Security and the much needed unification of servers
Today news sites repeated the monthly Microsoft execute says “Linux is insecure” articles. And while they are comparing apples with eggs (as Linux distributions ship with far more servers and network services than Microsoft offers), it’s hard to deny the fact that Linux is also insecure. Essential and security critical packages like OpenSSH, LSH and OpenSSL had exploits in the last weeks and this should have convinced the last conservatives that it is not possible to write a complex server in C without having a remote exploit per year. All these exploits were caused by manual memory management that is relatively hard to avoid in C. But that’s not even the point that I want to make, you can also have security problems in other languages. What free software (and also the proprietary competition mostly) lacks is a way to make securing your computer easy.
Let’s assume a somewhat experienced user wants to find out which TCP/UDP ports are open, reconfigure all servers to accept only local IP addresses and otherwise shut the service down. In an ideal world the user could use some administration GUI to get a list of all ports that are open, with a user friendly service name (not the path of the binary!) for each port. Then the user right-clicks each of them and selects “Configure this service", a configuration GUI for the service appears and the user does the neccessary configuration.
[ Read more ]
- News: Ballmer: Windows is as secure as Linux (22 October 2003)
- News: Linux more secure than Windows XP (16 October 2003)
- News: Linux security: good enough (23 September 2003)
- News: Linux approved for use on sensitive computers in the US (6 August 2003)
- News: Reality check: how safe is Linux? (11 June 2003)
- News: Which is buggier - Windows or Linux? (26 May 2003)