[olug] OT: security through antiquity

T. J. Brumfield enderandrew at gmail.com
Wed Nov 5 20:13:41 UTC 2008


It is only security through antiquity if the age of the system
utilized means people aren't familiar with it, and thusly can't
exploit it.

Windows 3.1 is old in terms of technology, but I bet everyone on this
list is familiar with it.  Not to mention Windows 3.1 doesn't even
understand the concept of security levels, policies, etc.

Plan9 or BeOS might qualify, or any really old Mainframe system, but
not Windows 3.1

-- T. J.

On Wed, Nov 5, 2008 at 2:09 PM, Obi-Wan <obiwan at jedi.com> wrote:
>> Does a patched and
>> happy older distro that offers all the functionality you need... offer
>> better security ?
>
> Only as long as people are still checking it for newly-discovered
> security holes.  Once a product has been EOL'd, you're reduced to
> either monitoring all the security notices and checking your old
> code yourself, or just crossing your fingers and hoping that you
> don't get bitten by anything.
>
> Note my recent post about the 'ed' arbitrary execution bug.  I'd bet
> money that the same bug has existed in 'ed' for a decade (or longer),
> but do you think that 10-year-old OS's which suffer from it are going
> to be fixed?
>
>> I've been mildly interested in the possibility for a while... if you run
>> older software that has all the holes fixed.... do you gain security by not
>> running newer untested stuffs ?
>
> Yes, of course, until people stop checking to verify that all the
> holes are fixed.
>
>> I guess the similar argument would be two
>> exactly identical bits of code -- one has been reviewed and audited a dozen
>> times -- is the reviewed code more secure than the unreviewed code ?
>
> Well, if they're exactly identical bits of code, then obviously
> neither is any more secure than the other.
>
> --
> Ben "Obi-Wan" Hollingsworth                             obiwan at jedi.com
>   The stuff of earth competes for the allegiance I owe only to the
>     Giver of all good things, so if I stand, let me stand on the
>       promise that You will pull me through.  -- Rich Mullins
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>



-- 
"In the beginning the Universe was created. This has made a lot of
people very angry and been widely regarded as a bad move."
--Douglas Adams
"Nihilism makes me smile."
--Christopher Quick



More information about the OLUG mailing list