[PLUG] another reason or two why IPv6 rocks

Daniel Pittman daniel at rimspace.net
Wed Feb 23 05:25:11 UTC 2011


On Tue, Feb 22, 2011 at 21:18, Randal L. Schwartz <merlyn at stonehenge.com> wrote:
>>>>>> "Daniel" == Daniel Pittman <daniel at rimspace.net> writes:
>
> Daniel> Last time I counted the CVE stuff showed that Win32 and Linux were
> Daniel> about even in terms of vulnerabilities, at least, and that you were
> Daniel> much more at risk if you used something outside the big three distros,
> Daniel> or Win32.
>
> You typed "more" where I think you meant "less".

No, I meant more: smaller distributions had known vulnerabilities for
longer than either Win32 or the RedHat/SuSE/Debian (and immediate
derivatives; Ubuntu was small enough at the time not to factor) set,
which meant they were more likely to get bitten.

> Linux holes are far more useful to exploit than say, FreeBSD holes,
> simply because there's far more Linux out there.

I gathered far less data on this, although my recollection is that the
*BSD group were generally about as risky in the "real world" – once
applications were installed from ports – as Linux was.  Their base
system was usually much smaller, so had less holes, but it didn't help
the overall state.

[…]
> See OpenBSD's completely sane claim of having had only two (three?)
> remote exploits in over a decade.  The average time between remote
> exploits in Linux is measured in months.

They carefully limit that to only their core distribution; your
comparison would be the absolute minimal Debian installation, rather
than the standard one.  That said, they may well be more secure.  I
was loose in my comments above, which I mostly intended to refer to
Linux, and commercial distributions.

Daniel
-- 
⎋ Puppet Labs Developer – http://puppetlabs.com
✉ Daniel Pittman <daniel at rimspace.net>
✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285
♲ Made with 100 percent post-consumer electrons



More information about the PLUG mailing list