It seems a great case of dramatic irony that even while rapid supporters of Linux denounce “The Great Satan” of FUDing their way into their superior market share (all the while engaging in the same FUD they claim to be inappropriate) even the darling of the Linux world, Ubuntu, likes to throw in a few tablespoons of FUD when stirring their Open Sauce.
Consider the a few excepts from the Ubuntu press release.
Linux is inherently more secure than other operating systems. As a result, Ubuntu offers you a robust and secure desktop or server operating environment.
You’re right, that was the entire Secure section of their spiel. At least when actual vendors put out press releases claiming they are secure they have the decency to link to analyses that support their claim. But, even more amusing is the fact that you have to trust a bunch of amateur’s to know what they are doing when they repackage security software. Take for instance Ubuntu Security Notice USN-612-2 which relates the famous story of how an incompetent Debian maintainer caused the primary remote login method supported by Debian (and by extension Ubuntu) to generate login keys in a predictable manner. The real kicker here is that it is a bug introduced in Ubuntu by a third party. Oops.
The other favorite
Ubuntu is an open source operating system. Which means you aren’t tied in to costly licensing fees associated with proprietary operating systems.
How much money does it cost to work around the failings in Ubuntu, such as inability to connect to secure wireless connections. Notice how the bug is first triaged as low importance and then disregarded because the reporter didn’t want to run a pre-production version of an operating system. There are tons of similar bug reports out there. Including others with more specific triggers like 8021x auth. Does not being able to use your wireless at your place of employment count as a cost? Again, the Linux community disregards the fact there are costs associated with everything that aren’t necessarily monetary.
Originally noticed by Anonymous @ JANUARY 9, 2010 1:56 PM of The Linux Hater’s Blog
Comments
I like when they say “inherently secure”. That’s supposed to mean “by design”, but really what it boils down to is security through obscurity.
Only “masturbating monkeys” can produce softwae that is secure “by design” (OpenBSD anyone?).
also keep in mind that whatever security offered by UNIX-like design disappears when you do away with root, and someone need only gain access to your user account anyway…
I particularly like the magic of ssh-vulnkey:
“To check all keys on your system:
$ sudo ssh-vulnkey -a“To check a key in a non-standard location:
$ ssh-vulnkey /path/to/key”So, not only are you screwed. Not only are you dependent upon some nitwit CLI tool ('No worries, guv. I’ll just check the source code first.’).
You also have to know where to look for every single damn OpenSSH key in a “non-standard” location.
I’m fine with that. I’ll be sure to recognise them because they are “weak” and they are “puny” and … WAIT A MINUTE!
I think I’ll replace the whole stupid mess with a proper operating system.
Yep, Linux is pretty damn secure: http://www.vupen.com/english/linux-advisories/1
You may not have to pay for Ubuntu, sans the cost of electricity to download it and perhaps bandwidth and blank CD/DVD-Rs, but if there were ever a cast-iron example of “you get what you pay for”, this is it. Of course, they don’t mention how you won’t be able to run Windows apps anymore, except maybe in a half-broken state in Wine, or how any exotic hardware likely won’t be detected, or how sleep doesn’t work properly half the time, or how upgrading your system will probably result in breakage. But hey, at least it’s not “m$”!
You must be signed in to leave comments.