[linux-elitists] Are we Dead Yet? (or "For every sprinkle I find, I shall kill you!)
Thu Feb 3 00:01:35 PST 2005
Quoting Karsten Self (firstname.lastname@example.org):
> Um. They were deployed as part of the honeypot test, no? In which
> case there's a useful service being performed (even if not crystal
> clear in the report) that EOLd systems are _not_ Internet-safe.
As I said in my original post, I'd have had no real problem with the
study if it has included _some_ disclaimer like "Naturally, it was a
really obviously crazy stunt to run these obsolete systems, in December
2004, completely without customary patching and exposed to the global
Internet, but using more-realistic and modern systems would have made
for a dull study."
Instead, it only has statements like "Recent data from our honeynet
sensor grid reveals that the average life expectancy to compromise for
an unpatched Linux system has increased from 72 hours to 3 months" --
without bothering to mention that it'd be really _dumb_ to do that,
normally, not to mention it requiring a deliberate effort to disable
maintenance mechanisms and IP-filtering scripts.
> While the Redmond FUDsters are sure to spin this as "GNU/Linux Bad
> Communist Software Evil!", it's also useful marketing duff for
> $PROPRIETARY_LINUX_FIRM or $FLOSS_VAR who wants to imprint just how
> vital keeping public-facing systems current is.
If only the study had said "So, _do_ keep your system patched and close
up glaring security holes" (like, er... PHP4 register_globals ;-> ).
Cheers, Hardware: The part you kick.
Rick Moen Software: The part you boot.
More information about the linux-elitists