Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
Look what I stumbled upon ! What do U all think ? __________________________________________________ ______ August 5, 2003 | Paul Thurrott Linux Rated Less Secure than Windows When Microsoft announced last ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2003
    Posts
    2

    Linux Rated Less Secure than Windows


    Look what I stumbled upon ! What do U all think ?
    __________________________________________________ ______


    August 5, 2003 | Paul Thurrott
    Linux Rated Less Secure than Windows




    When Microsoft announced last fall that the International Organization for Standardization (ISO) had awarded Windows 2000 the highest possible grade in the Common Criteria (CC) security certification, open-source advocates downplayed the honor as insignificant and unrelated to real-world security analysis. This week, however, ISO also awarded Linux the CC security certification, and as one might expect, the open-source community greeted the announcement with cheers. There's just one catch: Linux got a lower security rating than Win2K did last year.
    ISO granted Linux a "low to moderate" security rating, whereas Win2K received a "moderate to high" security rating. According to people close to the certification process, ISO tested Linux for higher security ratings but the open-source solution achieved only the "low to moderate" rating.
    Further dampening the celebration is news that most Linux installations didn't receive the certification. Sponsored by a $500,000 fee that IBM paid, the certification applies only to SuSE Linux and then only when that product is installed on certain IBM hardware. Still, the certification is an important first step for Linux, which is trying to position itself as a viable alternative to Windows in various situations. Microsoft has made significant security-related improvements to Windows since the company launched its Trustworthy Computing initiative a year and a half ago.


    source : http://security-forums.com/forum/vie...d7ae3c7c#54135



    The article was published by these people:



    Need I say any more ?




    Also take this into consieration:

    Then, I read from one post (Atomic Bomb) that the tests do not imply security, but actually measure the depth of documentation...Quote:
    No, Paul, that is incorrect. The certification provided by CC is NOT one that measures security. It simply rates a specific organization's security assurance procedures. I thoroughly understand what CC does since I have dealt with this process directly. Here is a brief quote which clearly describes what I mean:


    "The Common Criteria provides four levels of assurance that are mutually recognized by the sixteen participating countries, EAL1 through EAL4. Naively, one might assume that a product certified to EAL4 is "more secure" than a product certified to EAL1, just like an "A" in a college course indicates better student performance than a "D". But the EAL1-EAL4 scale is only superficially similar to grading systems like the classic D-C-B-A report card. Each ascending level of assurance requires more product _documentation_ rather than more product _security_ per se. EAL4, in particular, requires dozens of documents that can add up to thousands of pages for even relatively simple products. Many of these documents are created solely for the CC process; they serve no other purpose. Often the highest "grades" go to the product vendor with the biggest documentation budget, independent of the real world assurance provided by the targets of evaluation (TOEs)."

    Nothing more than more FUD

    To have a better understanding of the Common Criteria (CC) check:


    Securius Newsletter Vol 4.2 Common Criteria Part 1


    Securius Newsletter Vol 4.2 Common Criteria
    Part 2 Caveat Emptor






    source : http://usalug.org/phpBB2/viewtopic.php?p=1788#1788

  2. #2
    Linux Guru sarumont's Avatar
    Join Date
    Apr 2003
    Location
    /dev/urandom
    Posts
    3,682
    If I'm not mistaken, the ISO was formed, at least in a large part, by Microsoft itself. This article was written by a M$ flunkie and posted on a M$ website. The tests were probably done in a M$ lab, and the results may be completely fabricated. That's what I think about that.
    "Time is an illusion. Lunchtime, doubly so."
    ~Douglas Adams, The Hitchhiker's Guide to the Galaxy

  3. #3
    Linux Engineer big_k105's Avatar
    Join Date
    May 2003
    Location
    Fargo, ND
    Posts
    901
    i was waiting to hear that response from someone. lol
    BIG K aka Kyle
    Programming Forums
    www.kylekonline.com
    Please don\'t PM me for help-- ask in the forums instead!

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Engineer kriss's Avatar
    Join Date
    Jun 2003
    Posts
    1,113
    Its happend before, and it will happen again.

    Lets just face it.

    GNU/Linux is bether!

  6. #5
    Just Joined!
    Join Date
    Nov 2003
    Posts
    1

    If windows is so secure???

    Then why are there so many windows viruses and so few for every other OS in the world?

  7. #6
    Just Joined!
    Join Date
    Nov 2003
    Location
    /dev/null
    Posts
    25
    perhaps that is because there are so many kiddies out there that dont bother to try and understand anything other than M$. And because of this (and other reasons) windows is plagued with the most viruses of all operating systems combined

  8. #7
    Linux Guru sarumont's Avatar
    Join Date
    Apr 2003
    Location
    /dev/urandom
    Posts
    3,682
    The viruses that plague Windex boxen are due to the lack of security in the user department as well as the many exploitable bugs. You don't see virii and such for other OSes (*nix in general) because the user system is more secure. I can't severly screw up my box unless I'm running as root...and I don't run as root. In Windows, you have privledges to do anything and everything (or you have privledges to do nothing and nothing).
    "Time is an illusion. Lunchtime, doubly so."
    ~Douglas Adams, The Hitchhiker's Guide to the Galaxy

  9. #8
    Linux Engineer Giro's Avatar
    Join Date
    Jul 2003
    Location
    England
    Posts
    1,219
    Quote Originally Posted by sarumont
    The viruses that plague Windex boxen are due to the lack of security in the user department as well as the many exploitable bugs. You don't see virii and such for other OSes (*nix in general) because the user system is more secure. I can't severly screw up my box unless I'm running as root...and I don't run as root. In Windows, you have privledges to do anything and everything (or you have privledges to do nothing and nothing).
    No this is incorrect. Have you ever secured windows? You have a normal user with no priviledges to do your day2day stuff. Then you have the adminstrator account which is renamed and has a good password. Then disable the guest account and some services that arnt needed. This is similar to *nix user/groups (No one but admin can access sys files, registry ect..). Also not many viruses are written for other OS's is cause windows is running on about 90% of desktops makeing it a better target. And most users of it are not computer savey (Thats why they use windows right). So yet again it does comes down to the systems admin/owner not the OS, this has been said in many posts. So stop the stupid windows bashing

  10. #9
    Linux Engineer kriss's Avatar
    Join Date
    Jun 2003
    Posts
    1,113
    security through obscurity doesnt work, and windows is a perferfect example of that..

  11. #10
    Linux Guru sarumont's Avatar
    Join Date
    Apr 2003
    Location
    /dev/urandom
    Posts
    3,682
    Quote Originally Posted by Ol Man
    No this is incorrect. Have you ever secured windows? You have a normal user with no priviledges to do your day2day stuff.
    I've never been able to get to a normal user in Windows to be able to do what they need to do to run day to day without an administrator. I tried to set my sister up with a limited user acct. so she couldn't screw things up, but it was too limited for normal use. The big thing is that there's really no happy medium between Administrator and a "limited user."
    "Time is an illusion. Lunchtime, doubly so."
    ~Douglas Adams, The Hitchhiker's Guide to the Galaxy

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •