[ubuntu-uk] Phishing and linux

Tony Arnold tony.arnold at manchester.ac.uk
Wed Oct 3 13:27:24 BST 2007


On Wed, 2007-10-03 at 11:45 +0100, Chris Rowson wrote:
> > My guess would be: Lots more Linux servers than Windows ones, probably
> > lots that don't have system security patches applied[0] and lots and
> > lots and lots and lots and lots of PHP code running on them which is
> > even less likely to be getting security love :/
> >
> > [0] MS are getting very good at annoying people into installing updates.
> > Most Linux server installs don't even try to make you install updates.
> >
> Don't forget.
> Linux is free. Anyone can get a copy of Linux and put a web server up
> on the internet, it doesn't cost anything so anyone can have a go.
> Windows servers cost a lot of money. On the whole, the only people
> putting Windows servers up on the internet are people (who to some
> extent) work in IT and are supposed to know what they're doing.
> Wouldn't that create some difference in how well the servers are
> looked after.....

It might do, but I think the argument works both ways. I once heard a
security person say that the problem with Windows Server was that it was
so easy to install, a monkey could do it and unfortunately, thousands of
monkeys did! (He was talking about Windows 2000). BTW, it was Fred
Beaumert from Microsoft who said it. If you get the chance he is worth
listening too!

On the other hand, installing a WEB server on Linux requires a certain
amount of knowledge/nowse! It's certainly not plug and play!

Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold

More information about the ubuntu-uk mailing list