In the Spirit of Ipod One....

[jterrell]

I'd just like to know why linux is more stable? What is "less stable"? This windows box was built almost 2 years ago now, and gets rebooted about 1 every 6 months, when I scrape together enough cash to put a new piece of hardware in it. I think I have had 1? Maybe 2 crashes in that time? And it was my own fault (Overclocking has its advantages but aint worth the expense in the end...)

You don't need a "Media Center" pc to set up a HTPC. A decent TV and reciever will do the trick with your HTPC, I had a shuttle hooked up as a HTPC for months with straight up Windows XP, the only reason I changed was because I wanted a multi disk player (Now have a 3 disk changer no need for HTPC). My digital sound is still hooked up, EQ2 has some great environment sounds !

Don't get me wrong, *Nix has its place in the world. I mean if it wasn't *Nix users the pc world would be desperatly void of virus' and trojans and keyloggers, hackers, crackers, pharmers, phishers, etc... ! (j/k) Your average user is not a *Nix user. Microsoft came a long way with XP SP2, they admitted a lot by "fixing" all the things it did. Windows gets a bad rap more because of a lot of poor 3rd party programers and developers than it deserves, but its all a part of the game. !!! However, I will say that mandrake is pretty good and easy to use for a n00b. And the mandrake community is pretty much like JTerrel is, pretty easy going and helpful.

Your only caving to the "man" if you pay the "man"...

I also agree about the apple monster !

Ahem... As for playlists... yeah...

If your XP box stays up more than 6 months then you should really be working for Bill Gates because Microsoft has an embedded memery leech which means programs never fully release memory. Thats why Microsoft themselves on even 2003 server editions recommend monthly reboots.
All that said my linux box has been up for however long it has been since we had a power hit in my area. It didnt crash then but I did shut it down before the battery backup went out.

I have worked with thousands of boxes on the enterpise level and none of them came close to locking up as often as Windows boxes.

Windows runs everything as root. Thats why you get phished, hacked, scammed, virii. If you allow a process to run you give it complete authority on your pc.

The default install on Windows XP with sp2 is about as secure as an unlocked car. In fact only 24% of the sysadmins use SP2 on their Microsoft installs according to one study.

In the end it is up to you but Windows is a really crappy product and anyone with exposure to more than one system understands that. Anyone who has supported it feels it.

My best friend worked for Microsoft as a senior level engineer but only supported their highest level contracts.
He runs linux at home.
--------------------
SP2 And The Damage Done


Article Info
SP2 And The Damage Done
--------------------------------------------------------------------------------
Created:
April 14, 2005
--------------------------------------------------------------------------------
By:
Bruce Gain
--------------------------------------------------------------------------------

Summary:
Many users and IT administrators had a lot to say about Microsoft's removal of the "blocker" mechanism this week, which had temporarily disabled the delivery of Windows XP Service Pack 2 (SP2). THG contacted members of the IT community and spoke with often-cited security experts, who discussed their concerns about the damage SP2 may cause and some cases where the download might really be necessary.



Introduction

The results of a study released last week offered still more proof of just how unenthused IT administrators are about Microsoft's Service Pack 2 (SP2) for Windows XP. According to AssetMetrix, fewer than 24% of over 136,000 Windows XP PCs in 251 North American corporations surveyed had SP2 installed.

The study was published only a few days before Microsoft removed the "blocker" mechanism that had temporarily disabled the delivery of SP2. This past Tuesday, Microsoft made it official that PCs must have SP2 in order for Windows XP updates and security patches to be downloaded.

The study did not cite the reasons why IT administrators had not installed SP2 on a significant majority of the PCs in the survey. Was it because the admins, who are so often overworked and understaffed in today's corporate world, did not have the time to do the necessary updates? Were they unaware of what Microsoft says are necessary security features in SP2? Or are they just plain lazy?

After speaking with IT administrators down in the trenches, the answer is "none of the above". The main reason so many IT administrators do not opt for SP2 is concern about the system damage it can cause. This can even lead to the infamous "blue screen of death", when Windows will not even boot up (see Windows XP a Goner? First Aid for your Windows PC for ideas of what to do when that happens).

Microsoft even acknowledges the risk in its documentation for professional Windows users.


"There's already been wide trade-press coverage of compatibility issues discovered - embarrassingly, rather late in the beta process - with Microsoft's own CRM software and the popular Halo game," Microsoft says. "Fortunately, these issues have already been resolved (see the products' respective websites), as have a few other snags with third-party firewalls and other tools. But the lesson remains: IT pros need to be cautious and methodical when rolling out this, or any new software update."

Incompatibility problems are nothing new since Microsoft released SP2 in August 2004, and users have proceeded with extreme caution. For those who have successfully installed it, the issue has often been securing the necessary drivers from peripheral or software vendors to solve the compatibility issues. For the average user needing to get his or her digital camera to work, or to play games like Halo - yes Microsoft's own Halo did indeed have compatibility problems with SP2 in the beginning - all that is usually required is to go to the vendor's site to download the requisite drivers. However, consumer users have reported more serious problems upon SP2's installation, such as system crashes.

For IT administrators dealing with often hundreds or thousands of different PCs, the problem is exponentially compounded compared to the issues a consumer faces. Legacy middleware software specifically configured for a given network often poses particular compatibility issues, and system failures have been reported. For many, the decision to block SP2's installation given the system risks was not a hard decision to make, which also helps to explain the lack of PCs with SP2 in the AssetMetrix study.

 

[Khartun]

The default install on Windows XP with sp2 is about as secure as an unlocked car. In fact only 24% of the sysadmins use SP2 on their Microsoft installs according to one study.

While this is true, so is a basic install of Linux. With any OS you need to know what to do to make it secure.

 

[adbutcher]

My system is rock solid but I make sure my spyware detection is updated, I've download the latest security updates, and my virus definitions are current. If you don't do any of the aforementioned then you are asking for trouble.

Prior to XP, I agree Windows was a mess now it is whole lot better. Is it perfect? No OS is but as far as support and ease of use it is unparallel.

IMO, Linux UI tries to emulate windows. Why? Because it is easy. I am on a fixed schedule and I don’t have time to tweak and fiddle with loading new software or hardware. However, I do have a curiosity about Linux but when I initially tried to understand it beyond Knoppix I was met with some of the most pompous people on the net.

When I finish school this summer I will probably give it another shot but I don't think it will ever be my primary OS. However, I am receptive to change and if it proves itself to be the better OS I will make the switch.

 

[jterrell]

While this is true, so is a basic install of Linux. With any OS you need to know what to do to make it secure.

No it is not true with any linux distro I know of.

In linux all ports are turned off and you have to give things rights not vice versa as in Windows. Feel free to name the distro that has real security issues on a default install.

The only place you find an argument that windows is safe is at microsoft.com or from a paid consultant/partner to microsoft.

The most secure you can do is Mainframe. Governments, colleges and big business run on Mainframe/VMS/Unix with Windows just app server front ends for client logins.

Mainframe>VMS>Unix>Linux>Mac>Dos/Windows.

In Microsoft the base security issue is that every process has root privelidges and in linux that is not at all the case.
95% of all Windows help desk callers are told to reboot their pc.

Microsoft just released another security patch and as I live and breath I have to log off to reboot because in 5 minutes this pc will shut down due to the latest push via SMS from our trusty desktop department.

 

[jterrell]

My system is rock solid but I make sure my spyware detection is updated, I've download the latest security updates, and my virus definitions are current. If you don't do any of the aforementioned then you are asking for trouble.

Prior to XP, I agree Windows was a mess now it is whole lot better. Is it perfect? No OS is but as far as support and ease of use it is unparallel.

IMO, Linux UI tries to emulate windows. Why? Because it is easy. I am on a fixed schedule and I don’t have time to tweak and fiddle with loading new software or hardware. However, I do have a curiosity about Linux but when I initially tried to understand it beyond Knoppix I was met with some of the most pompous people on the net.

When I finish school this summer I will probably give it another shot but I don't think it will ever be my primary OS. However, I am receptive to change and if it proves itself to be the better OS I will make the switch.

You are absolutely right. Linux has tried very hard to emulate the Windows GUI. I am NOT a fan of that because using the gui makes us all dumber.

Learning what the button you click does helps alleviate problems and empowers us to solve issues wihtout paying for help.

The linux community resolves issues for free and you do not have to call India

Whenever you do decide to give it another shot lemme know and I'll send you a dvd of the distro you want and work with you on getting it set up the way you want.

Linux is much more configurable and is a power users dream with 4 seperate desktops easily setup, prioritizing applications so you get say 5 firefox tabs open but not eating up all your memory as they do in windows.

Linux guys do tend to be snobs but its because they have used windows a lot and know the good and bad of both while windows users have either no or very limited exposure to linux. I can tell you how to do pretty much anything you want on a windows box, I'd just rather do it on linux box.

 

[Khartun]

No it is not true with any linux distro I know of.

In linux all ports are turned off and you have to give things rights not vice versa as in Windows. Feel free to name the distro that has real security issues on a default install.

The only place you find an argument that windows is safe is at microsoft.com or from a paid consultant/partner to microsoft.

The most secure you can do is Mainframe. Governments, colleges and big business run on Mainframe/VMS/Unix with Windows just app server front ends for client logins.

Mainframe>VMS>Unix>Linux>Mac>Dos/Windows.

In Microsoft the base security issue is that every process has root privelidges and in linux that is not at all the case.
95% of all Windows help desk callers are told to reboot their pc.

Microsoft just released another security patch and as I live and breath I have to log off to reboot because in 5 minutes this pc will shut down due to the latest push via SMS from our trusty desktop department.

I will usually not debate the different types of systems because everyone has their favorite and will defend it to the end. I personally can see positives and negatives of all of the 3 major systems( Win, Mac, Linux ) I work with a ton of graphic artist who are absolutely convinced that Macs are the only machine that anyone should ever use, but you couldn't pay me to buy a Mac. There are so many problems with Macs. Try to multitask on a Mac. Good Luck, and don't get me started on the font issues.

Anyway, I just installed FC3 on a box and then ran a port scan on it. All ports are NOT turned off by default on a linux box. SSH and Sun RPC are on by default. Both of which are insecure. The default SSH config allows for root login and allows SSH1 protocol. The sunrpc is notorious for allowing hackers access.

Neither Win or Linux is secure "Out of the Box". Both have to be configured to be that way. I would never let any machine, regardless of type, on a network until I have completely secured it.

 

[Gibby!]

I will usually not debate the different types of systems because everyone has their favorite and will defend it to the end. I personally can see positives and negatives of all of the 3 major systems( Win, Mac, Linux ) I work with a ton of graphic artist who are absolutely convinced that Macs are the only machine that anyone should ever use, but you couldn't pay me to buy a Mac. There are so many problems with Macs. Try to multitask on a Mac. Good Luck, and don't get me started on the font issues.

Anyway, I just installed FC3 on a box and then ran a port scan on it. All ports are NOT turned off by default on a linux box. SSH and Sun RPC are on by default. Both of which are insecure. The default SSH config allows for root login and allows SSH1 protocol. The sunrpc is notorious for allowing hackers access.

Neither Win or Linux is secure "Out of the Box". Both have to be configured to be that way. I would never let any machine, regardless of type, on a network until I have completely secured it.

I agree with ACF, I dont want to argue about different flavors of distros of literally hundreds of OS's, but just for the record, I am an Information System Security Specialist (I may not be very good but thats another thread for another time...) and I can point you to a list (Not available on the "public" internet), of vulnerabilities within EACH VERSION of linux distro's as well as Windows, Macs, etc. It's a rather extensive database...

If every port on every linux box is closed by default, then how can I do a base install and immidiatly connect to the internet and begin recieving instant messages (Through BUILT IN chat programs) without configuring anything but the NIC, no firewall adjustments nothing, just begin receiving them?

And the thing about the pharming phishing etc was a joke (one of the linux guys here used to joke about sending us all virii ). Windows does NOT run everything as "root", it only runs things as root if you allow them too. A good sys admin of either OS always has two accounts, one with "root" access, and one without, and thier primary is always the one without, I wonder why... Just one more reason to NOT give general users "root".

This isn't an argument or a debate really, I actually happen to like linux and met (and work with) several people that wont even consider using a windows box. But they always come to me and ask me to run this or run that, because they cant find suitable similar products for Linux. It truly is the last remaining "free" Operating System that is available and I applaud the entire communities efforts in keeping it that way and doing thier best to keep us "non techy" sys admins out of trouble .

The bottom line is, if you don't know how to lock down any kind of box your going to have issues. No matter how much third party software you pay for or otherwise acquire.

Oh and what the heck is a memory "leech". You mean you close an app and it not only continues to utilize memory but grows in size as well? I have never experienced this phenom called a "leech" in regard to memory usage and utilization. I have however "leeched" :

 

[adbutcher]

You are absolutely right. Linux has tried very hard to emulate the Windows GUI. I am NOT a fan of that because using the gui makes us all dumber.

Learning what the button you click does helps alleviate problems and empowers us to solve issues wihtout paying for help.

The linux community resolves issues for free and you do not have to call India

Whenever you do decide to give it another shot lemme know and I'll send you a dvd of the distro you want and work with you on getting it set up the way you want.

Linux is much more configurable and is a power users dream with 4 seperate desktops easily setup, prioritizing applications so you get say 5 firefox tabs open but not eating up all your memory as they do in windows.

Linux guys do tend to be snobs but its because they have used windows a lot and know the good and bad of both while windows users have either no or very limited exposure to linux. I can tell you how to do pretty much anything you want on a windows box, I'd just rather do it on linux box.

I will take you up on that offer. After this summer I will have an abundance of time for Linux, MMORPGs, and doing nothing.

Also I got my terastation yesterday and it is SWEEEEET! I have it setup in a Raid 5 so I am not getting a full terabyte of storage but the level of redundancy is unparallel.

 

[jterrell]

I will take you up on that offer. After this summer I will have an abundance of time for Linux, MMORPGs, and doing nothing.

Also I got my terastation yesterday and it is SWEEEEET! I have it setup in a Raid 5 so I am not getting a full terabyte of storage but the level of redundancy is unparallel.

When you get to MMORPGs let me know and I'll try to get you hooked up with gear on WoW. EQ2 is better but my friends play WoW becaus eit has lesser hardware requirements.

 

[jterrell]

I agree with ACF, I dont want to argue about different flavors of distros of literally hundreds of OS's, but just for the record, I am an Information System Security Specialist (I may not be very good but thats another thread for another time...) and I can point you to a list (Not available on the "public" internet), of vulnerabilities within EACH VERSION of linux distro's as well as Windows, Macs, etc. It's a rather extensive database...

If every port on every linux box is closed by default, then how can I do a base install and immidiatly connect to the internet and begin recieving instant messages (Through BUILT IN chat programs) without configuring anything but the NIC, no firewall adjustments nothing, just begin receiving them?

And the thing about the pharming phishing etc was a joke (one of the linux guys here used to joke about sending us all virii ). Windows does NOT run everything as "root", it only runs things as root if you allow them too. A good sys admin of either OS always has two accounts, one with "root" access, and one without, and thier primary is always the one without, I wonder why... Just one more reason to NOT give general users "root".

This isn't an argument or a debate really, I actually happen to like linux and met (and work with) several people that wont even consider using a windows box. But they always come to me and ask me to run this or run that, because they cant find suitable similar products for Linux. It truly is the last remaining "free" Operating System that is available and I applaud the entire communities efforts in keeping it that way and doing thier best to keep us "non techy" sys admins out of trouble .

The bottom line is, if you don't know how to lock down any kind of box your going to have issues. No matter how much third party software you pay for or otherwise acquire.

Oh and what the heck is a memory "leech". You mean you close an app and it not only continues to utilize memory but grows in size as well? I have never experienced this phenom called a "leech" in regard to memory usage and utilization. I have however "leeched" :

I am going to address both posts here because they would basically say the same thing.

You are both factually and technically 100% correct.

Linux having secure shell and rcp for sun open are security risks the way carrying cash on you is. Installing a windows box and running it is much more like leaving all your money in the alley every night. When I am arguing security I argue actual occurences not theory. Ever run a spyware scan on a linux box and come back with even one hit? Ever run one a windows box for the first time in a month and not come back with something?

Should you make both more secure? Well you can. And as an ISSSP I am sure you would. I do not think you need to at home. Linux/Solaris/Unix boxes dont get targeted enough to make it necessary and it is very dificult to break into those ports with any rights. But as linux grows in popularity it could quickly become an issue.

I used to argue with one of the Windows guys here but then I did a tracert got his IP and sent him a remote logoff prog that shuts down your system and gives you a little pop up message. I sent him BILL GATES has your money and your soul, the system will be rebooted in 45 seconds. I canceled it before the reboot but he had a whiteface.

The friend I mentionned above is an ISSSP as well.

You can count on one hand the number of virii ever released that effects linux/Unix.

I always leave ssh open because thats how I remote in to the box. If three attemps are made and fail the port closes. Its more secure than an rhosts file and rhosting in.

Changes can be made to your registry in windows NT without being logged on the admin account. I am not authorized on this pc right here as an admin but I have installed firefox, activestate Perl, and mnay other apps I chose to. I also can turn off the USMT/SMS functions and disallow any remote updates admins want to make.

 

[Khartun]

I am going to address both posts here because they would basically say the same thing.

You are both factually and technically 100% correct.

Linux having secure shell and rcp for sun open are security risks the way carrying cash on you is. Installing a windows box and running it is much more like leaving all your money in the alley every night. When I am arguing security I argue actual occurences not theory. Ever run a spyware scan on a linux box and come back with even one hit? Ever run one a windows box for the first time in a month and not come back with something?

Should you make both more secure? Well you can. And as an ISSSP I am sure you would. I do not think you need to at home. Linux/Solaris/Unix boxes dont get targeted enough to make it necessary and it is very dificult to break into those ports with any rights. But as linux grows in popularity it could quickly become an issue.

I used to argue with one of the Windows guys here but then I did a tracert got his IP and sent him a remote logoff prog that shuts down your system and gives you a little pop up message. I sent him BILL GATES has your money and your soul, the system will be rebooted in 45 seconds. I canceled it before the reboot but he had a whiteface.

The friend I mentionned above is an ISSSP as well.

You can count on one hand the number of virii ever released that effects linux/Unix.

I always leave ssh open because thats how I remote in to the box. If three attemps are made and fail the port closes. Its more secure than an rhosts file and rhosting in.

Changes can be made to your registry in windows NT without being logged on the admin account. I am not authorized on this pc right here as an admin but I have installed firefox, activestate Perl, and mnay other apps I chose to. I also can turn off the USMT/SMS functions and disallow any remote updates admins want to make.

My only point is that neither is secure as it is after install. You must harden them before putting them online or you run the risk of attack. I wouldn't want anyone thinking they can just install linux and solve all their problems because that is far from the truth. Granted, some of us can install linux, secure it and be fine but your basic user is not necessarily going to be able to do that.

You do bring up a great point though about popularity. Is Win really that much more insecure than any other system? Probably not. Windows just has millions more users. A hacker or someone writing a virus is going to want to focus on the system where they can do the most damage. Hence IE always getting exploited and not Firefox. If Linux takes market share someday, everyone will be cussing Linus and their particular distro. I have a feeling if they started focusing on Linux it would be just as bad if not worse than Windows.

I'm not sure I follow your logic that having a Linux box with RPC listening to a port is theoretically a security risk. It has been exposed many times. Maybe not as many times as someone has figured out a way to load spyware through IE, but that goes back to the popularity issue. Spyware really doesn't concern me near as much as a hacker dropping a root kit, trojan or exploit of some sort on my linux box and bringing down my mail server.

I'm not anti-linux by any means. If I am setting up a mail server or a web server I will definitely use a Linux box. I'm not anti-windows either though. I don't think computing would be anywhere near as advanced as it is now without Bill Gates and Company. I think they are both prone to infection but as long as you stay on top of updates and security you should for the most part be fine.

I guess we can just agree to disagree on this subject. Good discussion though.

 

[Gibby!]

Unfortunatly I am not an ISSP. Just a sys admin who has been assigned additional duties...

Thats one helluva big hand:
http://www.viruslist.com/en/viruslistfind.html?findWhere=011&findTxt=linux

http://www.securityfocus.com/bid/vendor/

I'm not anti-linux by any means. If I am setting up a mail server or a web server I will definitely use a Linux box. I'm not anti-windows either though. I don't think computing would be anywhere near as advanced as it is now without Bill Gates and Company. I think they are both prone to infection but as long as you stay on top of updates and security you should for the most part be fine.

Exactomundo...

 

[Yeagermeister]

You do bring up a great point though about popularity. Is Win really that much more insecure than any other system? Probably not. Windows just has millions more users. A hacker or someone writing a virus is going to want to focus on the system where they can do the most damage. Hence IE always getting exploited and not Firefox. If Linux takes market share someday, everyone will be cussing Linus and their particular distro. I have a feeling if they started focusing on Linux it would be just as bad if not worse than Windows.

My feelings exactly. I have nothing against Linux or Mac but I also have nothing for them.