LinuxCrusader 0 Posted January 15, 2005 The battle continues where many people argue that Linux is just as vulnerable as windows. Some argue that open source software is more vulnerable to attacks than proprietary software and some argue just the opposite. Suppose linux was to be the main stream OS, would we be having the same kinds of issues that the Windows has? Here is a recent article that discusses the top ten vulnerabilties for both Windows and Linux: http://www.sans.org/top20/ Please post your opinions. Share this post Link to post
Dapper Dan 0 Posted January 15, 2005 I'll be honest with you, I didn't read it all because it was quite a lot of reading, however I'd like to comment on something you said: Quote: Some argue that open source software is more vulnerable to attacks than proprietary software and some argue just the opposite. One of the "vulnerabilities” Steve and Bill and their cronies insist is a flaw in Unix operating systems is that it is open source, and since everyone has access to it, it can be undermined and hacked. This is simply a spin on the real truth. To paraphrase something I read on the Net on this subject, "just because you have a map of the layout of the security of Fort Knox doesn't mean you will be able to easily breach its security." I don't believe for a minute that Windows is targeted more just because it is the predominant operating system. In a straight up, side-by-side comparison, I can't see that Linux is inherently as insecure as Microsoft. Share this post Link to post
clutch 1 Posted January 15, 2005 I guess I have a different view on this. I am an engineer in a really, really large federal environment (approx 500K users in the US alone) and we have everything out there. One of my jobs is to handle configuration management of domain controllers, which includes patching and security policies. Another part of my job is cross-platform interoperability. Now, this provides for a really interesting point of view. When we went to Windows Server 2003 out of the box, it broke almost everything for Linux and Mac systems connecting to them. This was because of a few select security settings that were enabled (SMB Service Signing being the primary one). When we actually started cranking up the security settings, we found that SAMBA could no longer be used for the Apples (I recommended ADmitMac, it's pretty cool) or the Linux systems. In addition, most of the patches for Windows Server 2003 (which are much fewer than the previous generations of Windows) don't require reboots, and when using our stronger templates and default (limited) services being installed the box was indeed rather secure. So, I would say that Windows is moving along nicely, especially with the firewall introduction to XP and coming up in SP1 for Windows Server 2003. Now for Linux. I am a big fan of Linux, and have used it for almost 6 years. In the first couple of years, I didn't find that many patches when compared to Windows at that time. Of course, there weren't that many applications or use for it as a desktop either. As time has passed, and more things are added to it, there have been many more updates needed. All you need to do is keep an eye on this site's homepage to see all of the security updates being released. Many of these updates, however, are for applications and services that have been around for a while. With the increase in popularity of Linux, it has attracted much more attention; the attention of the wrong people. Couple this with bad design decisions (like that of Lindows to have users running around as root, I don't know if that has been remedied) and you can paint a big target on your back. In my environment, it's easier to see patterns in exploits for applications and services. In my world, the more popular something is, the more likely it is to be exploited. If this wasn't the case, then Novell would have to be considered virtually perfect since I can't recall the last security advisory released for it. Is that the case? Probably not. Why attack something that nobody uses? As for security of an application when it's open source, it is fundamentally more secure, but isn't in reality. It *should* be more secure since any user could completely evaluate the code and change it as needed to correct imperfections. After this, the change could be submitted back to the project maintainers and updated for everyone. Having said that, how many people (including yourself) do you know that scour through the source such as this? You will wind up with the same team of people working on the application as usual, along with some others. This is much like what a large software company team would do. So, we have a software team in the closed source company, and a software team for the open source project. It is conceivable that an attacker could either: 1. Read all the code and look for exploits, then mount a large-scale attack to take everyone by surprise or select a specific target for any reason. 2. Alter the source code and then pass of the source and/or compiled binary as legitimate code and "infect" unknowing users (I believe this happened with OpenSSH a long time ago). MD5 usage could possibly negate this (unless the presented MD5 sum was altered as well) but most people don't mess with it. In summary, both have their faults, and neither is perfect. But don't doubt for a minute that popularity among users equates to popularity among hackers. People don't invest that kind of time into something without expecting a result. More targets = more incentive. Share this post Link to post
LinuxCrusader 0 Posted January 15, 2005 I share the same experience with you Clutch. At my work, we also have windows 2003 server and during the first weeks when we upgraded and mess with Win2003 I had the same thought as you did that this OS seemed to be secured and windows seemed to have done their homework nicely. I was quite impressed I must say, but I also like what Dapper Dan said Quote: just because you have a map of the layout of the security of Fort Knox doesn't mean you will be able to easily breach its security . I'm a big fan of Linux just as you guys are and for some reason somehow I think that Linux has so much more potential. Time will tell I guess and I think what's stopping Linux from taking over is the defragmentation of the different distros, the concept that it is not so user friendly or Pnp as someone metioned here, and simply that it is just a different beast for the regular windows-psychologically-conditioned users. Personally I like the different flavors that Linux has to offer. Hopefully as time goes by Linux users will get more noticed and the big gaming, software, hardware, and etc. corporations will also include Linux as one of their main elements needed to develop their own products. Share this post Link to post
clutch 1 Posted January 16, 2005 Yes, it would seem that the vast selection is also what's hurting it at times. It is already an awesome utility, appliance, and administration OS. Now, if we could get some real power behind the major desktop applications... Share this post Link to post
martouf 0 Posted January 18, 2005 the issue of relative vulnerability is interesting for reasons both personal and corporate. No one has mentioned SELinux technology in this thread. No one has mentioned data collected from a honeyfarm. Have a look at this: Quote: IT: Linux Getting Harder To Crack Posted by timothy on Monday January 17, @09:55PM from the pride-goeth-before-a-fall dept. AlanS2002 points out today's article from Iain Thomson on vnu.net, which says that "Linux systems are getting tougher for hackers to crack, security experts have reported today," summarizing "A study conducted by the Honeynet Project has found that it takes about 3 months before a unpatched Linux machine will be owned, compared with about 72 hours in the past. According to a report on the study default installations are now more secure with less services enabled by default, added to this is newer versions of software such as OpenSSH being more secure. Interestingly Solaris 8 and 9 did not fare so well." Read More... Share this post Link to post
clutch 1 Posted January 18, 2005 Originally posted by martouf: Quote: No one has mentioned SELinux technology in this thread. Probably because one could configure just about any OS in one way or another to be secure. This could be done by stripping services, blocking ports, traffic encryption, proper service account usage, etc. I do like how the NSA illustrates in their FAQ the inherent insecurity of the permissions architecture. The ACL-based architecture (along with roles-based permissions) is something that Novell and Windows have had for quite a while now. It's good to see that various distros are providing this as an option. However, until the majority of distros provide this as a default configuration, it should still be considered a specialized item. Most people bash Windows security because of its defaults and not because of how secure it could be (through the use of templates via local or Group Policy, for instance). Quote: No one has mentioned data collected from a honeyfarm. I know that I haven't had a need for one myself, but I don't know about others here. An interesting point of that article is the use of the default installation configuration. This is where Windows used to get nailed, primarily by IIS being installed and then getting pelted by CodeRed traffic that's still out there. Most Linux distributions try to install very little, but many new users go for the "kitchen sink" install, and then not understand why they have 5 text editors, none of which are easy to use. Apple is finding this to be a good learning experience, since they are merging ease of use with BSD and finding that it isn't as secure as they would like. Just because the kernel is famous for being secure, that doesn't mean that all the other stuff you install is inherently secure. Share this post Link to post
danleff 0 Posted January 19, 2005 Just a practical note. Just a few months ago, an e-mail "virus" hijacked the web browsers of 3 family computers, my sister's my Dad's and my mom's system. All three were running Windows XP. After getting my sister's system back to normal, she asked me why my system was not hit. I replied "I'm using Linux." Today, I received a message from Roadrunner that it's firewall detected a virus attached to an incoming e-mail message. The messaged asked me to contact the sender to inform them that their system was sending out an e-mail with a virus attached. The incoming message was labeled as coming from Roadrunner. You know it was a fake e-mail message, as it asked you to click on the attachment to clean your system of a virus that was detected. It was also signed, "cheers, the Rr team." So, you have a valid warning of an e-mail with an infected attachment (that was deleted by the firewall/security of Roadrunner), with a fake message from Rr.com as the sender of the infected e-mail. There are two variables here. Targeting windows users (a large company's OS and it's users) and users of Roadrunner, who are expected to have Windows systems. Virus issues are likely to affect those who are not experienced users and are less likely to pick such things up, or assure that they have proper security software on their systems, or who are not able to repair their systems easily. For this reason, security risks are less for Linux users, because the hackers are targeting large companies and users not likely to take many precautions. Linux developers are making security updates before the attack happens, or as soon as a vulnerability is identified. Microsoft, unfortunately, is in a position where their users are being actively attacked and developing patches and updates once their OS vulnerabilities are exposed. Share this post Link to post
OldSpiceAP 0 Posted January 19, 2005 There is another factor in security other than viruses, worms, etc. A larger problem in my opinon is spyware, and malware. These build up on windows based computeres, slowly slowing them to a crawl. A few good utilities to combat these exist, but there so many. And many of these are dataminers. These little programs get on computers, and send back information, user habits, files, etc.. And most if not every one of them is designed for windows. Thus, the myth "You have to do a reinstall of windows every 6 months to restore performance." The real problem is that the registry gets cluttered, and spyware and malware hijack system resources makeing people think their windows install is hosed. This is a security problem that is not often talked about - or considered a security problem. I find that using firefox on windows greatly eliminates the number of spyware programs that make their way into windows. This just goes to show that good programing can make a windows environment safe. The fact that this simply does not happen on linux shows it is inherently safer to use. Also, unix and linux have more hacking attempts than windows. Consider this, most college campuses use linux or unix servers. What do the computer science and computer engineering students at the college do? Hmmm.... They are constantly trying out the new stuff they learn and teach themselves. Hehe. But the total number of successful hacks on unix and linux is far lower than the successful hacks on windows servers... Some food for thought - chow down! Share this post Link to post
Dapper Dan 0 Posted January 19, 2005 A friend of mine who uses Windows XP Pro recently told me of a very interesting problem he had. He said when he booted the day before his desktop image, icons and toolbar were gone. All he had was a single icon labled, "teeage [censored] photos!" Having no other way to do anything, he clicked on the icon to see what would happened. When he did, his modem network connection utility came up, dialed, got him on line and took him to a site with a warning that he had porography on his computer. The site featured several articles about people who had been prosecuted for child [censored] pictures on their machines, followed by an ad pitch that their software could rid his computer of the offending images asking for his credit card numbers! When he exited his browser, he had his desktop back but in the background was a black screen followed by a big warning about [censored]ography on his computer and a link back to the site. He asked if I could help him. The first thing I did was download Firefox Web browser and Ad-Aware. Ad-Aware found 144 spyware, malware, miningware etc. and I deleted them all and got him set up with Firefox. I went into the desktop manager and tried to re-establish his desktop background image, but the black screen and add would not go away. I traced the image to a file located in C:\Windows called "desktop.html" I commented out the image's name which made it go away but now, all he has is a white screen and you cannot put his desktop image of preference back. What a pile of crap! How invasive can you get! I didn't rub it in or anything, but the whole time I was working on his box I was saying silent "thank you's" that I don't have these problems anymore. Share this post Link to post
clutch 1 Posted January 19, 2005 Strange, I have been a Windows user for the last 10 years, and haven't had these issues. Must be the user. Remember, the average Linux admin is more knowledgeable of his/her OS than the average Windows admin. Also, I used RH 7.3 in college, and the main reasons we did were because: 1. Cheap (read: free) 2. Supported Java, which is what we were learning Also, having the source code freely available to modify, such as the kernel, makes learning development of kernels and compilers much easier. As for security, well let's say that the administrative procedures of the lab weren't that great... Share this post Link to post
LinuxCrusader 0 Posted January 19, 2005 Quote: Strange, I have been a Windows user for the last 10 years, and haven't had these issues. Must be the user. This is what most security professionals will usually say also that it is usually a user mistake that will get your windows boxes infected by viruses, spyware, or malware. I have been a windows user for quite sometime also and never had a problem such as the ones described above but I think probably because we are most of the time very aware of the security risks involved. When I took my first hacking class back in college we experimented in trying to hack different OSs including RH as one of them, and it was always the case that the teams with windows boxes were always the ones who wouldn't take that long to break their boxes. In any case, I think that the ordinary users just love to click left and right whenever they receive anything by email or go anywhere online and if I wasn't computer-educated I probably would just do the same thing. This has just been my experience, so I agree with Dapper Dan and OldSpiceAP that it seems as though M$ have usually been reactive instead of proactive to every case, well until recently, and that's a maybe. Share this post Link to post
clutch 1 Posted January 19, 2005 IE for Server 2003 is quite a bit different, much like its installed configuration. By default, IE will not let you do anything, including download stuff, unless you manually list those sites as "trusted" or remove the IE enhanced security configuration. When deploying Windows clients in a work environment, we use Group Policy to strictly control what the machines can do. You can completely remove ActiveX, along with various zones for IE and varying levels of IE security within each zone. MS is slowly limiting the default configuration out of the box, but it's hard to do when so many people want convenience in place of security. Having said that, I prefer Firefox myself for most web browsing because it's faster and has tabbed navigation. I have been using it since it was Phoenix 0.4 in Linux, and went to it on both platforms with 0.5. I do keep IE around with ActiveX enabled mostly for Virtual Server, as the consoles and management interfaces use ActiveX controls (until I can go to ESX server all around, then this will no longer be an issue). What has been interesting, is that with the introduction of a firewall in XP (actually, there was one already but nobody wanted to use it) many places are implementing Group Policy just to turn it OFF. Rather strange, since everybody complains about the seeming lack of security in XP only to go through more effort to completely disable security features ("my car isn't safe, but let's disable the airbags and ABS in the new one because I don't understand them and they are in my way"). Share this post Link to post
Dapper Dan 0 Posted January 19, 2005 Originally posted by clutch: Quote: Strange, I have been a Windows user for the last 10 years, and haven't had these issues. Must be the user. Actually he's probably an above average user because he told me he was paying for McAaffe, and had his computer setup to download the latest virus definitions and do a scan once a week. He didn't know what spyware was though. The average computer user out there is just not going to be aware of all the things thay need to do, (and pay for) to make their Windows boxes secure enough to be able to sleep at night. Unfortunately, the market takes advantage of these very people. "Got a virus or spyware? We can help for $$$." This is the very reason I considered changing my radio station over to Linux to begin with. Even though I had what I believed were pretty dang good security measures under Windows 98 SE, I still couldn't sleep at night. If we had gotten a virus that locked up our boxes we would be seriously out of commission for a while, even after having backed up everything important. Now that all our boxes run Linux, I can get a good night's sleep again! Share this post Link to post
clutch 1 Posted January 19, 2005 Um, I think it was a legal requirement that anybody who ran Win9x/ME was not allowed to sleep at night. Well, unless the machine was disconnected from the network, and off, and encased in cement. Even then, it's touch-and-go... Share this post Link to post
Dapper Dan 0 Posted January 20, 2005 Originally posted by clutch: Quote: Um, I think it was a legal requirement that anybody who ran Win9x/ME was not allowed to sleep at night. Well, unless the machine was disconnected from the network, and off, and encased in cement. Even then, it's touch-and-go... LOL! Share this post Link to post
martouf 0 Posted January 22, 2005 more food for thought? Business - BusinessWeek Online BusinessWeek Online "Linux Inc." By Steve Hamm full text of the article... ..and the paragraph which caught my eye: Quote: These collaborations are turning Linux into an all-purpose operating system. It's secure enough that Lawrence Livermore National Laboratory loads it not only on desktop and server computers but also on supercomputers it uses to simulate the aging of nuclear materials. "Linux is definitely more secure than Windows," says Mark Seager, the lab's assistant department head for advanced technology. "There aren't as many ways to break the system." With the latest improvements, Linux now works on servers with more than 128 processors and can run the largest databases. The newest versions also have features, such as power management, that make them more suitable for laptop PCs. Share this post Link to post
clutch 1 Posted January 22, 2005 Well, considering the problems that they have had with security in the past (and currently), you'll have to forgive me for not having faith in their opinion on anything. Google it. I work with government agencies, and too much faith gets put into their opinion on what's safe. Share this post Link to post
martouf 0 Posted January 22, 2005 having been a civil servant responsible for NT, VMS, and Unix systems for a science and engineering agency (not a research agency), too much faith is sometimes put in outside consultants. the food for thought is supposed to generate discussion and analysis, not a simple dismissal. assuming for the moment the person quoted is a competent professional working for a competent government agency (in this case: not the Department of Interior), then upon what basis might this person say what is quoted? Departmental configuration guidelines? Required use of SELinux policies? The number of configuration elements and the number of methods needed to adjust the configuration? Share this post Link to post
clutch 1 Posted January 23, 2005 Typically, most security configration items fall under DISA STIGs. These are essentially the "rules of the road" when deploying an OS, service, application, etc into a government environment. However, the GS personnel (configuration items are under final review by government civillians, not contractors and especially not vendors or outside consultants) that came up with some of them have not necessarily implemented them to their fullest extent. For example, when reviewing the DISA guidance set forth for the Windows OS, it is possible to completely break communication between it and practically every other OS out there, including Windows. We have to file waivers to correct various settings just to get them to work. This is not isolated to Windows, as there are waivers for just about every OS out there. As for the dismissal, it seemed more like the quote was put there to show that a government agency feels that Linux is more secure than Windows, therefore it must be. I see things like this all the time at work with comparisons between Windows and Linux, Windows and Apple, Apple and Linux, the usage of Samba vs. ADmitMac, and so on. When you see what happens to all of these things in a day-to-day basis, it almost doesn't matter what the opinion is any more since they can all be secured and they can all be broken. Many groups that are supposed to represent the paramount of security (governments, banks, major online retailers, etc) around the world have had all the various operating systems and applications compromised at one time or another. The question of the thread was "which is more secure?", and the answer is "neither". As I am the only one here that is either willing or able to put forth what Windows can do, that has been my role. I was hoping to see more balanced discussion regarding both operating systems, but the only "food for thought" postings held Linux in high regard, and no so much for Windows. Yes, this is a Linux newsgroup and yes opinions are freely available. But, try not to be put off when one dismisses a quote that: 1. Has no qualifiers asking for discussion, but rather listed as "another vote for Linux" 2. Is from an agency known for security vulnerabilities 3. Is not being presented with alternate perspectives, such as a "pro Windows" quote or article However, to further the discussion along the points asked in your reponse: Departmental configuration guidelines? I didn't see anything listed in the article, but I did mention the use of DISA STIGs (here is one public site for them: http://csrc.nist.gov/pcig/cig.html if you are in a .gov or .mil domain then try http://iase.disa.mil/techguid/index.html) Required use of SELinux policies? I checked the STIG for UNIX with Linux additions, and I didn't see any mention of SELinux, so I doubt there is any requirement for it. Not entirely shocking that one government agency isn't aware of the work of another. The number of configuration elements and the number of methods needed to adjust the configuration? Without a STIG to work with, or any information to be gleened from the article, it would be hard to tell. To me, it just looks like another one of those "it's got to be more secure because it isn't Windows" statements rather than anything of quantitative merit. So there you have it, I believe that both OSs are awesome, but have their drawbacks. What I would like to see are opinions of Windows Server 2003 and/or Windows XP SP2 vs. modern Linux distributions, rather than comparisons of older Windows distributions (such as 9x) in this thread. I'll post this in the www.ntcompatible.com forum and see if that can be arranged. Share this post Link to post
clutch 1 Posted January 23, 2005 Here is the link to NTComp's thread regarding this topic, although I asked them to post their opinions here for ease of reading: http://www.ntcompatible.com/thread.php?id=30811 Remember, if you guys really want to break this topic down, then what about the security of desktop Linux systems (using some form of X server, the chosen desktop environment and affiliated libraries) versus server-style Linux systems using only the console and SSH connectivity? What really makes one more secure than the other? Also, try to compare current versions of operating systems, as using older versions wouldn't be a best practice to begin with in any software deployment. Share this post Link to post
DosFreak 2 Posted January 23, 2005 Is Linux just as vulnerable as Windows? Some problems I've noticed with this question..... 1. Linux is not one OS, just as Windows is not one OS. A better question would be: "Is (insert Linux distro here) just as vulnerable as (insert Windows version here)? 2. What is a vulnerability? Answer: Flaw in OS, The User?, Physical Access to system, processor execution of code, etc. Now, here's what I've seen from my experience in the military. I seperated in Dec, but from my discussion's with my friends this is the current status. Most AF networks nowadays are Windows XP with Windows 2000 servers (a few dedicated NT4 servers) slowly being upgraded to Windows 2003 and of course Unix/Linux distros for certain organizations on base. Usually in AF networks Unix/Linux is relegated to firewall/intrusion detection/External DNS. Really, Who would trust their network with a Microsoft Firewall? The AF doesn't. They use Secure Computing Sidewinder which uses a customized version of BSD. So, right there you see that Microsoft is not as good as Unix/Linux in the firewall department, or intrusion detection or DNS really. Speaking of DNS. We've all used it, we're using it right now. What are most internet sites that host DNS using for their DNS? Are they using Microsoft DNS? Of course not! They're using BIND! Why? Because that's the standard! It works much better than Microsoft's version since MS version is based off of BIND! How about Print servers? Anyone here ever use a Linux printer server and an MS print server? How much trouble does your Linux printer server give you compared to your MS print server? Not much! For some reason from NT4-2003 the print spooler in Windows always seems to mess up, not so with the Linux print spooler. So far we have Linux/Unix beating MS in Firewall, intrusion detection, DNS, print spooler. Basically what we see here is that MS for far too long has focused mainly on the desktop/server market....and basically getting by with the "if it works, don't fix it...just make it prettier department". As for the arguments that Open-source code is easier for coders to get access to and create viruses and that since Windows source is closed that coders have a harder time creating viruses....that's true. But wait a minute! That obviouslly hasn't stopped them! It's not like we need Windows kernel code to create a killer virus. Viruses are released all the time created with simple macro or system commands/API's that are easily run on Windows systems as long as the user as administrator access. The fact that *nix users are commonly taught to not use root whereas your not really told to do so on a Windows system is one more reason why *nix is more secure. Heck, just install Windows XP and by default it'll make you an administrator. Share this post Link to post
clutch 1 Posted January 23, 2005 Interesting response. So... MS not being used in firewalling is a common thing. I mean, why install a host OS, then a firewall application on a server when you could just use some form of appliance like a PIX (we like these, along with Netscreen products as we had issues with Sidewinders). Most AD deployments break DNS into multiple zones, especially when fielding multiple forests. It is common to use MS DNS for the clients in the forest to resolve intra-forest resources, while using a hardened DNS for inter-forest and non-AD assets. Bear in mind that no government agency relies on pure BIND, as it has been one of the most hacked applications in history but rather a BIND hybrid (DNS application that supports BIND behaviors and protocols) called "Protected DNS", and is usually provided by a vendor. It is highly doubtful that you would see a simple BIND installation on a RedHat server hosting sensitive records. Haven't had a need for a non-Windows print spool host (many of our printers are network-aware, so we host the spoolers elsewhere) but that's just us. Well, we do have Lindows/Linspire for the "root user" argument, but this is more an issue of education. I still see noobs logging in as root doing basic stuff, only to get attacked on forums and IRC channels for doing it (and rightly so). However, most Windows users don't think twice about this because this was how they were taught, not that this was "forced" upon them for day-to-day use. Yes, the XP installation will not only grant your initial user account admin rights, but it will also let you logon with no password. Completely stupid. In addition, MS did try to re-train admins in Windows 2000 with "run as", which is similar to "switch user" (su). While Windows still has "Power Users" (think full-time "sudo") many things still don't work right unless you are a full admin when installing them. In fact, you might not even be able to use application after it has been installed because of poor installation design (improperly placed files and reg keys during setup with restricted access only admins can get to). In addition, just running "setup.exe" might launch the installer, only to find out that it's a decompression program that expands the application, and launches the real installer with your normal credentials. This can happen in Linux when trying to install applications and other complicated administrative tasks using sudo, and you wind up going "su -" and running it as a full admin. The point is that MS tried, but nobody is bothering to learn how to make it work. Share this post Link to post
ScinteX 0 Posted January 23, 2005 It also (surely) has to be the case that one of the reasons that Windows appears to be so 'insecure' is purely because it must recieve a lot attention from unwanted sources. What I mean is, 1 (of course not the only) reason is that some people what a big coverage of thier new little virus/hack/malware. The easiest way to do this in the average consumer market is to target Windows. It will be interesting to see what happens as various Linux distros continue to grow. I'm not saying that Linux has similar flaws however surely with more brains trying to break it, the probability of such a similar situation must increase. There's also the arguement that guys running Linux know thier OS better (as mentioned above). True, but what happens when the line is crossed whereby the average person who doesn't know much about Linux starts using it? Maybe initially things will be ok, but there could well be a spiralling out of control moment where every man and his dog is distributing some form of Linux. Of course with Windows, its Microsft behind it. With Linux? Well, there could potentially be an explosion of really bad distros knocking about with money grabbing cowboys behind them. Of course, this isn't a true reflection of Linux since it's great if you do it right. As the popularity of Linux grows, things can only get worse if the quality/configuration etc isn't managed correctly. S Share this post Link to post
clutch 1 Posted January 23, 2005 Indeed. I remember when there was a standards body trying to standardize on a package management system. This was when the Linux community had a perfect time to show that it could (http://slashdot.org/articles/02/02/01/141215.shtml): 1. Come together and stop running down separate paths in an effort to promote usability, and 2. Back a system that promotes good design, rather than a system that has more corporate backing Well, the LSB decided to back RedHat Package Management (RPM) over apt. This is funny, considering that you couldn't even get all of the RPM-based distros to agree on a common installer themselves, much less get all distributions to agree to use RPMs in general. What makes this funny is that people complain that MS has leveraged its popularity to push its standards, and here we are with the advantages of Open Source and seeing the same thing. Of course, I think people of all sorts can agree on the biggest abuse of this type: Apple and the iPod. Controlling the proprietary DRM functionality of the "Open Source" AAC format (at least according to Apple it was Open Source). Ever since this LSB/RPM fiasco I stopped caring about standardizing Linux. Some can, and will, argue that this is what Linux is about; choice. You can choose your distro, you can choose to compile from scratch, and you can choose to ignore a standards body that insists on smoking crack. However, how long do you think not following a standard can run without doing real damage to the movement? Only time will tell. Share this post Link to post