a digital attack and can cause equal or more damage? So why aren't all attacks recorded - is it because it would give a different headline?