StarDestroyer.Net BBS

A: I'd say they're just about equal if competently administered. It does depend on the applications running on the network... Apache does have more vulnerabilities than IIS6 last time I checked...

B: Linux is slightly more secure, just for the simple reason that it's harder to get stuff running if not supported by the distro (downloaded exes don't have execute permissions by default, source has to be compiled, etc etc, making it more difficult for the dumb user to ruin it . Though now that I've checked and apparently you can install a .deb on Ubuntu by doubleclicking it, but this does need to be done as root - you'd have to convince him to put his password in... the whole thing hinges on socially engineering the user to make the effort to run things. Since most of the time software is apt-getted or whatever, it's slightly more difficult to convince him/her to run random exe on the internet, but not by much.

Other exploits depend on applications (i.e. a firefox vulnerability, outlook vuln, )- not an OS problem, and firefox runs on both platforms. Again, dependent on apps running. Linux distributions do update applications for vulnerabilities more consistently than Windows

C: Both should be safe.


Applications and the user make more of a difference than the OS.

A: They're probably about equal. Competently administered, neither internal network should really be vulnerable. For example, the extra USB ports should be disabled on the user's machines, so that they can't use thumb drives. The keyboard, mouse, video, and network jacks should be attached to the machine in such a way that they cannot be removed by anyone other than authorized IT personell. Also, their machines should not have CD drives at all, or, if they must have them, no burners. Basically, the user should only be able to enter input via the keyboard or mouse.

Similarly, a well-configured commercial firewall will stop them from downloading anything they're not supposed to download. As for the website, that depends on if the web developers are idiots or not, so to an extent, it's out of IT's purview.

B: Linux has a slight edge, only because all Bob needs to do is forget to include one fucking library and the whole thing won't work, even if he manages to gain superuser access. Either way, as long as it's not exploiting a flaw if privelidge escalation and the users aren't complete retards ("LOL RUN DIS 4 FREE PRON"), each should be OK.

C: Both should be safe.

Pu-239 wrote:. Though now that I've checked and apparently you can install a .deb on Ubuntu by doubleclicking it, but this does need to be done as root - you'd have to convince him to put his password in... the whole thing hinges on socially engineering the user to make the effort to run things.

There are highly successful Windows email "worms" which instruct the user to extract the password protected zip somewhere, enter a password and then manuelly run the application despite warnings.

The biggest security risk has always been the moron in front of the computer

Xon wrote: There are highly successful Windows email "worms" which instruct the user to extract the password protected zip somewhere, enter a password and then manuelly run the application despite warnings.

The biggest security risk has always been the moron in front of the computer

Since you cannot feasibly install and run Linux whilst being a moron, this pretty much keeps it in the more secure category and is, actually, one reason many want to keep Linux low key. Dumb down things and people you wish not to know appear in droves. Course, when the likes of Vista heckles you on your security, it gets annoying and people just ignore it. Ah, humanity is truly awe inspiring.