Is Linux really more secure than Windows? Linux book author Peter Harrison believes the answer is largely a matter of perspective. Click here to read the complete column at SearchEnterpriseLinux.com. In addition, here is a writeup of p0f, a passive fingerprinting tool.
External to its GUI faÇade, the Linux command line is complex and often not very intuitive. This can deter administrators from securing their systems correctly due to the perceived difficulty.
Not really,on Linux it all comes down to editing (config)files.A good GUI can be faster to operate but doesn’t have to be necessarily simpler.What’s added is extra code and thus more to maintain by the security team (the code itself).
Sometimes a GUI can replace boring tasks very well.But in order to lock down a Linux box you need first of all knowledge
and wether you have an intuitive GUI doesn’t influence system security per se.You still preferrably know what you are doing.
Tools, such as ACID, can then analyze this information and match it against known attacks that can pass through firewalls.
How will tools like ACID or snort make a distinction between legitimate and rogue dns traffic at peak hours?Don’t you think the real ones know most of what is checked for?So in fact you introduce a step-stone for them to further penetrate the network.Those tools are only usefull for forensics when the harm has been done.Forensics is mostly very cost intensive.
For servers that have to be really secure i would like to see them hardened,with for eg: RSBAC or Grsecurity,OpenWall,etc.So that even when some service gets exploited the change of harm done is minimal.The leaque who still is capable of doing something gets smaller and smaller.100% secure is a utopia.
Not really,on Linux it all comes down to editing (config)files.A good GUI can be faster to operate but doesn’t have to be necessarily simpler.What’s added is extra code and thus more to maintain by the security team (the code itself).
Conversely, look at the horror story of trying to set an environment variable in Windows.
God what a bunch of crap. Why don’t these articles just say “I like this one, and don’t like this one?” IMO, any “admin” who would rather point-n-click his way through administration rather than hitting the command line isn’t worth his salt.
God what a bunch of crap. Why don’t these articles just say “I like this one, and don’t like this one?” IMO, any “admin” who would rather point-n-click his way through administration rather than hitting the command line isn’t worth his salt.
I occasionally do like to use a GUI for some tasks. That said, it’s not my common mode when dealing with admin issues.
No command line. No job for you!
–AdminNazi
The only good way to compare security is for each platform to send a expert admin. to secure their respected computer with public available patch and update. Then put both systems on the internet to face the music.
All the text in this post is in my opinion for entertainment purposes only:
The funny thing is: If an operating system is closed source how can the one who is trying to secure it to make a comparison (and can’t see the source) ever really be sure it’s secure? There will always be a number of unknowns and limitless possibilities in the rabbit hat of fate that can [may/will/do] occur when you work with something with hidden/secret internals.
At best, IMO, all the user can do is really guess, hope, and pray.
Define secure.
>There will always be a number of unknowns and limitless possibilities in the rabbit hat of fate that can [may/will/do] occur
Yes, a software which is closed source can print your credit card number and expiration date on your home printer, put it into standard size envelope, lick and attach a postal stamp and mail it to undisclosed location somewhere in Siberia.
An open sourced software, in contrary, will never call mother server through the Internet to let that server know if user just installed a copy of software first time- or reinstalled it. Never happens.
This reminds me of the (now) ancient “real webdesigners do it with notepad”
Its really pathetic to require the admins to do their work through the command line. When administering corporate networks of some size you would just waste time by solely using the command line. But for some tasks you would be better of using the command line or scripts.
“some tasks” I would say MOST tasks, especially remote administration!
and what is wrong with notepad actually I occasionally do website design and I prefer to “do it” by hand I want to say that I designed the page not some GUI and that the code is like it is because I wanted it that way….
And I would say that being a adminstrator for a larger corporation of some size that the commandline would be of MORE use not less….
What are you on? By saying you can’t see the source of closed source software then it must be doing things you don’t approve of. What the? Can you not scan your closed source software with network sniffers and firewall logs if you’re really paranoid to see if it’s trying to phone home. Try that then take off the tinfoil hat.
Just because software is open source doesn’t mean I’m going to read all the code to ensure it’s safe. Do you? What end user does? Do they have nothing better to do?
By the way about 90% of users and businesses manage to trust closed source software with no ill affects.
>What are you on?
Sarcasm: A form of wit that is marked by the use of sarcastic language and is intended to make its victim the butt of contempt or ridicule.
Whoops. Sorry.
NNNNNNNNNNOOOOOOOOOO leave the tinfoil hat on or else the scanners will get you…. or MAYBE the tinfoil hat makes you easier to pick up and scan….
anyway, you cannot compare the two, the very nature of windows screams insecure….
(no i didnt read the article)
Cause’ AFAIK many vulnerabilities on windows thrive on missconfigured registry and other windows files
Just thing about it
“Can you not scan your closed source software with network sniffers and firewall logs if you’re really paranoid to see if it’s trying to phone home.”
But by the time such traffic is discovered, it could already have been (or be) too late, depending on the information already disclosed.
Some may think “Russian Guy” was being funny, or maybe he had a point. I’d rather not play Russian Roulette with such funny quips and instead use open source rather than closed source and take the gamble of the unknowns.
Maybe a GUI is simpler to understand at first, but you lose flexibility with it.
Also, imagine administrating 100 remote sites, I for one would much rather do so through SSH than through some GUI like Terminal Server or VNC. No matter how fast of a connection you have, round-trip latency will always be annoying when navigating a GUI.
Managing a small number of local servers: GUI
Managing a large number of servers, local or remote: command line
It all somes down to Power.