SiteReview.org: Unix's poor Internet Security ReputationMay 17, 2000, 12:56 (5 Talkback[s])
(Other stories by Ray Yeargin)
[ Thanks to Nobody for this link. ]
"Unix derives its bad security reputation from four primary sources; its rich variety of network services, the prominence of wide-open academic institutions in Unix antiquity, the extensive Unix documentation available, and, perhaps most important, the traditional practice of shipping Unix with many services automatically enabled by the installation process."
"While many proprietary operating system vendors do rely heavily on security through obscurity, Unix is well known and thoroughly documented. Your local bookstore probably has books on Unix internals and the intricacies of Unix networking. Further, a typical modern Unix distribution may well install over 20,000 files and more than 50 network services -- before you add the first user or web page. Most of the network services provided are unnecessary at many sites and those that are required are sometimes improperly configured, resulting in unintended exposure of sensitive files. Finding and repairing these misconfigured and unneeded services is one of the most important and neglected tasks involved in securing a Unix Internet server."