FreeBSD and User Security
jeffrey at goldmark.org
Thu Jun 12 16:43:48 UTC 2008
On Jun 12, 2008, at 8:19 AM, David Naylor wrote:
> I think this argument is rather mute, just because there are no
> exploiting security vulnerabilities does not been there are not
But it is far from moot if you are interested in the actual threat
against your system. In a sense, using a less popular OS is a form of
"security by obscurity" which is not to be heavily relied on, but
still it does make a real, practical, difference in the case that you
> and a determined cracker would create his own program.
You have not articulated what you are trying to defend against. Do
you anticipate determined crackers going after your particular system
and what resources will such attackers have? We can't talk about a
system being "secure" in general, but the question needs to be framed
in terms of "secure against what".
> That said I hope there are, actually, no vulnerabilities.
That is demanding too much. What you need to hope for is a
combination of "no known unpatched vulnerabilities at the moment" and
more importantly "procedures and practices to keep things that way".
As Bruce Schneier likes to say, "Security is not a product but a
process". The vast majority of actual system compromises involve
failure of system administrators to keep systems patched and follow
good security practices.
One reason that I switched from Linux to FreeBSD is that I find it
much easier to maintain FreeBSD, particularly in terms of security
updates. I have been responsible for Linux machines that did get
rooted because I was having problems keeping them up-to-date for a
variety of reasons.
> [Security through obscurity is just an illusion]
In your post you mentioned concern about spyware. It is not an
illusion that FreeBSD has not been targeted by spyware writers while
Windows has. Even if some of that is the consequence of security by
obscurity, it is no illusion. Of course we need to understand that
those security benefits from obscurity are fragile, but we shouldn't
dismiss it entirely.
Again, what sorts of benefits such things may add (or subtract)
depends on the nature of the attacker.
More information about the freebsd-questions