I'm sure if Linux were the most used OS and Windows was only second there would be much more Linux exploits than Windows ones.

ROFLMAO

Lennon, your threads crack me up! [img]graemlins/biggrin.gif[/img]

I'm sure I'd appriciate them a lot more if I knew what the hell was going on inside them. :D Your crusade against Microsoft is always good reading.

But Longhorn, sp2, wha?

Forgive my ignorance, and let this humble yokel laugh at all them funny words.

<span style="color: lightblue">Dplax: Not so. The Slapper worm was to do with Apache more than Linux (although it only affected Apache on Linux, not Apache on Win32 AFAIK). It is the only major worm Apache has had in it's lifetime, compare to MS IIS which has had many.
Now, which is more popular? On major commerical servers, Apache has around 70% and rising. In other words, Apache is far more popular than IIS, and yet it has had far fewer exploits.

Security comes with secure programs, not with smaller user bases.

[ 01-09-2005, 05:38 PM: Message edited by: LennonCook ]

<span style="color: lightblue">If that were true, you would need to start a web browser as root since they bind to port 80. FTP clients, mail clients, GAIM and its kin. They all connect to ports, inbound and outbound, and yet they can be started by anyone who can access the executable. I run aMSN, Thunderbird, Firefox, xChat, ncFTP, and GAIM regularly as me. Check your facts.
</font>[/QUOTE]Actualy, Seraph is right about this. You need root priviledges to bind to a port &lt1024. Run a ps -A with apache running and you should see the parent process is running as root, with a bunch of non-root children (assuming you actualy had some traffic other than your own testing, which you dont). Which neatly explains why this isn't a problem with apache - the processes doing all the work don't have root priviledge. Other programs get round this by dropping root priviledge after binding to the port.

I would have reservations about running anything that kept root priviledges on a process which was listening to a port, since an author that didnt think to work around that probably didn't secure the rest of it properly. But, this is it. Its up to the author to write a secure program, and the admin to choose a secure program. Linux dosent generaly make mistakes for you, and it won't do things like exposing file and print sharing to the internet by default. Or running a messenger service on every machine by default regardless of whether its needed. Or basing a large portion of its local infrastructure on a protocol intended for remote execution of code.

Longhorn -The next sequel in the best-selling point-and-click adventure, the Windows franchise.
SP2 - an expansion pack for Windows XP. New missions, new levels, new enemies!
Debian - a Linux distribution(version)
Root - the very top of the hierarchy
Buffer overrun - a way to fool a security system into a continual loop. Like you mention the number thirteen to someone who can count up to ten.
Any more? [img]tongue.gif[/img]

<span style="color: lightblue">SP2 = Windows XP Service Pack 2. A download of... somewhere around 700 MB I think, which MS say makes Windows more secure. The article I posted analyses just how it does this, and how well it works. And it turns out that that almost GIG of downloading is little more than fake smoke and mirrors that hardly reflect.

Longhorn = the next generation of Windows. It was originally going to debut this year (maybe last?), but MS have delayed it. Last I checked, it was going to be atleat 2007 before we even see a glimpse of BETAs. It has alot of security updates (supposedly), and some stuff about digital rights management. That is, preventing you from using CDs or play MPEGs unless you pay the author money and they pay MS money.

You think wrong. It's 120 MB, 200 if you want the LAN professional edition for installation to other machines. And it actually does do something usefull, if you set it right.

<span style="color: lightblue">Ok, I was a little off... but 200 MB is still quite big for something that doesn't do a good job out of the box without fiddling. Moreso if you consider that alot of the world is still on dialup, and that would take close to a day to get...

My point is that too few people use Linux for it to be a good hacker target. If more people were using it then more info could be stolen and it would be more worthwile for hackers to target Linux.

<span style="color: lightblue">Ok, I was a little off... but 200 MB is still quite big for something that doesn't do a good job out of the box without fiddling. Moreso if you consider that alot of the world is still on dialup, and that would take close to a day to get... </font>[/QUOTE]Windows Update downloads work in a way that they download slowly over time in the background and once downloaded install. That means that if you log on an hour each day only SP2 shall download only those times and can resume itself. You can do other work while doing all this. Then when it has finished downloading you can install.