Ryan Durante, a program manager for Air Force Research Laboratory in Rome, N.Y., had this to say in eweek recently about Sun Solaris, "We do use Windows as well as other versions of Unix. But, in our opinion, Trusted Solaris is the most secure operating system out there. We expect this move to yield tremendous administrative savings and to be more secure".

What does Trusted Solaris have versus other versions of Unix? FreeBSD say for example seems rather secure. Windows is like the most unsecure, everyone knows that, but I wouldn't have expected him to say that in comparison to other versions of Unix.

I want to see HOW he compared them...
He's a NOOD... dont know NOTHING...

i'm gonna move this to linux section

This is what Sun has to say about it

Feature

Benefit
Configurable Security Functionality
The Trusted Solaris 8 Operating Environment can easily be configured to meet a wide range of customer security policies -- without impacting functionality.

Trusted Roles
There are no superuser accounts with Trusted Solaris 8 software; systems administrators are as accountable for their actions as users.

Solaris 8 Base Platform
The Trusted Solaris Operating System supports 32-bit and 64-bit SPARC systems (up to and including the Sun Fire 15K Server), as well as the x86 platform (32-bits), with advanced multithreading and symmetric multiprocessing support.

Window System Based on CDE (Common Desktop Environment)
Trusted Solaris 8 software provides a familiar, easy-to-use environment with extensions to prevent spoofing and tools for ease of use and administration of security.
Administration Based on Solaris Management Console 3.0 FCS

Framework and NIS+
With a wide range of standard tools, the Trusted Solaris 8 Operating Environment requires less training for system administrators and allows implementation of enterprise-wide security policy. It leverages the Solaris 8 software experience in that any administrator familiar with the Solaris 8 Operating Environment will also be familiar with Trusted Solaris 8 administration mechanisms.

Multilevel File System
The Trusted Solaris 8 Operating Environment uses a multilevel file system that allows segregation of different classes of (internal and external) users, with strictly enforced control over what data they can see and what operations they can perform.

Execution Profiles
With the Trusted Solaris 8 Operating Environment, users and roles can be limited to a specific set of commands and actions that are needed for individuals to perform specific jobs. Execution profiles can be defined to assign authorizations to accounts and privileges to commands and actions. This enables users or roles to bypass security restrictions when needed to accomplish a defined set of tasks, without providing them access to everything.

http://www.boingboing.net/2005/01/27/jailed_for_using_a_n.html

Thursday, January 27, 2005
Jailed for using a nonstandard browser
A Londonder made a tsnuami-relief donation using lynx -- a text-based browser used by the blind, Unix-users and others -- on Sun's Solaris operating system. The site-operator decided that this "unusual" event in the system log indicated a hack-attempt, and the police broke down the donor's door and arrested him. From a mailing list:

For donating to a Tsunami appeal using Lynx on Solaris 10. BT [British Telecom] who run the donation management system misread an access log and saw hmm thats a non standard browser not identifying it's type and it's doing strange things. Trace that IP. Arrest that hacker.

Armed police, a van, a police cell and national news later the police have gone in SWAT styley and arrested someone having their lunch.

Out on bail till next week and preparing to make a lot of very bad PR for BT and the Police....

So just goes to show if you use anything other than Firefox or IE and you rely on someone else to interogate access logs or IDS logs you too could be sitting in a paper suit in a cell :(

i think its a great thing that sun is doing

I can't believe someone didnt know what lynx was.. muhaha. I find it even harder to believe someone preferrs using lynx as their web browser (and not just using it on a shell system without a gui, which I have had to do to get packages before.)

I tend to use lynx when i am looking for specific information when I don't wabt to be bombarded by pics and ads

Iv, seen and found that NOT using Windows IE/windows at all, can help in transferring data faster..
without all the over head, its a PURE download, transfer of data...

linux is worse than windows for security unless you know how to lock it down. like 9/10 distros install exploitable daemons/apps automatically.

same with windows. You can screw that pretty quickly if you don't know what you are doing. Linux actually comes out of the box more secure due to the number of bugs and exploits in windows (which remain unfixed), that are rated highly or extremely critical by security organizations such as secunia.

How Critical
Windows Pro
http://secunia.com/graph/?type=cri&period=all&prod=22

RH Linux Enterprise
http://secunia.com/graph/?type=cri&period=all&prod=2535

Number of Unpatched Issues

Windows Pro
http://secunia.com/graph/?type=sol&period=all&prod=22

RH Linux Enterprise
http://secunia.com/graph/?type=sol&period=all&prod=2535

Openbsd
http://secunia.com/graph/?type=cri&period=all&prod=100

Mandrake
http://secunia.com/graph/?type=cri&period=all&prod=3918

if you find a home user running rh enterprise, i'll paypal you $20.

Fedora
http://secunia.com/graph/?type=cri&period=all&prod=4222

i have fc3 @ home. it's a peice of ****. but it does have policies and other new things. it's pretty cutting edge for linux dev.

was meant to serve as an example

if you find a home user running rh enterprise, i'll paypal you $20.


Wheres my $20. or would you like a picture of my home running RHE

i would like to see a scan of your receipt :)

Linux is designed for those that WISH to tweak a system and optimize EVERYTHING themselves, for ppl that what to KNOW there way around...

Windows is for those that JUST want a computer... With that, you DONT know WHAt you are getting, OR how it works.
The Structure of windows, makes it HARd to backup, to FIND faults, find 2nd party installs they go DIRECT to windows DIR...
IF MS would STOP loading all the 2nd party DLL, INF, and drivers IN Windows DIR, we could find and kill most anything...But I AINT sorting thru 80+ megs of small files(200+ files), just to kill a BOT, or virus.
Backing UP windows ia #@$@#$, as programs load there Drivers, in windows dir, insted of a seperate location...so you cant Backup SINGLE programs, or JUST your programs..you have to BU the WHOLE system and Progs to save anything.
Id rather second party progs to KEEP there DLL/INF/DRIVERS to there selves, or windows to have a second DIR for them...BUT they wont.
LOCK that windows Dir so hackers and bots cant be installed there. It would make windows MUCH harder to infect, or kill..

Linux is designed for those that WISH to tweak a system and optimize EVERYTHING themselves, for ppl that what to KNOW there way around...

Windows is for those that JUST want a computer... With that, you DONT know WHAt you are getting, OR how it works.
The Structure of windows, makes it HARd to backup, to FIND faults, find 2nd party installs they go DIRECT to windows DIR...
IF MS would STOP loading all the 2nd party DLL, INF, and drivers IN Windows DIR, we could find and kill most anything...But I AINT sorting thru 80+ megs of small files(200+ files), just to kill a BOT, or virus.
Backing UP windows ia #@$@#$, as programs load there Drivers, in windows dir, insted of a seperate location...so you cant Backup SINGLE programs, or JUST your programs..you have to BU the WHOLE system and Progs to save anything.
Id rather second party progs to KEEP there DLL/INF/DRIVERS to there selves, or windows to have a second DIR for them...BUT they wont.
LOCK that windows Dir so hackers and bots cant be installed there. It would make windows MUCH harder to infect, or kill..

do you understand the concept of administrative user/rights? don't log in as admin, problem solved if you can't secure your pc and need to resort to file permissions.

as for dll/inf (system) files .. uninstall the app properly and you won't have any issues. run a registry cleaner once a month or more often, depending on your install/uninstall routines and your pc is fine. i really don't understand how you can have so many issues with windows. linux is harder to manage going from distro to distro. mainly fedora.

REALLY, so that FILE thats in win32 dir, that you want to kill, is PARt of windows, and is USED by the program...AND you want to kill it???
GO FOR IT...
And HOw would you suggest to PROPERLY uninstall a program??
Add/remove?
How about the programs OWN uninstall??
How about the one NOT listed in add/remove, and DONT have an uninstall...??

theres like 4 ways to install programs on WINDOWS, and 3 to remove them, and NONE are secure enough to KNOW you are NOT going to kill windows, or have Left over DLL's, reg links, Inf's and OTHER STUFF left over....

REMEMBER 1 thing, we are DEALING with ppl that have peoblems programing REMOTE controlls for TV, ppl that dont understand even HOW to install windows, they dont even KNWO how most the stuff got ONTO there computer...
Im talking about 80% of the 60% of ppl that HAVE a computer.

why are you running apps that don't conform to the windows guidelines for uninstalling? sounds like you're creating your own issues dude, although if you need to remove an app's dir simply erase it and clean the registry so you don't have a system looking for what's not there. really.

If you look at the number of unpatched issues, all the *inx is the same at 100%. That is quite impressive feat. It really tells you about the work ethic of these people who support open source. All the really smart people aren't working on windows development, that's for sure.

why are you running apps that don't conform to the windows guidelines for uninstalling? sounds like you're creating your own issues dude, although if you need to remove an app's dir simply erase it and clean the registry so you don't have a system looking for what's not there. really.

K2,
what are the odds, that the only INSTALL you have is WINDOWS based... NONE.
Wondering the net, you will incurr ALOT of flash loads, Bots, popups, even GIF pics can load STUFF on your machine, and Media player has a back door...
You are telling me that NO ONE, even with a decent program will load a program on WINDOWS that cant be removed with ADD/REMOVE...
You either are full of BULL, or have no sence/experience of what windows IS.. I expect the last.

Lets do this the easy way, you cant do this on a CLEAN install, but LOOK at programs listed by Windows...
then goto add/remove and try to match them ALL.

OR:
try to remove NORTON/McAffee from your computer.. It aint easy. And then look at your reg, and find ALL of it gone.. you wont be able to do it.

sorry dude, but i'm not as n00b as you seem to think.

try this out, it might help your cause a little. my buddy sh0rtie's host file (http://remember.mine.nu/) might help your crusade against popups and advertising. of course, if you ran firefox you could block all of it when you combo it with this file. as of this moment, i have just windows on my home pc. in the last 3 months it's had 5 linux distros and 2 windows installs. i dunno about you, but i run everything so i know my options.

i also run multiple linux servers at work, where i'm in charge of 4 windows servers and 2 linux boxes. i'm far from a hacker, but i have a couple of friends that are in that scene so i have a bit of insight into what to avoid running or how.

regarding nav/mcafee. i don't run that **** to begin with.

well,
a little knowlegde may give you an advantage...
Lets see:
Im 45 and been useing comps sence I we 18.
timex sinclear
Vic20
com 64
64/128
amiga
PC
IBM main frames
Languages,
cobal, BAL, basic, fortran, RPG...and a few others and versions also..
Iv, hardware hacked and software hacked...mostly the c64 and the amiga..
I know about DEC, IBM, intell, and many other companies that MADE there own computers... Even know about OS2 warp, BeOS..and others..
PPC, motorolla and IBM, and ALOT of hardware that most have never seen..

I seee that you dont like those 2 progs either...Good choice..
But the architecture of windows SUCKS...
And you CAN say there hasnt been a prog loaded on your comp, that wasnt EASy to remove...TOTALLY...

that's funny, i've only heard good things about how windows works. with calls in succession. but i guess since you've used a vic20 (my school had em as well) you know best. i've been using comps since i was 5, and i'm turning 25 next month so i guess we have about equal time on em.

for kicks, this is generally what i've used/owned.

my first comp was a ti99/4a
my friend's ti 8088
my school had 2 labs of unisys2 net clients
school had a lab of pet
each classroom had vic20s & c64
we then got a lab of c64's with a mac2 of some kind

fast forward a couple of years, home pc changed to a 486dx and generally every major cpu gen. i've owned since then.

Pretty good..

How you think the Unisys compares with how windows handles networks...

Think of it this way...For all the power we got, it still runs as fast as a 486/pentium..ONLy because theres so much MORE over head..
Games before win95 ran independant of the system or under DOS.. they did there OWN networking.. NOW they have to travel thru all the windows STUFF, just to connect, and work under DirectX..
A few game makers have even tried running linux Shell, and THEN there game, which works very well. But current windows DONT like anything, or ANYbody doing such things..
Intell has tried to PUSH the hardware and even the software developement, but MS keeps slapping them down. Most of the "NEW" ideas for hardware ARENT new..
Intell wanted to goto parrallel processing long ago, but MS said no..
the only advances in hardware Im looking forward to are,
When the Inserted cards have there OWN protocols, insted of using the CPU to run everything. Installing the drivers onto the hardware at startup would save 80% of the processing on the CPU.. audio and video, and even a HARDWARE mouse driver would be GREAT. God, I miss my Amiga..

windows nt4 introduced smp processing, unix had it first. pentium pros were the first real consumer/prosumer push for smp in the wintel world. both companies would be stagnant without competition from amd. the 90s are proof of that. it's sad that ms is so tight with intel. wintel networking is sad; everyone in the IT field should know that.

the bios hasn't changed but that's coming; plus amd's cpus that protect the os should be cool. things are changing and getting better hardware wise; i doubt windows will be decent until after longhorn. linux or something else should be rocking by then.

or by parallel do you mean clusters? i'm not sure when windows first had software for that .. i'm not fimiliar with doing windows clusters at all for parallel processing.

windows clusters at all for parallel processing

You can do load balancing to different machines running windows, but the load balancer is probably going to be running Linux. This is far from Beowulf Cluster.

http://redundancy.redundancy.org/fbsd_lb.html

MS FAQ
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/clustering/nlbfaq.mspx

Wow... what a confused thread! Trusted Solaris degenerating to "my first computer" to cluster/SMP confusion.

No software is trustworthy. "Trusted" makes for a good marketing buzz word though. Has a better ring to it than "SE" Linux.
http://www.nsa.gov/selinux/

well, lets see.
Parrallel processing.
As in doing more then 1 thing at a time.
As in, the 68000-68060 and Many PPc chips...DIDNT do the processing..They SAW that what was loading was VIDEO or Audio, and shipped it to the CARD needed...DIDNT do the processing for conversion..

OR

that a processor could handle 64-128 bit, and the language was only 16-32... It would to 2-16 instructions at a time, with a timing code, or split the tasks needed.. mouse and port control to this side, Programs here, video HERE, Audio HERE......
shove it to RAM where it was picked up but the Processor that USED it, and away you went.

Wow... what a confused thread! Trusted Solaris degenerating to "my first computer" to cluster/SMP confusion.

ahhh the components to any good thread on DT :P

yep,
you should see some of our discussions... WE hit everything..all at once..

it's more fun this way :)

Hey does the NSA link work for you guys?

Hey does the NSA link work for you guys?
Nope. The last time I visited nsa.gov there was a notice that they were taking the site down for maintenance on Feb 4... looks like it's still down.

Verified it's an internal NSA problem...
eherr@chernobyl:~$ traceroute www.nsa.gov
traceroute to www.nsa.gov (12.110.110.204), 30 hops max, 38 byte packets
1 nebula (192.168.154.1) 2.932 ms 2.187 ms 1.327 ms
2 10.193.96.1 (10.193.96.1) 12.055 ms 54.954 ms 11.125 ms
3 gsr-01.ge10-205.mhe.ftwrth.tx.charter.com (66.169.205.129) 12.244 ms 10.897 ms 11.516 ms
4 er73-01.mhe.ftwrth.tx.charter.com (66.169.96.250) 9.046 ms 11.050 ms 10.989 ms
5 12.124.219.29 (12.124.219.29) 15.258 ms 12.877 ms 12.972 ms
6 gbr1-p70.auttx.ip.att.net (12.123.133.22) 16.811 ms 17.562 ms 16.205 ms
7 tbr2-p012301.dlstx.ip.att.net (12.122.10.109) 18.977 ms 31.056 ms 21.654 ms
8 tbr2-cl6.sl9mo.ip.att.net (12.122.10.89) 34.179 ms 35.452 ms 35.306 ms
9 tbr1-cl2.sl9mo.ip.att.net (12.122.9.141) 33.748 ms 47.086 ms 35.097 ms
10 tbr1-cl4.wswdc.ip.att.net (12.122.10.29) 52.832 ms 51.642 ms 50.520 ms
11 ar1-a300s4.wswdc.ip.att.net (12.127.1.5) 50.036 ms 53.174 ms 50.742 ms
12 12.127.209.214 (12.127.209.214) 56.024 ms 12.127.209.218 (12.127.209.218) 57.001 ms 12.127.209.214 (12.127.209.214) 61.136 ms
13 12.110.110.131 (12.110.110.131) 59.892 ms 58.612 ms 58.413 ms
14 * *
eherr@chernobyl:~$ host www.nsa.gov
www.nsa.gov has address 12.110.110.204

I'm guessing they gotta remove carnivore :P

thanks spankers !

has anyone run the sun java desktop r2? i got a copy yesterday but i don't have enough blanks to burn it :/

has anyone run the sun java desktop r2? i got a copy yesterday but i don't have enough blanks to burn it :/

Yuck... Bloat, bloat, bloat.