Personally I have found that OpenBSD is functional and supports most of my hardware better than Linux. “So, if you’re looking for a secure OS that is also functional (good hardware support), you’re better of with Debian or FreeBSD.” “That’s pretty wortheless if you host a buggy PHP website on it or badly configure your mailserver so it becomes a spamhost.”Ī seatbelt wont help if you drive your car off a 500 feet cliff, ergo seatbelts are useless? What else would it mean? It’s not like they can guarantee that you wont screw things up on your own. “From OpenBSD’s point of view, it means: no buffer overflow, no hackable software, etc.
Seriously, how can you argue that this is not a good strategy? Start with a secure base and *add* stuff that you need. It does mean you’re not vulnerable after installation and that you don’t have to spend countless of hours securing it. The two things are in no way mutually exclusive. But if I had to chose between “a secure OS and a good administrator” and “a really really secure OS and a bad administrator”, I definitly will chose the first one.Īgain, you don’t have to chose. And what exactly does a DMZ or IDS have to do with the relative merits of an OS that is designed to be secure? Your argument seems to be “a secure OS isn’t really better than an unsecured one because of a multitude of things like DMZs and firewalls and whatever that have nothing at all to do with the Operating System’s design”.Ī secure OS is nice. There is no need to chose one and not the other. The fact is you are MUCH better of having BOTH. In case of a buggy PHP website, you are better off with a well designed DMZ and an IDS. Can I possibly be more forthright? Preventing more structural damage is the fricken’ POINT of chrooting something… If your website gets defaced or personal data from the users of that website are compromised, do you think a chrooted webserver will prevent any more structual damage? Use what makes sense to you, but all the reasons you have brought up are bogus. Not as good as OpenBSD, but they do have performance/software/etc advantages for certain uses and depending on your needs either may be a better choice. Your right, their security records are pretty good too. But it just might save you from some obscure buffer-overflow someone discovers in bind or sendmail or whatever that allows someone to root your box.Īnd don’t take me the wrong way, I’m not at all picking on Debian or FreeBSD. No, OpenBSD wont save you from stupidity, no one is claiming that it will. And then you go on and make absolutely no point at all… If you host a buggy PHP website or a badly configured mailserver on ANYTHING you have a pretty major problem.
#DISCLABEL SOFTWARE SOFTWARE#
No buffer overflows and no hackable software are laudable goals, saying that things like this are worthless is extremely ignorant. That’s pretty wortheless if you host a buggy PHP website on it or badly configure your mailserver so it becomes a spamhost. …From OpenBSD’s point of view, it means: no buffer overflow, no hackable software, etc. Luckily, OpenBSD is usually used by people who know what they’re doing, so they know what they can take the responsibility for.
Home users do not care anyway, but surely OpenBSD would not be their choice either. Once you start installing applications, it will be necessary to practice due care and get the necessary service/apps secured.”
#DISCLABEL SOFTWARE INSTALL#
Just don’t think that once you install the core OS and install the applications that you are secure. “That being said, OpenBSD is great, and has it’s uses. This is one important aspect regarding security. Most of them feature the loss of the difference between system user and system administrator which does not exist at the home user’s site in fact.īecause OpenBSD is an OS only distribution (in opposite to most Linusi or DesktopBSD / PC-BSD), it does not contain software the OS developers do not have any control over.
#DISCLABEL SOFTWARE PASSWORD#
There are other security aspects such as automated login, asterisks displayed in the password input field, not needing root passwords to install systemwide software – marginal aspects, I agree, but step by step security barriers get overridden by comfortability considerations. Because users could need certain services, these serveices have to be enabled by default so the user does not get bothered. This is a tendency that other UNIXes and Linux have to deal with today. It is necessary to make the system less secure to make it usable.” “I think one of the things to make sure to take into account is the concept that once I install OpenBSD and start making changes to the OS to make it ‘usable’, I am losing the various security aspects that are enabled by default.
0 kommentar(er)
