RE: [SLUG] Insight on Code Red II

From: Grantham, Patrick (Patrick.Grantham@vacationclub.com)
Date: Thu Aug 09 2001 - 09:01:27 EDT


Presumably, these exploits have workarounds or fixes. As a learn more of
Linux, I need to learn what they are so as to avoid them.

-----Original Message-----
From: Wyly Wade [mailto:wyly.wade@forefrontinc.com]
Sent: Wednesday, August 08, 2001 7:51 PM
To: slug@nks.net
Subject: RE: [SLUG] Insight on Code Red II

There are several exploits that allow root access within linux there are
few windows exploits that allow you control of the machine other dds or
flood attacks.

I am an advocate for opensource and have spent hundreds of hours
contributing to it as well as working with it. I feel there are many
merits to stand on for the different linux distro's but I would not
actively say that security is at the top of that list.

Wyly

-----Original Message-----
From: Grantham, Patrick [mailto:Patrick.Grantham@vacationclub.com]
Sent: Wednesday, August 08, 2001 1:38 PM
To: 'slug@nks.net'
Subject: RE: [SLUG] Insight on Code Red II

Please site your best example of a (flaw, can't call it bug) that
creates an
serious a security concern in Linux as Windows. I'm not being
argumentative, I want to here your opinion.

-----Original Message-----
From: Wyly Wade [mailto:wyly.wade@forefrontinc.com]
Sent: Wednesday, August 08, 2001 11:45 AM
To: slug@nks.net
Subject: RE: [SLUG] Insight on Code Red II

***Disclaimer***
I am not a windows advocate
***end Disclaimer***

Bugs and exploiting of bugs is a fact of software. Linux and Windows
share the amount and level of bugs pretty equally. The reason you do not
hear about the Linux exploits nearly as much is only because it does not
have the level of media attention that MS does. I would offer that most
of the exploits in windows are primarily harmless or just DOS attacks
which can be fixed architecturally. Most of your Linux bugs seem to
offer more visibility for a remote user to exploit more than the common
widows bug. I would be leery jumping up and down about the quality of
security in Linux because while it has different strengths than windows
it also has some extreme weaknesses as well.

Just my .02$

Wyly Wade

-----Original Message-----
From: William T. Wright [mailto:t.wright1@mindspring.com]
Sent: Tuesday, August 07, 2001 6:56 PM
To: slug@nks.net
Subject: Re: [SLUG] Insight on Code Red II

Code Red is just another example of the poor security in the MS-Windows
OS,
right up there with the "Back Orifice" hack, MS-Outlook, and that silly
cartoon paperclip. If anything, these virus/worm/trojan-horse scares
should
make it pretty obvious that MS-Windows is vulnerable to all kinds of
malicious code, and it won't get any better.

One of the reasons I migrated off of MS-Windows was to have something
with
some degree of immunity. Granted, there are viruses out there that go
after
Linux/Unix boxes, but it seems target-#1-with-a-bullet is
MS-Windows.Some of
it has to do with Windows' monopoly position on the desktop, but a big
chunk
of it has to be its vulnerability. Criminals prey on the weak. All those

*.vbs scripts that exploit MS-Outlook's weaknesses don't work on KMail,
and I
have no "explorer.exe" to overwrite or corrupt. It little like trying to

infect a dog with the common cold.

These scares look like a good opportunity to politely show off the
built-in
security features of Linux and Unix. Those "honey pot" Samba servers can
make
for a convincing argument. Microsoft rushed a patch out to correct this
problem, another band-aide. One of these days, a smark cracker is going
to
develop a Superflu that's going to really raise havoc for MS-Windows
users,
something like Jim Beamguard's "Virtual Havoc" piece in last Sunday's
Tribune, only worse. It's time to stop wearing that big MS-Windows
bullseye.
Linux offers a very attractive alternative.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:54:36 EDT