1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

I take it all back: Linux has no security vulnerabilities

Discussion in 'Security' started by minstrel, Apr 3, 2005.

  1. #1
    :rolleyes:

    Unix/Linux Authors Rush to Patch Security Flaw

    Buffer overflow? Linux? Can it be? :eek:

    Uh-oh...


    SEMrush
     
    minstrel, Apr 3, 2005 IP
    SEMrush
  2. nullbit

    nullbit Peon

    Messages:
    489
    Likes Received:
    19
    Best Answers:
    0
    Trophy Points:
    0
    #2
    What's your point Minstrel? This is starting to get stupid.
     
    nullbit, Apr 3, 2005 IP
  3. anthonycea

    anthonycea Banned

    Messages:
    13,378
    Likes Received:
    342
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Come on now Minstrel, we are talking about a drop in the ocean in comparison to the Flaws in Windows.

    This one by Microsoft is one they do not have a fix for Minstrel.....

    http://news.zdnet.com/2100-1009_22-5650238.html?tag=zdnn.alert

    If I were to post all the security problems with windows Shawn would ban me for taking all his bandwidth, would he not :confused: :p :eek: :p
     
    anthonycea, Apr 3, 2005 IP
  4. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #4
    My point?

    1. I finally got fed up to the max of people like mu$hroom posting here, there, and everywhere about how Linux is inherently secure and Windows was swiss cheese -- every time I turn around some moron is posting info about a new Windows patch and implying or claiming this wouldn't happen if we were all running Linux or MAC-OS

    2. Those of you using some version of Linux might want to be aware of the vulnerability and install the patches (the reason for posting those URLs)


    2.
     
    minstrel, Apr 3, 2005 IP
  5. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #5
    I rest my case.
     
    minstrel, Apr 3, 2005 IP
  6. anthonycea

    anthonycea Banned

    Messages:
    13,378
    Likes Received:
    342
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Thank you, that is what the forum should be about is making folks aware Minstrel, it is also about both sides of the issue and that is all Minstrel is doing to be fair guys, he is presenting the other side and this is what forum is about, fair debate and giving both sides a chance to present their views.

    Great stuff Minstrel :eek:

    The case can't be rested Minstrel because these (issues on both sides) things progress daily.
     
    anthonycea, Apr 3, 2005 IP
  7. noppid

    noppid gunnin' for the quota

    Messages:
    4,246
    Likes Received:
    232
    Best Answers:
    0
    Trophy Points:
    135
    #7
    The fundemental difference is the entire Linux Industry reacted immediatly. The 3rd party software went right on working and the OS did not have to be completly rewritten.

    Further more the problem was found by a watch dog and not as an actual exploitation.

    Man you are really reaching. There is no defense of the windows patch/upgrade path and that exploits are more often found after exploitation rather then before.

    You act like someone said linux software is perfect. It's not, but the developers certainly have a better plan that is working pre-emptively as opposed to when the customers house is invaded like in the windows case usually.

    Sheesh!
     
    noppid, Apr 3, 2005 IP
  8. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #8
    That's not actually true -- most of the patches Windows releases are for potential vulnerabilities rather than vulnerabilities that have actually been exploited.

    You haven't been around much, have you? When it comes to security, many Linux fanatics -- guys like mu$hroom -- have said exactly that.

    That is the whole point: I'm not penguin bashing here... I'm just tired of hearing the Windows bashing from people who turn a blind eye or a deaf ear to vulnerabilities in Linux and MAC and Firefox.

    Which is exactly what Microsoft does with its update program... if you choose not to download and install the patches, don't complain when your house gets trashed. Remember the summer of 2004? There were two major virus attacks that exploited a vulnerability in Windows for which Microsoft had issued a patch several months before the viruses hit.

    By all means, choose Linux over Windows if you wish. But just don't kid yourself that open source somehow avoids security issues.

    There's a thread elsewhere on this forum complaining that phpBB forum software is crappy because it allowed a forum to be compromised: The fix for that vulnerability has been available for some time but hadn't been applied. Indeed, the success of the Santy worm attacks over Christmas 2004 was possible only because people had not updated the phpBB software.

    Don't blame the mechanic if you ignore the need for preventative maintenance and your car breaks down.
     
    minstrel, Apr 3, 2005 IP
  9. anthonycea

    anthonycea Banned

    Messages:
    13,378
    Likes Received:
    342
    Best Answers:
    0
    Trophy Points:
    0
    #9
    Many have said that Microsoft can not fix Windows without starting over Minstrel, that it has fatal flaws, you have not addressed the link I left in my prior post that shows that there is a major flaw in IE & Outlook right now that Microsoft has not addressed.
     
    anthonycea, Apr 3, 2005 IP
  10. noppid

    noppid gunnin' for the quota

    Messages:
    4,246
    Likes Received:
    232
    Best Answers:
    0
    Trophy Points:
    135
    #10
    I agree with you for the most part on your position and statements. However, I can't agree that the M$ patches are pre-emptive enough or can or ever will be.

    They are patching code that has no business in public. The OS was flawed from conception. That is not debatable really IMO or the opinion of writers from most tech camps that "are" respected authorities are the subject.

    Even if you like windows, I use it, it's just not right. You and me can fend well I'm sure, but can my mom without my help or my neghbors kid doing research? No they can't. They need a whole array of 3rd party tools. Again me and you know, they probably don't.

    I realize that can be said for either OS, but the reality is that M$ uses it's hardware ties with machine makers to present what is billed as a usable appliance. It's just not that though. Hell, they won't even take any responsibility in the TOS, you assume all risk.

    IMO it's just plain false advertising.
     
    noppid, Apr 3, 2005 IP
  11. noppid

    noppid gunnin' for the quota

    Messages:
    4,246
    Likes Received:
    232
    Best Answers:
    0
    Trophy Points:
    135
    #11
    Further more even. That's a bullshit statement. PERIOD.

    This is not about if an end user failed to do their part. It's about M$'s inability to be preemptive.

    Nice try though at deflecting the point to sensationalism. As I mentioned yesterday, debaters like that bore me.
     
    noppid, Apr 3, 2005 IP
  12. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #12
    Does the open source community indemnify you against risk if you use Linux?
     
    minstrel, Apr 3, 2005 IP
  13. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #13
    How is it bullshit? It is directly related to my comment about how the two major viruses that attacked in 2003 could have been avoided if the available security patches had just been downloaded and applied. They WERE preemptive. But many ISPs and individual users running Windows were NOT preemptive and that caused the problem.

    Ditto. Linux fanatics who prefer delusion to reality bore me.
     
    minstrel, Apr 3, 2005 IP
  14. nullbit

    nullbit Peon

    Messages:
    489
    Likes Received:
    19
    Best Answers:
    0
    Trophy Points:
    0
    #14
    Except that's not always an option. Microsoft have a habit of creating patches that break previous functionality, and introduce new vulnerabilities. Many enterprise environments intentionally avoided upgrading their systems to SP2, because SP2 broke core application functionality (specifically any applications that required use of the loopback interface would brake). Secondly, SP2 introduced *new* vulnerabilities with it's flawed revisions of the security zone system. Essentially, either way, they're f**ked.
     
    nullbit, Apr 3, 2005 IP
  15. J.D.

    J.D. Peon

    Messages:
    1,198
    Likes Received:
    64
    Best Answers:
    0
    Trophy Points:
    0
    #15
    You have to face it - you are going against a religion and there is no argument in the world that will make some of the folks you are arguing with change their mind.

    J.D.
     
    J.D., Apr 3, 2005 IP
    minstrel likes this.
  16. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #16
    Actually, given your logic, no matter what Microsoft does, they are "f**ked" -- if they didn't patch the vulnerability, you'd condemn them. If they do, and third party applications have to release their own fixes to incorporate the fix, you'd condemn them.

    As for new vulerabilities being discovered after patches have been released, you're surely not going to try to claim that doesn't happen with open source, are you? Do I really have to post the long list of serial vulnerabilities and patches for various Linux distributions? or for Firefox?

    Again, my intent here is not to flog Linux or open source. My intent is to point out the hypocrisy and/or ignorance in the claims of invulnerability from open source zealots.
     
    minstrel, Apr 3, 2005 IP
  17. anthonycea

    anthonycea Banned

    Messages:
    13,378
    Likes Received:
    342
    Best Answers:
    0
    Trophy Points:
    0
    #17
    It has nothing to do with beliefs as you both mention, but reality, Windows is a flawed OS, Patch of a Patch (SP2 = Super Patch) OS with layers of flawed code on top of flawed code (M$ anti-spyware that has conflicts with common software downloading protocols and eats hard drives when this happens), but the EULA states that they will give you $5.00 for your hard drive if you lose all your data.

    JD neither you or Minstrel have commented on the link I left in post # 3 in this thread, why not?
     
    anthonycea, Apr 3, 2005 IP
  18. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #18
    Like he said:

    :D
     
    minstrel, Apr 3, 2005 IP
  19. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #19
    I didn't read it. What did it say?
     
    minstrel, Apr 3, 2005 IP
  20. nullbit

    nullbit Peon

    Messages:
    489
    Likes Received:
    19
    Best Answers:
    0
    Trophy Points:
    0
    #20
    Actually they have a third option, fix the problem competently. The example with SP2 was *eventually* fixed by Microsft, which demonstrates that it was their fault/responsonbilty, and not third parties.

    This is the thing, I don't actually see anyone here claiming open source software or linux is invulnerable - so I don't see the point to your arguments.
     
    nullbit, Apr 3, 2005 IP