Linux Today: Linux News On Internet Time.

UnderLinux: Interview Elias Levy (BugTraq's Aleph1)

Sep 13, 2001, 12:16 (0 Talkback[s])
UnderLinux : In a general focus what is more secure Gnu/Linux or OpenBSD ? Or other OS ?

Aleph1 : That is a pointless question without some context. For example, certainly the OpenBSD folks have done an incredible job creating a secure and stable operating system - an effort that should be emulated by others - but the application you are looking to run many not be supported under it. The most secure OS depends on your requirements.

Even with OpenBSD's success the UNIX security model is very simplistic. You can certainly write secure applications - see qmail and postfix for examples - but they require a lot of effort. Linux is interesting because the are so many groups exploring alternative security models: privileges, acls, subdomain, SELinux, etc.

NT had potential. It has an interesting security model, but the legacy code, insecure defaults, complexity, and lack of security savvy by application programmers used to the Windows and DOS world have left it with a rather bad track record.

You must also take into account how well the people administrating the system knows the technology. You can have the most secure OS but if its misconfigured it will be useless. Conversely, a good admin is capable to hardening a sloppy OS."

Complete Story

Related Stories: