On Tue, 21 Dec 2004 06:22:17 +0000 (GMT), Christopher L. Morrow <christopher.morrow@mci.com> wrote:
there are others of course... it's not the OS that matters in the long run, it's the administration of that OS (or so it seems to me, admittedly not a sysadmin though, anymore). Sure, initial/default installs might be problematic in one/all OS's, but by and large extended lifetimes on a live/hostile network means patches must be applied. Seems like that doesn't happen by and large.
[waiting for an OpenVMS user to speak up] Frankly, from an operational perspective, I guess the only way to go is to trust the inside of your network even less than you trust the outside ... and have processes that quickly isolate and block access from / to compromised hosts till they are fixed. Modulo various "100% efficient" solutions that I see advertised, we do need a reliable, and quick reacting, way to do this. -- Suresh Ramasubramanian (ops.lists@gmail.com)