UnderLinux: Interview Elias Levy (BugTraq's Aleph1)

Sep 13, 2001, 12:16 (0 Talkback[s])

UnderLinux : In a general focus what is more secure Gnu/Linux or OpenBSD ? Or other OS ?

Aleph1 : That is a pointless question without some context. For example, certainly the OpenBSD folks have done an incredible job creating a secure and stable operating system - an effort that should be emulated by others - but the application you are looking to run many not be supported under it. The most secure OS depends on your requirements.

Even with OpenBSD's success the UNIX security model is very simplistic. You can certainly write secure applications - see qmail and postfix for examples - but they require a lot of effort. Linux is interesting because the are so many groups exploring alternative security models: privileges, acls, subdomain, SELinux, etc.

NT had potential. It has an interesting security model, but the legacy code, insecure defaults, complexity, and lack of security savvy by application programmers used to the Windows and DOS world have left it with a rather bad track record.

You must also take into account how well the people administrating the system knows the technology. You can have the most secure OS but if its misconfigured it will be useless. Conversely, a good admin is capable to hardening a sloppy OS."

Complete Story

Related Stories:

• TruSecure and Red Hat Co-Author White Paper Addressing the State of Open Source Security(Sep 11, 2001)
• ZDNet: New Unix worm could be next Code Red(Sep 11, 2001)
• Kurt Seifried: Linux Administrator's Security Guide (LASG) updated(Sep 06, 2001)
• UnixReview: Real World Linux Security: Intrusion Prevention, Detection, and Recovery [Book Review](Sep 04, 2001)
• Help Net Security: A Comment on Bugtracking(Sep 02, 2001)
• LinuxPlanet: .comment: The Great, the Pretty Bad, and the Breathtakingly Stupid(Aug 08, 2001)
• Net-Security.org: Installation of a Secure Web Server(Jul 28, 2001)
• eWeek: Apache avoids most security woes(Jul 24, 2001)