Makes me wonder if the people doing the study had just read the book "How to Lie with statistics". Anyone who hasn't read the book might find it amusing.
Mike On Mon, 2004-02-23 at 13:24, Jason Becker wrote: > Sorry about my prior message that was sent by accident. There was a > thread on OS News about this mi2g research too: > http://www.osnews.com/story.php?news_id=6098 My contribution to the > thread was: -begin- I just want to second Justin's comments. I'm not a > security expert AND I didn't read the original report but without > knowing what daemons/services were running on these boxes it's pretty > damn hard to compare apples to apples. i.e. Were the Linux boxes running > wu-ftpd? For non-production workstations/servers simply using tools like > nmap/Nessus and applying patches regularly should tighten your system > enough without adversely affecting features and/or ease of use. Cheers > -end- I agree with Aaron... the report is rubbish. Cheers > Message: 6 Date: Mon, 23 Feb 2004 09:17:54 -0700 From: "Aaron J. Seigo" > <[EMAIL PROTECTED]> Subject: Re: [clug-talk] Most vulnerable OS's To: > [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> > Content-Type: Text/Plain; charset=us-ascii -----BEGIN PGP SIGNED > MESSAGE----- Hash: SHA1 On February 23, 2004 08:44, Jason Van Dellen wrote: > > >> The results were suprising to me, what do you think? > >> > >> http://slashdot.org/article.pl?sid=04/02/21/142239&mode=thread > > > > > > surprising unless you think about it for about 2 seconds. > > first off, the mi2g's "research" is flawed, as has been pointed out how many > times in the past in various places? here's the cheat sheet: > > o they don't discuss methodology, including what their sample set was. this > makes accurately interpreting their numbers impossible. > > o they dismiss automated attacks, as if those don't count. trust me, they do. > > o they don't define the type of "breaches" counted, what software was > affected, where the sstems existed (profile is often important, especially in > non-automated attacks), etc... look at the recent wave of phpNuke attacks. > would those count as breaches? are they really Linux breaches? or is that an > OS agnostic attack that just happens to land most often on a Linux box due to > deployment? is this an indictment of PHP and/or PHPNUke, which runs on > Windows just as handily? > > basically, this report is, IMHO, rubbish. i don't know what mi2g's angle is, > but then if their website were actually working perhaps i'd be able to find > out. =P > > but they are correct about one thing: Linux adoption is rising fast. the > number of users with security knowledge is being diluted. help newbies > install software securely (regardless of the OS) and encourage automated > sofwtare updated. help ensure a secure network in your area for everyone. the > Linux distros are doing their part by not installing and starting every > daemon under the sun ala 1999, but there's still a part to be played by us > the users. > > > - -- > Aaron J. Seigo > GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43 > while (!horse()); cart(); > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) > > iD8DBQFAOiez1rcusafx20MRAvk6AJ0YVd6coAkjLGaRxZuDP+vWAI/5ZwCbB2B/ > mfORN4LPJozHqUPn5N/EIJY= > =nNhb > -----END PGP SIGNATURE----- > > > _______________________________________________ > clug-talk mailing list > [EMAIL PROTECTED] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca -- Mike Petch CApp::Sysware Consulting Ltd. Suite 1002,1140-15th Ave SW. Calgary, Alberta, Canada. T2R 1K6. (403)804-5700. _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
