Re: Da li je sigurniji Windows ili Linux Server?Citat:
nkrgovic: Mogli bi smo kad bi taj spisak gresaka podrazumevao isti tip problema. A ne podrazumeva. Spisak Windows problema sadrzi samo "remote security exploits".
Odakle ti to, pa lijepo su ti ispod tih dijagrama navedene tablice u kojima se nalaze ranjivosti označene i sa "low" i "medium". Prikazani su grafovi normirani na WVI.
Citat:
Spisak RH problema sadrzi spisak svih gresaka za ceo RH, koji ne ukljucuje samo desktop vec i serverske programe koji su uz taj desktop dosli, a koji su po pravilu ugaseni. Konkretno, ovde se na primer, racuna i propust u apache web serveru koji se na desktopu ne vrti, zato jer uz taj RH ti eto dobijas i apache.
http://blogs.technet.com/security/archive/2006/07/14/441877.aspx
Citat:
My first consideration is what is defined as a server or workstation product by the vendor. I don't define that, nor do the customers making purchases, it is defined by the respective vendors. There are business reasons for doing so. Red Hat could, for example, ship a Red Hat Enterprise Linux server product without OpenOffice, media player, etc. They choose to do it this way because there is some business advantage - one possibility here is that they can assert that you get more value, features and applications for their subscription price. It is a similar case for Microsoft, who includes full Active Directory with Windows Server as opposed to Red Hat, who licenses their enterprise directory separately.
So, my first perspective is that the vendors have to take the bad with the good. If they market an Enterprise product including a bunch of apps, then they have to also take the heat if those apps have vulnerabilities.
So, my first perspective is that the vendors have to take the bad with the good. If they market an Enterprise product including a bunch of apps, then they have to also take the heat if those apps have vulnerabilities.
Citat:
Drugo, ovde se u desktop propuste racunaju i ono sto na *nix spravama zovemo lokalni root exploit, tj. mogucnost stecanja administratorskih privileegija kad si jednom ulogovan na masinu. Na windowsu se ovo takodje ne racuna ... (pitam se zasto ;> ).
Opet te pitam: odakle ti to da se ne računaju propusti za eleviranje privilegija? Ne odnosi se privilege escalation samo na stjecanje NT_AUTHORITY\SYSTEM privilegija, već i na npr. izuzeće iz restricted zone u browseru.
BTW, lik je napravio i analizu i za serverske edicije. Pogodite tko je šupljiviji.... :D
