Novell : La verita' smascherata.

[Max72]

La verità smascherata:

Di recente Microsoft ha messo in dubbio l'idoneità di Linux per le aziende, mascherando parzialmente la verità per adeguare la realtà alla sua personale visione del mondo. Questo sito intende smascherare la verità chiarendo ogni singolo dettaglio della questione. Se esaminerete la realtà dei fatti comprenderete perché Microsoft si sia impegnata a contestare Linux e perché Linux rappresenti invece, in molti casi, una scelta migliore di Windows per far fronte alle esigenze delle grandi aziende.

Date un occhiata qui
per leggere svantaggi e vantaggi discussi da Novell...

[ago]

basta fare CTRL+ALT+F1 e gia' capisci che e' un altro paio di mani...

Poi magari una volta in console, login come secondo utente e:

startx -- :1

E da li CTRL+ALT+F7/F8

[ago]

Per non parlare di questo studio...

Hanno messo 19 macchine Linux senza particolare precauzioni su internet per alcuni mesi.

Su 19 macchine unpatched solo 4 sono state compromesse (3 delle quali erano assolutamente antiquate, RH7.3!!!, e solo due presentavano vulnerabilita' sfruttabili), e ci sono voluti in media TRE MESI...

Per dare un idea, 3 su 4 macchine di Sun Solaris sono state compromesse in TRE SETTIMANE.

Quanto a windows sono state tutte scassinate nel giro di POCHE ORE se non di MINUTI...

Pero' m$ sostiene che: "Linux and OSS are just as vulnerable to security attacks and breaches as proprietary platforms."


E qui non stiamo considerando virus e spyware praticamente inesistenti su Linux. Si tratta di attacchi diretti.


Linux fights off hackers
Open source no easy pickings
Iain Thomson, vnunet.com 18 Jan 2005

Linux systems are getting tougher for hackers to crack, security experts have reported today.

A study by not-for-profit IT security testing organisation Honeynet Project has shown that, on average, Linux systems today take three months to fall prey to hackers, up from 72 hours in equivalent tests conducted between 2001 and 2002.

The 2004 results came after a team of researchers set up 19 Linux and four Solaris 'honeypots' in eight countries including the UK. Honeypots are unpatched internet-connected computers designed to be targets for hackers.

"Default installations of Linux distributions are getting harder to compromise," said the report.

"New versions are more secure by default, with fewer services automatically enabled, privileged separation in services such as OpenSSH, host-based firewalls filtering inbound connections, stack protection for common threats and other security mechanisms."

During the tests only four Linux honeypots were compromised (three running Red Hat 7.3 and one with Red Hat 9). Two of those systems were broken by brute force password attacks rather than by operating system vulnerabilities.

By contrast unpatched Windows systems exposed in a similar way in tests last year by Symantec lasted a few hours, or in some cases minutes.

But there was bad news for Solaris users, with three out of the four honeypots running Solaris 8 or 9 hacked within three weeks. However, a fourth has been online for six months without being compromised.

www.vnunet.com/news/1160588

[ago]

Se vogliamo fare un indice basato sul tempo medio che hanno retto le macchine rispetto al tempo che avrebbero potuto reggere (26 settimane), viene fuori:

Liunux 89%
Solaris 34%
Windows 0,1%!!!

L'indice per Linux ad esempio e' cosi' calcolato: (15*26+4*13)/(19*26). Solaris (1*26+3*3)/(4*26). Per windows non avevo il dato preciso dall'articolo ho usato quattro ore di media (che sembra generoso considerando che alcune loro macchine sono andate giu' in pochi minuti) e viene fuori (0*26 + N*0,02)/(N*26)=0,02/26. Anche aumentando di qualche ora il discorso cambia poco.

Conclusione: le macchine Linux sono in media MILLE VOLTE piu' sicure di quelle Windows.

[Max72]

Attendiamo con "ansia", la risposta indignata di Ballmer a questa dichiarazione di Novell...

Chissa' che stipendio prende per le sparate autolesionistiche e fantascientifiche che si trova costretto a fare per difendere la microcozz

[ago]

Scusami perche' mai non dovresti fidarti di quello che dice questo tipo qui?


[dd]media.ebaumsworld.com/ballmerwindows.wmv[/dd]

http://media.ebaumsworld.com/ballmerwindows.wmv

[ago]

...

Judge for yourself which operating system is more vulnerable to security problems by going down the list on CERT's Incident Notes page (http://www.cert.org/incident_notes/). It goes back to 1998. And here (http://www.cert.org/current/current_activity.html) is their Current Activity page. It's almost all Microsoft issues. Here's (http://www.kb.cert.org/vuls/) their Vulnerabilities Notes page. It's all Microsoft, except for one, which isn't Linux. Here (http://www.cert.org/summaries/CS-2003-03.html) is their most recent quarterly summary. And here (http://www.eweek.com/article2/0,3959,5264,00.asp) is a chilling article. After you look at all the data, what do you think now? Was Mr. Ballmer accurate? The only way I could find Linux prominently on any list was to type it into the Customized Search engine by itself on this page (http://www.kb.cert.org/vuls/), and then when you get to the list, it's a list for all vulnerabilities of all the distributions of Linux, not just Red Hat. I couldn't find anything equivalent to Microsoft announcing a vulnerability and then saying there was no patch and you should just shut that particular functionality down. Ballmer said there were 17 critical vulnerabilities in Windows 2000 in the 150-day period and that Red Hat had considerably more. But look at the list: it shows only 16 vulnerabilities for all flavors of Linux for the entire year of 2000. CERT only lists the big ones, but Ballmer did say "critical". It makes you wonder where he got his numbers from or how he defines "critical".

Funny he would choose such an old time period, don't you think, for his comparison? Maybe it's because looking at July through October of this year would be devastating? I see only two Linux vulnerabilities on the list for that time period, both buffer overflow vulnerabilities, so evidently there has been considerable improvement on the Linux side.

Look at what could happen to you on a Windows box in the first two weeks of September 2003, though, just using a handful of the many recent vulnerabilities here (http://www.fool.com/News/mft/2003/mft03090401.htm) and here (http://www.eweek.com/article2/0,4149,1261437,00.asp) and here (http://www.timesonline.co.uk/article...811956,00.html) and here (http://www.komotv.com/stories/27000.htm) and here (http://www.informationweek.com/story...cleID=14200390) and here (http://seattletimes.nwsource.com/htm...crosoft11.html) and here (http://www.theregister.co.uk/content/56/32761.html). I didn't include July and August or October or the rest of September, out of kindness. Now, what Mr. Ballmer needs to do is show me anything like that kind of news coverage of security vulnerabilities in GNU/Linux, for any two week period. And speaking of critical, look at what the results could be from the Windows security issues:

"'An attacker who successfully exploited these vulnerabilities could be able to run code with local system privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges,' Microsoft warns."

http://www.groklaw.net/article.php?s...31022014413296

[Max72]

Ho visto il filmato solo adesso.... ....ora e' tutto chiaro .

Pero' esistono delle cure per patologie simili...la microcozz dovrebbe provvedere ad una migliore assicurazione sanitaria per i propri dipendenti.

[ago]

Qui ce n'e' un altro simpatico:
http://www.politicaonline.net/forum/...96#post1862996

[Max72]

Ma e' riuscito una sola volta, a finire una presentazione senza un crash?