Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||
Granularity of popularityGranularity of popularityPosted Apr 10, 2008 20:24 UTC (Thu) by dmarti (subscriber, #11625)In reply to: RSA: Security Experts Debate Linux Vs. Microsoft (ChannelWeb) by rmunn Parent article: RSA: Security Experts Debate Linux Vs. Microsoft (ChannelWeb)
There's also the problem of popularity at the individual package level. If all the Linux admins were diligent about removing unused software, you reduce the effective exposure of real-world Linux systems below the vendor vulnerability counts, because only vulnerabilities in the base OS load affect all users, and vulnerabilities in stuff that's not installed affect only those users who really needed that software enough to install it or leave it installed. (How many production servers have you seen running X and portmap?) Of course, not all Linux admins are willing to click "uninstall" all over the place, and the modern IT media doesn't advocate strongly enough for a culture of aggressive software removal.
(Log in to post comments)
Granularity of popularity Posted Apr 12, 2008 16:07 UTC (Sat) by Richard_J_Neill (subscriber, #23093) [Link] I'm not convinced by this. Of course you shouldn't leave services running if you don't need them, but you don't have to uninstall the binary. (And yes, our production server does run portmap - it tends to be rather useful when the fileserver is NFS!)
Granularity of popularity Posted Apr 14, 2008 22:44 UTC (Mon) by phiggins (subscriber, #5605) [Link] If one of those binaries is setuid root, then you'll surely wish you had uninstalled it after someone exploits it. There are other reasons to not have unnecessary programs installed, such as a compiler.
|
|||||||||||