[PLUG] another reason or two why IPv6 rocks
Daniel Pittman
daniel at rimspace.net
Wed Feb 23 05:25:11 UTC 2011
On Tue, Feb 22, 2011 at 21:18, Randal L. Schwartz <merlyn at stonehenge.com> wrote:
>>>>>> "Daniel" == Daniel Pittman <daniel at rimspace.net> writes:
>
> Daniel> Last time I counted the CVE stuff showed that Win32 and Linux were
> Daniel> about even in terms of vulnerabilities, at least, and that you were
> Daniel> much more at risk if you used something outside the big three distros,
> Daniel> or Win32.
>
> You typed "more" where I think you meant "less".
No, I meant more: smaller distributions had known vulnerabilities for
longer than either Win32 or the RedHat/SuSE/Debian (and immediate
derivatives; Ubuntu was small enough at the time not to factor) set,
which meant they were more likely to get bitten.
> Linux holes are far more useful to exploit than say, FreeBSD holes,
> simply because there's far more Linux out there.
I gathered far less data on this, although my recollection is that the
*BSD group were generally about as risky in the "real world" – once
applications were installed from ports – as Linux was. Their base
system was usually much smaller, so had less holes, but it didn't help
the overall state.
[…]
> See OpenBSD's completely sane claim of having had only two (three?)
> remote exploits in over a decade. The average time between remote
> exploits in Linux is measured in months.
They carefully limit that to only their core distribution; your
comparison would be the absolute minimal Debian installation, rather
than the standard one. That said, they may well be more secure. I
was loose in my comments above, which I mostly intended to refer to
Linux, and commercial distributions.
Daniel
--
⎋ Puppet Labs Developer – http://puppetlabs.com
✉ Daniel Pittman <daniel at rimspace.net>
✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285
♲ Made with 100 percent post-consumer electrons
More information about the PLUG
mailing list