A topic of concern in Linux

Alex Snow alex_snow at gmx.net
Tue Jan 20 06:24:46 EST 2004 

about windows 95 password security: I have some c source here that 
will decript a windows 95 password in about half a second on an sgi 
challange from 1995. that's pretty shitty security.
On 
Mon, Jan 19, 2004 at 10:29:42PM -0500, Tom and Esther Ward wrote:
> Hi, when comparing Linux to Windows for internet security you need to keep
> many factors in mind.
> 
> 1. The Linux operating system has contained innetwork
> firewall for years before Microsoft decided it was a good idea to add one to
> XP. A firewall is very helpful for blocking access to your internet ports,
> and controles what access is allowed in and out. Including blocking data
> traffic from a addware such as spy ware.
> 2. Linux ships with port scanners such as nmap which is very helpful in
> determain what ports are opened and closed, and you can adjust your system
> services and firewall to secure them.
> 3. Linux password security for many years was and in ways is still more
> secure than MS Window's.
> For example for many years all passwords in Linux has been md5 encrypted,
> and unlike Windows 95 and 98 the old hit the escape key trick would never
> work If you pick a good password a brute force attack is really unlikely on
> cracking a md5 encryption, but not impossible.
> Do you think a Window's XP password is secure? No it isn't, because that
> admin password is stored in the system registry, and yes you can hack the
> admin password and change it remotely. You can't as easily do that in Linux,
> and there is no registry to worry about.
> 4. Worm's and virus's don't have as much success in Linux do to a totally
> user permission environment. Number the Outlook Express virus's that pop up
> using VBA scripts have 0 chance of success because balsa, mutt, pine, and
> other emails don't have such garbage as Outlook scripts.
> So the only way a virus really can get on your system is if you clicked on
> it, or installed it.
> It couldn't shutdown your system, format your hard drive, nuke your kernel,
> or half the stuff Window's virus's enjoy because if they don't have root
> permissions they are done.
> 5. Cookies aren't really a big deal as you can of course refuse to except
> them if you wish. Even MS Window's will allow you to choose to accept a
> cookie. So I tend only to accept a cookie from a site where it appears to be
> safe or useful.
> 6. Even though Mozilla is far from accessible yet it does have pop up
> blockers, cookie filters, and various other nifty security tricks I feel
> Internet Explorer lacks.
> 7. Most distros such as Red Hat, Mandrake, have erottas which announce
> discovered bugs, security holes, and they have a great turn around for
> getting the patches posted.
> 8. Linux is open source and the code is checked by several people to see
> that it is clear of back doors, trogens, and various other things which
> happen to slip in to window's software, because no one can really check
> Microsoft to make sure that they didn't put a nice little spyware in there
> to spy on you or that they have a unknown port open where they use as a nice
> little back door.
> 9. Linux has very good logs which if you know what to look for you can use
> them to great effect to see if someone tried to break in, pinged you, that
> someone tried to access a port, bla bla bla.
> 10. The majority of hacks, cracks, virus's, worms and so forth are
> specifically directed towards MS Window's. As such the tricks that made big
> name virus's like Melissa, Pritty Park, the new Swin virus's so popular are
> dead upon hitting a Linux system.
> Once upon a time when i started using Linux I use to save all infected pine
> attachments, and had a zip disk of pritty park, kagro, and a string of other
> virus's that hit my inbox and then died on my box because it couldn't do
> anything else.
> 
> Bottum line MS Window's operating systems were not designed for something
> like the internet. If you remember 3.1 the internet was something you added
> on by getting a dialer, web browser, and made it work. As the internet grew
> Window's was found horribly unsecure by such common examples of walking by a
> buddies Window's 95 computer and pressing escape at the password prompt and
> got in to do whatever whenever.
> In Win 95 I could remotely grab files from a computer simply accessing the
> c: drive using netbios. There litterally was nothing to stop someone from
> deleating or modifying files on that computer once you got in.
> Early versions of Win NT could be crashed remotely simply by doing a packet
> flooding attack using ping.
> Point is that Linux has been rock solid on the internet andon networks for
> keeping the wrong people out or away from crashing it where Microsoft
> Window's has to constantly patch this or that every single time they find a
> major hole the left open.
> 
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
Always borrow money from a pessimist; he doesn't expect to be paid
back.

More information about the Speakup mailing list