Survivability of RHEL3 circa Nov 2003
So a full install of a Red Hat Enterprise Linux 3 box that was connected to the internet in November 2003 even without the firewall and without receiving updates would still remain uncompromised (and still running) to this day.
It’s not to say that a RHEL3 user couldn’t get compromised – but that’s not the point of the survivability statistuc. In order to get compromised, a user would have to have either enabled anonymous rsync, SWAT, or be running an open CVS server, none of which are default or common. Or a user would have to take some action like visiting a malicious web site or receiving and opening a malicious email.
All this says is that RHEL doesn’t have an exploitable sshd, and that (at long last) RH doesn’t start every service under the sun when you do a full install.
It would be interesting to know the survivability of a RH box (excluding sshd) prior to November. I’d offer that it would be measured in weeks. The analogous figure for OpenBSD, by comparison, would be between 6 and 7 YEARS. I do not see how rising to a mediocre standard of reliability after years of opportunity to do so makes an OS praiseworthy.
All this says is that RHEL doesn’t have an exploitable sshd, and that (at long last) RH doesn’t start every service under the sun when you do a full install.
It would be interesting to know the survivability of a RH box (excluding sshd) prior to November. I’d offer that it would be measured in weeks. The analogous figure for OpenBSD, by comparison, would be between 6 and 7 YEARS. I do not see how rising to a mediocre standard of reliability after years of opportunity to do so makes an OS praiseworthy.
Survivability of RHEL3
Liudvikas had an interesting post pointing to an entry from a RedHat blog in which Mark Cox points out some compelling evidence in which… “… a full install of a Red Hat Enterprise Linux 3 box that was connected to the internet in November 2003 even…
Survivability of RHEL3
Liudvikas had an interesting post pointing to an entry from a RedHat blog in which Mark Cox points out some compelling evidence in which… “… a full install of a Red Hat Enterprise Linux 3 box that was connected to the internet in November 2003 even…