Jump to content

Is Mandrake really more secure than Lindows/MS-Windows ?


Guest ndeb
 Share

Recommended Posts

You have highlighted an ongoing problem where getting the distro out the door takes precedence over bug-fixing. Mandrakesoft has never cleared out all of the bugs and does so by minimizing them to insignificance. Nothing short of an email to the new CEO will change the habits of some employees. They continue to flog things like supermount instead of making an autofs configurator is one example. Peronally, I would like to take Duval and duct tape him to the Eiffel Tower with a sing reading "Failed Executive".

 

Was it really Red Green who turned us on to the magic of duct tape?

 

Counterspy

Link to comment
Share on other sites

I fully agree. And the excuse is always "we are working on the next release ....". If this is the way these people work then there is little hope of survival. As for supermount, I have already reported bugs with their latest versions (mandrake-9.1rc2). It appears that many of these employees are probably disgruntled and don't want to do their job well even when hundreds of users are ready to help them out. I reported 20+ bugs in mdk-9.1rc1 and most of them were not fixed in mdk-9.1rc2 either. I can bet that even a 9.1rc5 will have tons of bugs.

 

Also, the issue of security updates raises an important question: how many updates actually fix the bugs they claim to fix? Nothing is worse than a false sense of security.

Link to comment
Share on other sites

NOTHING is secure, until you make it that way. Look at the security issues WinXP had to address with the first service pack.

 

If I share all my folders and disable my firewall, no matter what system I am using, I am screwed. The question itself is silly.

 

"Are Toyotas more secure then Nissans?" Well, depends on whether or not you are wearing a seatbelt, doesn't it

Link to comment
Share on other sites

I don't know about security, and am not a Linux expert. But having tried two versions of Linux, I see Mandrake as a more cutting edge distro but at the same time a buggier less refined product than RedHat. RedHat seems to be a more conservative distro but where things work better out of the box.

 

I have installed both distro's in at least 3 machines... and never had an issue with RH. Mandrake on the other hand gave me a broken spellchecker in 2 out of three installs. 1 in 3 had no fonts in the taskbar and menu's of OpenOffice. I use the same CD's for all three installs. While these do not relate to security, I think a buggier product has a bigger chance that it is less secure.

Link to comment
Share on other sites

is this applied in 9.1?
Valid question. I think yes because I downloaded the cooker rpm usermode-consoleonly-1.63-5mdk.i586.rpm and ran
rpm -qlp usermode-consoleonly-1.63-5mdk.i586.rpm

and got these pam files:

/etc/pam.d/halt

/etc/pam.d/poweroff

/etc/pam.d/reboot

/etc/pam.d/simple_root_authen

 

Note that /etc/pam.d/shutdown has been removed.

Link to comment
Share on other sites

ndeb and others, I just read your remark about the security issue here....

And actually, I quite disagree.

 

I'm sorry, but I fail to see the problem with this 'you can get root access by doing ... on the machine locally'

Anyone into security knows that physical access to a machine means they can get into the system and get to the data.

If need be by unscrewing the harddisk and plugging it into another system...

 

Real security means you physically lock the systems away.

 

Just boot your average system with a knoppix cd, and type sudo.

 

Or put in the mandrake cd and go through the install process (update, so you don't have to know the partitioning etc, without installing anything extra), and set another root password.

 

Or, in any company where they know what they're doing, try to walk into the serverroom with a couple of floppy disks and some cd's, and see if they let you get to their systems.

There are companies that secure their server rooms with touch sensitive floors, motion detectors and the like. You walk in there, somewhere lights start blinking, people check what's on the camera's and you can start waving to them.

 

A system should be secure from remote exploits, local exploits are in most cases acceptable for home users since they also have the rootpassword, since basically they are their own admin.

Local exploits in the sense of: when you're at that pc, not: by running this code...

 

You can say: but I can encrypt my hd etcetc. Ok, but what if your system gets hosed for some reason? And you can't get to your data anymore?

A secure system is one that no one can physically get to and that is protected against all remote exploits and intrusions etc... (so maybe, just not connected to anything..)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...