[olug] OT: security through antiquity
Will Langford
unfies at gmail.com
Wed Nov 5 19:24:36 UTC 2008
It's an interesting phrase... and I noted it for the first time in a recent
arstechnica post:
http://arstechnica.com/news.ars/post/20081105-microsoft-puts-windows-3-11-for-workgroups-out-to-pasture.html
While the phrase and 'security' related aspects focus on windows based
stuff... I'm wondering how appropriate it is for unix's. Does a patched and
happy older distro that offers all the functionality you need... offer
better security ? Yeah, old software had old holes.. but... if ya get
patched versions that don't necessarily offer a version bump (ie: new
features, new security problems)... do ya end up better off ?
I've been mildly interested in the possibility for a while... if you run
older software that has all the holes fixed.... do you gain security by not
running newer untested stuffs ? I guess the similar argument would be two
exactly identical bits of code -- one has been reviewed and audited a dozen
times -- is the reviewed code more secure than the unreviewed code ? While
binary identical... etc etc etc. How many scripts/rootkits/etc actively
scan for all known *old* holes vs focusing on newer stuff ?
I suppose ya could make an argument that 'through antiquity' is just a
special case of 'through obscurity' ...
-Will
More information about the OLUG
mailing list