[oldunion]

Looking over some statistics and linux is right up there with windows as far as commonly broken into machines goes. I looked into this more and im now thinking linux is not so secure at all, as far as usefull standards go. How different is Mandrake 10 from freebsd. the only thing i remember about freebsd is that it was a pain in my butt to install. however, it is highly ranked in security

[TazG]

Where are the statistics?

[tsunam]

Well, mandrake is linux, whereas freebsd is a BSD. THere is a whole lot of difference between them. They come from a similar background but have different goals. The bsd's are highly security minded. As such everything is well tested for issues before they are allowed to be in the installer. OpenBSD and FreeBSD are probably the two to look for.

As with any operating system. Security comes down to the person who is using it.

[Regicide]

Well stated tsunam! I have learned from my experience in Linux that as long as you aren't always root and pay attention to what you are doing, you are pretty secure.

[Whiteskin]

If your talking about MiG's report, I think it's bull. There's no scale to it, no severities, and it's way too broad.

Linux is secure. More secure than windows. Less secure than OpenBSD (But so is everything). Now, that doesn't make you invulnerable. It depends on what you do. If you take the necessary precautions, even a windows machine can be secure (it just so happens that that precaution is taking the machine off any network).

Some things to look at:
Tripwire.org
A good security site, or update system. Redhat, and Debian's are both well done. (I never did figure out how gentoo expects to push out advisories with the GLSAs)
Never ever run as root.
keep a close eye on user accounts
a firewall. Linux's built in one, (iptables) is fine, but use a tool to configure it like guarddog
perhaps an IDS?

[tsunam]

Whiteskin, i think the glsa for gentoo is more about a server type enviroment then it is for the average user. If you think of it that way, then it will make sense. Most users do a sync update ever 2 weeks approximately (longest i've heard someone not server wise go without syncing...after all you have http://funroll-loops.org/(yes, its a parady site so it shows the extreme but also reminds us of the moderate) which sums up a lot of gentoo hobbyist quite well...that we like to be up to date...maybe not use every gcc flag there is but up to date within reason)

On a server, you arn't going to emerge -uD world very often, for the sake of stability. After all on a server that is what comes first. So i think that is why glsa was developed. Gentoo had no way of letting someone know of exploit fixes in packages that are critical to a server (apache, mysql, etc). Glsa is a response to that. Can the average use it yes...but will they get a lot of benefit out of it. Not likely but hey if you never do a uD world you might have a package that needs to be updated to fix a security flaw.

[Squashman]

A default install of BSD is probably the most secure OS out of the box. But most systems are only as secure as you make them. I have a 32 page document that I go thru before I ever put any of my Linux servers live on any network.

If you really want to talk about secure operating systems, look at Netware. How often do you here of someone hacking a netware box. It has more market penetration than Linux. It use to hold 65% market share in the server market until Microsoft forced their desktop monopoly on everyone and made them switch to that crappy NT.

Here is a good article for you to read about security between Linux and Windows.
http://www.theregister.co.uk/securit...dows_vs_linux/
http://www.theregister.co.uk/2004/10...s_vs_linux.pdf

[oldunion]

really good links, clears alot up as far as the windows>linux myths. I know mandrake 10 is fine in a dual boot environment, how would freebsd operate with windows xp in a dual boot. i have a fairly new toshiba laptop with 40 gigs and windows is using all 40 right now.

thanks for all the good information

[oldunion]

netware cant be used as a desktop can it?

[Whiteskin]

Netware isn't really useful as a desktop. FreeBSD will run nicely in a multi-boot environment. If you have the drive space, then why not split it into three, and triple boot? You'll learn alot that way. I've always found that the BSD's have a smaller hardware support base, but what they do support, they have a tendancy to support better.

[oldunion]

a tri-boot, hmmm sounds like something i would easily mess up. But im open to the act. but if freebsd is safer than mandrake, ill take the devil. should i not use partition magic 8?

[Whiteskin]

Use partition magic, or do a reinstall of everything. The best order probably would be to do windows, freebsd, and then linux. Take a look at this howto http://www.tldp.org/HOWTO/Linux+FreeBSD.html

[oldunion]

is it acceptable to keep windows as it is now, then cut off some hd space with pmagic for freebsd-say 10 gigs? I think i have too many files to backup for a reinstall of xp.

[Whiteskin]

It shouldn't pose too much of an issue.