[Novalug] linux update security?

[Mark Smith]

On Mon, Jan 14, 2008 at 06:43:23AM -0500, Anthony Soucek wrote:
> Okay, I come from the world of windows, but here's me asking how linux
> can be so secure?  It almost appears that it is is considered more
> secure only due to the fact that hackers dont want to bother with the
> 5% of computers in the world running linux

a correction... much of the consumer market is windows.  most of
the internet is linux, sun, bsd, etc.  to be fair, that's my guess,
but i think it's a pretty good one.

> I heard
> that someone recently put a backdoor in the source for squirrel mail
> at least at the redistribution level.

what's interesting about this is that you know about it.  how many
windows distributions have non-ms backdoors in them?  good luck
finding out.  you can be guaranteed that ms is working with the
government to escrow back door locks.

> but I have also heard that two different files can produce
> the same hash result, so a hacker can tweak run the md5 hash until
> they find a variant that produces the same md5, even though the
> content is different.

no.

> Also, What about firewalls?  I know that mostly
> services are off unless you turn them on in linux, but I am not so
> sure that is as true for non technical user distros like Ubuntu?  I
> know you can manually create a firewall with IP chains or something,
> but if your running Ubuntu or Linspire,  that is probably beyond the
> average users skill level.  And when you run updates, if you get them
> from the community and not the distro vendor, You will be prompted in
> Ubuntu that this update may not be safe because it's from an
> unauthorized source, so theortetically, a bad guy could write some
> small program, and then put out an update that changes it into
> malware.

at worst this is no better than windows, but it's probably
a whole lot better.

-- 
Mark Smith
mark at winksmith.com
mark at tux.org