Date: Mon, 28 Feb 2005 01:55:43 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: <freebsd-questions@freebsd.org> Subject: RE: Installation instructions for Firefox somewhere? Message-ID: <LOBBIFDAGNMAMLGJJCKNKEIPFAAA.tedm@toybox.placo.com> In-Reply-To: <663804712.20050228005329@wanadoo.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Anthony > Atkielski > Sent: Sunday, February 27, 2005 3:53 PM > To: freebsd-questions@freebsd.org > Subject: Re: Installation instructions for Firefox somewhere? > > > ...ummm this is rather like a windows admin saying s/he never > > updates windows. > > If it's a Windows _server_, I never do any updates that are not > absolutely necessary. > The ISP I work at has a sister company that is a network services company. One of the several techs that work for that company has your attitude. He's been burned a few times when he's installed patches that broke existing software at a customer. However, the customers that he cares for have the highest percentage of broken-into servers. (by outside crackers) >From our point of view over at the ISP it seems to us that the pain of dealing with an app that breaks as a result of a security update is less than dealing with the pain of cleaning up a server that is broken into. And we have also observed that no matter how long the techs there work on a Windows server that has been broken into, once it's broken into it seems to get regularly re-broken into in the future, unless they nuke and repave it. I guess your attitude is safe enough if you regularly backup and you don't have critical data like credit cards or patient data or whatever that you don't want to have spread around. > > Updating. yes you are constantly updating on a production server, > > unless your idea of fun is somebody compromising your machine. > > Unless the OS is a Swiss cheese of bugs, constant updating is not > necessary. If the OS is so insecure that you must constantly update > just to stay ahead of the kiddies, it's time to think of installing a > different OS. > Frankly I find this rather silly. The OS does very little that helps a cracker. About the only thing that bugs in the OS will allow a cracker to do is DoS a TCP/IP stack. The difficulty is in the application programs, such as nfs, samba, http, telnetd, sshd, smtp, dns, etc. which all of in the past had security holes discovered and closed - sometimes repeatedly. The same goes for Microsoft's products. Just because an app like IIS is bundled with Windows Server, and an app like telnetd is bundled with UNIX, does not mean that when those apps got cracked, that the OS was the problem. Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNKEIPFAAA.tedm>