Don't agree that minimal CentOS / Debian vs. minimal Windows Server has the Linux distributions coming out of it as the winners on security.
-
-
Replying to @CopperheadOS
Minimal & properly configured = no ports bound but sshd, sshd configured for pubkey auth only, no weird sshd options enabled.
1 reply 0 retweets 0 likes -
Replying to @RichFelker
Sure, and the Windows setup being compared against has the same setup. The original topic was end user desktop systems using the defaults.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
I agree mainstream Linux distros are bad in this regard but not necessarily worse, just differently bad.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @CopperheadOS
Windows has loads of UAC-bypass bugs, for example.
1 reply 0 retweets 0 likes -
Replying to @RichFelker
Sure, and if a Linux user account is used for administration via su / sudo, there's no true separation from root. Does it matter though?
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @RichFelker
Windows administrator account with UAC ~= Linux user account with sudo root access or the root password, with administration done from it.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @RichFelker
There's a fairly meaningless security boundary and both really only serve to prevent the user from shooting themselves in the foot.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @RichFelker
Don't really think that matters though. SYSTEM / root aren't needed to get a desktop user's data or for persistent access to the system.
2 replies 0 retweets 0 likes -
Replying to @CopperheadOS
The important difference is the degree to which a compromised system is compromised. SYSTEM/root requires complete wipe, limits forensics.
1 reply 0 retweets 0 likes
User-only compromise can be fixed by "just" removing and re-adding user; data may be recoverable if handled carefully.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.