8/2 http://abcnews.go.com/sections/tech/FredMoody/moody.html
\_ yeah, that's why I run openbsd - paolo
\_ Me too but that isn't why the guy is wrong.
\_ I'm running FreeBSD instead of OpenBSD
because Free has a native jdk. I know its
not as secure, but I gotta have servlets.
\_ By the logic used in the article, OpenBSD sucks because
he'd add together all the BSD OS'es to get a "total BSD
count" which then applies to all BSD's. (His "total
Linux count" is Redhat + Debian + SuSE + ..., ignoring
that they all share code so he's just counted the same
bug 5 times.)
\_ openbsd notwithstanding, this guy is a moron. perhaps
time-to-patch might be a teeeny issue? or perhaps calculate
damage from 99.99% of the viruses that have ever existed that
were solely due to M$ OS bad design and compare with negligible
losses from linux holes?
\_ The linux bug count simply means that exploits are found
sooner and more often leading to an overall more secure
system. I bet that a well admin'ed linux machine would be
close to unbreakable, whereas an M$ machine no matter how
well admin'ed would have as many holes as swiss cheese.
\_ MS machines don't have shell access. It's the e-mail
and VBScript and the address book and the hard drive
trashing yada yada yada.
\_ You are wrong. Worse than wrong. MS has the cmd.exe or
http://command.com (depending on 95/98 or nt/2k). If you can
break an MS box enough to be able to "execute arbitrary
code and commands", then the easiest thing to do is exec
the command interpreter and make it work for you. All
sorts of commands built right in with zero/near-zero
security in one easy package. What you might have meant
is that "MS machines don't have remote shell access".
This is also untrue. Go read up on the Eeye hole(s).
People, if you're going to talk with authority about
something, at least try to make some minimal attempt to
talk with authority about something you _know_ about as
opposed to something you _read_ about once on the net.
Don't babble rumors. Get the facts. As far as this
article goes, this is just a ad banner revenue generator.
I suggest not bothering. It's flame bait.
\_ Your argument is overstated. You focus in excessively
on the technical details in your argument, that you
neglect the effective truths. That is, http://command.com
"shell access" is not appealing to the script
kiddies who squeal with joy obtaining
UNIX root access. There are things like BO,
but when it comes down to it, http://command.com
and executing arbitrary code and commands is not
the same as multi-user shell access. I already
know about http://command.com, buffer over-runs, and
GUIs to http://command.com ... but it's not shell access.
\_ Really? Getting http://comand.com access doesn't allow
you to execute and install arbitrary code?
\_ When all the script kiddies are talking
about how great their Windows NT slaves
are (as opposed to FTP juarez stores),
then I'll begin to take you seriously.
But yes, I agree that the technology is there
to get effective shell access by hacking
through Windows security and installing
a nice UI. And next time please restrain
yourself.
\_ This guy is a dip. He must have some nostalgia for the IBM
vs. Apple platform wars. |
http://csua.com/feed/