[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Richard Brown wrote: > > 1. The registry - it seems to me that a central storage of your > computers info is asking for trouble. It is like a magnet to some > cracker. Coupled with the need to reboot to update your registry. Nothing wrong with a central store if it is implemented correctly, and correctly secured. The Microsoft registry includes security restrictions to restrict access. Indeed there is a case for saying that it makes systems more manageable. Although that doesn't have to be a central store, just a single API for getting and saving settings (even if they are stored all over the place). The problems with the registry relate to how it is implemented, not the concept, as I discovered the day one of our Windows servers ran out of disk space at the wrong point whilst doing a Microsoft update, and didn't have enough to do the appropriate registry changes, one reinstall later all was well again. It also tends to bloat (which might be a fault of the applications rather than the registry itself, although perhaps the API should protect against it or monitor it better). Most GNU/Linux and Unix distros effectively have a registry, it is called "/etc", it reuses the existing filesystem, and security permissions, which is both good and bad. But the downside is no single interface tells you what settings are what, but a whole selection of APIs and in some cases parsing diverse text files. One could readily envision standardisation of the Unix/Linux config files via say XML, or some other simpler format (YAML), which would allow a simple API to be stuck on top. Some people have even proposed such things. > 2. Ports - my understanding is that Windows ships with ports wide > open, Macs, Linux, close them down. > > Are the above correct please? Any other thoughts please? Linux is a kernel, ports left open would be a distro thing. Different GNU/Linux distros ship with different configurations. For example some distros ship with the CUPS daemon listening for sharing printers, some ship (like Debian) with it listening only on 127.0.0.1 (which is a pain if you don't know about it and try to share printers). Some distros have no "root login", some shipped with the users logged in as root by default (yuk). Microsoft now ship end user Windows with the firewall enabled by default, and in many ways it is a far more user friendly one than most GNU/Linux distros default firewall (if they have one), Xandros being a notable exception, the Redhat firewall stuff is not bad for servers. Security is a process, it is not just shutting ports. I've seen GNU/Linux boxes with what was historically very dodgy Unix services exposed to the Internet stand up for years, because the code implementing that was "good enough" (better than the original Unix implementations), and the kernel has other protections against simple buffer overflows, that made worm writing more challenging. And then there is the lack of monoculture..... -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html