From owner-freebsd-chat Mon Nov 18 1:58:17 2002 Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7402437B401 for ; Mon, 18 Nov 2002 01:58:16 -0800 (PST) Received: from snipe.mail.pas.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E8F643E6E for ; Mon, 18 Nov 2002 01:58:16 -0800 (PST) (envelope-from tlambert2@mindspring.com) Received: from pool0012.cvx22-bradley.dialup.earthlink.net ([209.179.198.12] helo=mindspring.com) by snipe.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 18DifQ-0003Km-00; Mon, 18 Nov 2002 01:58:08 -0800 Message-ID: <3DD8B845.5E3BC445@mindspring.com> Date: Mon, 18 Nov 2002 01:52:05 -0800 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Anthony Atkielski Cc: FreeBSD Chat Subject: Re: FreeBSD: Server or Desktop OS? References: <20021117160245.U23359-100000@hub.org> <058a01c28e7c$c1af5f60$0a00000a@atkielski.com> <20021117210742.GG17611@over-yonder.net> <05c701c28e95$4c8c9c70$0a00000a@atkielski.com> <3DD8483C.4E4AD6F6@mindspring.com> <06af01c28ee7$189b5da0$0a00000a@atkielski.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Anthony Atkielski wrote: > Terry writes: > > It is soooooooo tempting to write an STT ("Security > > Test Tool") for Windows systems which incorporates > > implementations of all known remote exploits, one > > per subroutine, with payload arguments, and then > > Open Source it, so that people can test their > > Windows systems for security exploits. > > According to CERT, Linux now leads the way in security bugs. You might want > to write your tool for Linux instead. There isn't some Linux geek trying to claim that Linux is "bug free" and/or "less buggy than FreeBSD", simply because RedHat can afford to hire beta testers for end-of-life non-release code versions, compared to FreeBSD, which can't. There's no need to humiliate said Linux advocate by releasing such code, as he does not exist, and is not begging to be humiliated, by posting such tripe on FreeBSD mailing lists. Apparently, Microsoft just spent a lot of money getting a CCSE evaluation, and only achieved a CAPP/EAL4, which basically means that they OS can't be safely hooked to the Internet, without the risk of being compromised by anyone with a "cracker's cookbook". See: http://eros.cs.jhu.edu/~shap/NT-EAL4.html -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message