Date: Thu, 12 Jun 2008 11:43:40 -0500 From: Jeffrey Goldberg <jeffrey@goldmark.org> To: David Naylor <naylor.b.david@gmail.com> Cc: Roland Smith <rsmith@xs4all.nl>, freebsd-questions@freebsd.org Subject: Re: FreeBSD and User Security Message-ID: <62860DF8-423D-48B3-9757-CC3D24732CF0@goldmark.org> In-Reply-To: <200806121519.12820.naylor.b.david@gmail.com> References: <200806112225.36221.naylor.b.david@gmail.com> <20080611214743.GA18371@slackbox.xs4all.nl> <200806121519.12820.naylor.b.david@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 12, 2008, at 8:19 AM, David Naylor wrote: > I think this argument is rather mute, just because there are no > programs > exploiting security vulnerabilities does not been there are not > vulnerabilities, But it is far from moot if you are interested in the actual threat against your system. In a sense, using a less popular OS is a form of "security by obscurity" which is not to be heavily relied on, but still it does make a real, practical, difference in the case that you described. > and a determined cracker would create his own program. You have not articulated what you are trying to defend against. Do you anticipate determined crackers going after your particular system and what resources will such attackers have? We can't talk about a system being "secure" in general, but the question needs to be framed in terms of "secure against what". > That said I hope there are, actually, no vulnerabilities. That is demanding too much. What you need to hope for is a combination of "no known unpatched vulnerabilities at the moment" and more importantly "procedures and practices to keep things that way". As Bruce Schneier likes to say, "Security is not a product but a process". The vast majority of actual system compromises involve failure of system administrators to keep systems patched and follow good security practices. One reason that I switched from Linux to FreeBSD is that I find it much easier to maintain FreeBSD, particularly in terms of security updates. I have been responsible for Linux machines that did get rooted because I was having problems keeping them up-to-date for a variety of reasons. > [Security through obscurity is just an illusion] In your post you mentioned concern about spyware. It is not an illusion that FreeBSD has not been targeted by spyware writers while Windows has. Even if some of that is the consequence of security by obscurity, it is no illusion. Of course we need to understand that those security benefits from obscurity are fragile, but we shouldn't dismiss it entirely. Again, what sorts of benefits such things may add (or subtract) depends on the nature of the attacker. Cheers, -j
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?62860DF8-423D-48B3-9757-CC3D24732CF0>