Comments on: There was a hole in the wall http://log.reflectivesurface.com/2004/01/20/there-was-a-hole-in-the-wall/ Still powered by a contradiction in terms Tue, 06 Jan 2009 03:58:20 +0000 http://wordpress.org/?v=2.7 hourly 1 By: Ronaldo http://log.reflectivesurface.com/2004/01/20/there-was-a-hole-in-the-wall/comment-page-1/#comment-248 Ronaldo Sat, 24 Jan 2004 17:28:58 +0000 http://log.reflectivesurface.com/2004/01/20/there-was-a-hole-in-the-wall/#comment-248 I undestand what we are saying, but I disagree. MySQL is not part of the operational system, and all I said is that Linux is more secure than Windows in its *default* installation. MySQL is just an additional service. If you were comparing it to Microsoft SQL Server, which also installs with a blank password by default, I'd agree. The problem, however, is that Windows ships with all its folders and files generally unprotected, accessible by everyone who has access to the machine. Linux, on the other hand, ships with very strict permissions. To properly configure a Windows system with regards to its permissions, you'd have to go through a lot of hops and you'd be vulnerable again every time a new application is installed. So, Linux is indeed safer than Windows in its default configuration. I undestand what we are saying, but I disagree. MySQL is not part of the operational system, and all I said is that Linux is more secure than Windows in its *default* installation. MySQL is just an additional service. If you were comparing it to Microsoft SQL Server, which also installs with a blank password by default, I’d agree.

The problem, however, is that Windows ships with all its folders and files generally unprotected, accessible by everyone who has access to the machine. Linux, on the other hand, ships with very strict permissions. To properly configure a Windows system with regards to its permissions, you’d have to go through a lot of hops and you’d be vulnerable again every time a new application is installed. So, Linux is indeed safer than Windows in its default configuration.

]]> By: thomas http://log.reflectivesurface.com/2004/01/20/there-was-a-hole-in-the-wall/comment-page-1/#comment-247 thomas Thu, 22 Jan 2004 06:09:46 +0000 http://log.reflectivesurface.com/2004/01/20/there-was-a-hole-in-the-wall/#comment-247 I don't think your example can be used as a proof that windows is less secure than linux...so the default mysql installation uses 'root' for login and no password, does this mean that mysql is unsecure? Well it can be, but definitely the default user/pass doesn't prove anything. Your example just proves one thing, that there are lazy admins working at hosting providers in Brazil (yeah, i'm brazilian too) I don’t think your example can be used as a proof that windows is less secure than linux…so the default mysql installation uses ‘root’ for login and no password, does this mean that mysql is unsecure? Well it can be, but definitely the default user/pass doesn’t prove anything. Your example just proves one thing, that there are lazy admins working at hosting providers in Brazil (yeah, i’m brazilian too)

]]> By: Ronaldo http://log.reflectivesurface.com/2004/01/20/there-was-a-hole-in-the-wall/comment-page-1/#comment-246 Ronaldo Thu, 22 Jan 2004 03:02:53 +0000 http://log.reflectivesurface.com/2004/01/20/there-was-a-hole-in-the-wall/#comment-246 As surprising as it may sound, here in Brazil almost all hosting providers offer Windows as an option -- although usually at a price higher than Linux. Also, from what I've seen in my years as a Web developer, Windows is the dominant platform because it's easier to find people that develop for it than for Linux. But that's been changing in the past few years as more people realize Linux is safer, cheaper and more powerful. As surprising as it may sound, here in Brazil almost all hosting providers offer Windows as an option — although usually at a price higher than Linux. Also, from what I’ve seen in my years as a Web developer, Windows is the dominant platform because it’s easier to find people that develop for it than for Linux. But that’s been changing in the past few years as more people realize Linux is safer, cheaper and more powerful.

]]> By: Anders http://log.reflectivesurface.com/2004/01/20/there-was-a-hole-in-the-wall/comment-page-1/#comment-245 Anders Tue, 20 Jan 2004 16:40:33 +0000 http://log.reflectivesurface.com/2004/01/20/there-was-a-hole-in-the-wall/#comment-245 I must admit - yeah - that is a massive security hole. It's very rare for professional ISPs to run Windows, though, isn't it? My provider, www.pair.com, is running FreeBSD/NetBSD and has done for the last 5-6 years at least with very good success (stability, security etc)...... They come with my highest recommendations! I'm assuming that on WinNT IIS can run as some other user (with no Administrator privileges); like the http daemon can run as "nobody" on Linux/NetBSD... I must admit - yeah - that is a massive security hole. It’s very rare for professional ISPs to run Windows, though, isn’t it? My provider, http://www.pair.com, is running FreeBSD/NetBSD and has done for the last 5-6 years at least with very good success (stability, security etc)…… They come with my highest recommendations! I’m assuming that on WinNT IIS can run as some other user (with no Administrator privileges); like the http daemon can run as “nobody” on Linux/NetBSD…

]]>