LinuxPlanet: Security Expert Gives Operating Systems Poor Security Grade
Oct 14, 2002, 17:30 (15 Talkback[s])
(Other stories by Robert McMillan)
"LP: You've been a vocal critic of both Windows and
Linux's security design. What's the problem with
"Spafford: Windows is awful, but well, so is
Linux. Neither presents an environment that your average business
user or government user or home user is able to install and use out
of the box without worries. And in fact, if you look at your
typical Linux distributions, with all of these tools and extra
drivers and everything that's thrown on, a lot of that is
programmed by people without training, without careful thought, and
without careful design.
"That's not the argument for the kernel. The kernel is rather
tightly controlled by a small group who do have expertise.
"In truth, it's the larger collection of things that gets
shipped off and sent off that somebody might want to install, and
it's very often those poorly designed or poorly examined add-ons
and programs that run with privilege and server daemons that lead
to the problems..."