[plug] windows and dhcp

Dennis Plester dennisp at tiwest.com.au
Wed Feb 28 14:47:22 WST 2001


Christian and Leon swapped various arguments, including...

"Actually, the default ``Paranoid'' install for Mandrake 7.2 adds 
`ALL:ALL EXCEPT localhost:DENY'' to /etc/hosts.deny and a portscan 
reveals -nothing-. It also installs a SolarDesigner-patched kernel, 
which fixes about 2/3 of all application buffer overflows - yes, even 
ones which haven't been detected."

and

"I understand that they virtually all can.  I know about the other things
it does too -- my point is still that the default installs of most Linux
distributions are less secure than Windows.  OpenWall doesn't change
that."

I'm a Linux rookie, but it is disconcerting how a newbie, like myself can
say, "hey, let's check out Linux", so we go and grab a magazine cover CD, or
Linux pocketbook and do a default install of Mandrake, or Red Hat. Suddenly,
we have an operating system that we have never used before, running with
ftp, http, telnet and other remote log-on style services. To compound
things, some newcomers I've come across find this root and normal user
concept a little strange and inconvenient after windows, so they run
everything as root, with a no-brainer password.

I think that Christian has a point. A basic, default windows install can't
actually do very much on the network and remote access side of things, apart
from drop it's dacks and bend over for a Melissa or AnnaK style email virus.
A default Linux install may in fact have a substantial amount of remote
access type services running, allowing someone who knows more than the new
user, to have some fun. If someone runs dual boot with other operating
systems, these can be accessed too via Linux, if the install has setup
appropriate mount points, as many of them do.

Don't get me wrong. I've found the flexibility of Linux to be absolutely
mind blowing after windows, and the networking services and options it
offers are brilliant, compared to free or expensive alternatives. In this
flexibility though, there are opportunities that can also be exploited by
others who know more than the end user. A friend of mine installed Mandrake
the other day, selecting workstation and minimal beginner style
installation. Sure enough, after start up, apache, ftp, telnet and other
services were up and running, just waiting for someone to talk to.

My 2 cents worth.

Dennis.



More information about the plug mailing list