Uptime Bragging rights :)

[drag]

doh

 

[spyordie007]

Originally posted by: drag
BTW just when it comes to us "amateurs" dogging on window's security ability. Just don't forget that it took 6 years of active use for hackers find a single known exploitable flaw in OpenBSD's stable releases and XP was hacked even before it was ever released, but then again we all know that closed source developement is inherintly more secure than opensource.

Was it XPs Kernel that was "hacked" or was some of it the many thousands of OS "add ons"? The OS itself is secure, it's just all the additional stuff they throw on top of it that has the real problems *cough*IE*cough*.

The only real inherintly insecure thing about Windows XP that I can think of off the top of my head is raw sockets.

I would like to think that with longhorn they have an install similar to Redhat or Mandrake where you select what you will be doing with the OS and it will leave out packages that you dont need (perhaps as part of this newest security inititive), but of course I'm not quite that gullible.

-Spy

EDIT: forgot to mention raw sockets

 

[n0cmonkey]

Originally posted by: spyordie007

Originally posted by: drag
BTW just when it comes to us "amateurs" dogging on window's security ability. Just don't forget that it took 6 years of active use for hackers find a single known exploitable flaw in OpenBSD's stable releases and XP was hacked even before it was ever released, but then again we all know that closed source developement is inherintly more secure than opensource.

Was it XPs Kernel that was "hacked" or was some of it the many thousands of OS "add ons"? The OS itself is secure, it's just all the additional stuff they throw on top of it that has the real problems *cough*IE*cough*.

A kernel is not an OS. According to Microsoft, IE *is* part of the OS, not just an addon.

The only real inherintly insecure thing about Windows XP that I can think of off the top of my head is raw sockets.

What is fundamentally insecure about raw sockets? Should I be patching my Unix system against this?

 

[spyordie007]

What is fundamentally insecure about raw sockets? Should I be patching my Unix system against this?

no of course not, I'm refuring to Windows XP Home. Under Windows XP Home all users have admin rights, all admins have access to raw sockets.

in unix you dont allow your users to have direct access to raw sockets for obvious reasons.

-Spy

 

[n0cmonkey]

Originally posted by: spyordie007

What is fundamentally insecure about raw sockets? Should I be patching my Unix system against this?

no of course not, I'm refuring to Windows XP Home. Under Windows XP Home all users have admin rights, all admins have access to raw sockets.

in unix you dont allow your users to have direct access to raw sockets for obvious reasons.

-Spy

But that does not make raw sockets insecure. I think it more makes the OS insecurererrerrerer... I see your point now though 🙂

 

[Nothinman]

Was it XPs Kernel that was "hacked" or was some of it the many thousands of OS "add ons"? The OS itself is secure, it's just all the additional stuff they throw on top of it that has the real problems *cough*IE*cough*.

A service installed and enabled by default was the problem, which is just as bad as if it was the kernel.

The only real inherintly insecure thing about Windows XP that I can think of off the top of my head is raw sockets.

Raw sockets are not insecure, unix has had them for years and is just another case of Windows playing catchup.

 

[Armitage]

Originally posted by: ugh
My company has a very strange policy in maintaining their production servers. They reboot ALL the servers once a week. These are all Sun servers we're talking about. Apparently this is "good policy"... Umm... 😕

Prophylactic reboots for Suns??
I've known several organizations with a similar policy Windows boxes, but it sure seems stupid for Suns.

In any case, I built a beowulf cluster at a previous job. Started out with 12 nodes and a server running RedHat 6.2.
At the end of 9 months, 9 of the boxes had never been rebooted since the initial powerup.
Of the 3 that were replaced, 2 were hardware (1 bad drive, 1 bad nic), and the 3rd was brought down to image another 4 nodes (and the replacement for the failed drive) at about 6 months. Everything was fully loaded pretty much 24/7 for that entire period.

 

[spyordie007]

Originally posted by: n0cmonkey

Originally posted by: spyordie007

What is fundamentally insecure about raw sockets? Should I be patching my Unix system against this?

no of course not, I'm refuring to Windows XP Home. Under Windows XP Home all users have admin rights, all admins have access to raw sockets.

in unix you dont allow your users to have direct access to raw sockets for obvious reasons.

-Spy

But that does not make raw sockets insecure. I think it more makes the OS insecurererrerrerer... I see your point now though 🙂

This really just applies to XP home anyways...

on a psudo side note could you imagine apple releasing a version of OS X where all users were root equivilant? :frown: (okay I do realize that Root on a unix box and admin on a windows box are very differant things, but still)

-Spy

 

[Sunner]

Originally posted by: spyordie007

Originally posted by: Sunner
I have to say, in my experience Windows isn't too good at handling long term heavy workstation use.

My box at work(I have a Windows box so I can use Outlook, FW-1 mgmt tools, and some other stuff) runs fine for a while, but I do have to reboot it once in a while(we're talking weeks of uptime though, so no disaster).

This ain't no biggie, it's stable enough for me, but still, I should never HAVE to reboot my computer unless I feel like it for some reason.

How do you know that's a fault of windows and not a 3rd party driver and/or software?

Dont forget the real reason that we all restart for, hardware changes 😎

-Spy

Well, if the video driver crapped out the box would likely just BSOD on me, in my case it simply slowly goes down on it's knees, and in the end becomes almost unusable.
But like I said, this after like 50 days of heavy use, so it's no biggie.

But if that's the case, I guess all the *NIX os's I've used on x86 simply have better drivers than Windows does.
Fair enough 🙂

 

[ultimatebob]

Originally posted by: drag
It all comes down to the bane of windows operating systems: memory leaks. I beleive that is the major reason that the average windows server or desktop is not able to keep up with Unices and Netware OS. The inflexability if specifized configurations and lack of control are also factors.

Why have the software installed for file and print sharing, a gui and a webbrowser, etc etc, when all you are doing is providing a dns and ftp service or a specialized database server? I know unused stuff doesn't have a effect, but they are still a potential source of confict. What if you do a quick look-up on some odd problem on the internet and a weird java app slowly begins a runaway in the background? come back 2 days later and whala no more memory left. what is the instictive thing for a windows user to do? reboot... What is the instictive thing for a unix user to do? find the offending proccess and kill it.

Not that that means a whole lot. 5 min downtime to reboot vs 10 extra minutes of degragaded performance, but hey. It will defenatly effect uptime.

Thats enough for windows people to say that it is easy POSSIBLE to run w2k for months with no reboot.

And why it is NORMAL for unix people to expect months of reliable uptime.

And as for Netware... Netware is just a specialized peice of rock-solid software. (however i do find it ironic that you need a dos partition to start it up, though hehe)

It's not just possible to get a few months of uptime with Windows 2000 Server, it's actually quite easy. All you need to do is to avoid using buggy software.

Edit: Oh, and DON'T use IIS as a web server.

Although I have recently had to install a bunch of patches on my Windows servers at work, I did have half a dozen Windows 2000 boxes that were approaching 180 days of uptime before I had to reboot them early this year. They actually had better uptime than most of my AIX servers, which needed to be rebooted after the installation of an OS maintience level.

 

[ugh]

Originally posted by: ergeorge
Prophylactic reboots for Suns??
I've known several organizations with a similar policy Windows boxes, but it sure seems stupid for Suns.

The OS stability is fine, but it just comes down to the applications running in them. Mem leak as usual...

In any case, I built a beowulf cluster at a previous job. Started out with 12 nodes and a server running RedHat 6.2.
At the end of 9 months, 9 of the boxes had never been rebooted since the initial powerup.
Of the 3 that were replaced, 2 were hardware (1 bad drive, 1 bad nic), and the 3rd was brought down to image another 4 nodes (and the replacement for the failed drive) at about 6 months. Everything was fully loaded pretty much 24/7 for that entire period.

Guess they don't make hardware like how they used to eh? 🙁