[mdlug] A big opportunity for Linux?

Mon Nov 19 23:04:31 EST 2007

On Nov 19, 2007 10:17 PM, Adam Tauno Williams
<adamtaunowilliams at gmail.com> wrote:
> Are we talking about enterprises or small/medium businesses?  Seems to
> me the mile post in these kind of debates gets switched back and forth
> allot.  Enterprises just don't care,  it isn't that expensive relative
> to other things.  No small/medium business I've ever encountered has an
> M$ support agreement.

It depends on type of business, their reliance on IT, and budget.
Some auto companies still standardize on Win2K even though it was EOL
several years ago.  Many small businesses rely on only one or two apps
(often Quickbooks) and as long as they have a backup of the data a
malware problem can be fixed with a restore CD and a reinstall of the
app.  They are conditioned that malware is normal, just like cars have
flat tires occasionally.

> Bogus.  I admin a network of ~250 Windows 2000 & XP workstations.  No
> support agreement.  The threat of malware is drasitically overstated by
> fear mongers and alarmists,  the issue is actually quite easily to deal
> with using well-known techniques.

It depends on your level of control and the security concerns of the
company management.  If the management has no real clue about security
then their primary requirement is to keep accounting functioning.  If
they are concerned about trade secret theft then entire hardware
lock-down and encryption is required.

The best-laid security plans of a network admin are easily thwarted by
a clueless superior that insists that they need full read/write access
to everything on the network.

In my experience, purely external problems are limited to wireless
intrusions or physical theft.  Everything else has an internal
component and users are almost always the link.

> Well, the cost of our AV protection solution... $0.00.

In a thin-client environment malware is easy to control.  In a typical
fat-client situation the users (especially managers and developers)
often demand local control and install whatever they want.  If
upper-management doesn't allow you full authority over them then
you're stuck with the problem.  Understaffed IT departments don't help
either.

> Eh?  This doesn't even make sense.  If you have any kind of embedded
> device / appliance you are always 110% at the mercy of the vendor.
> Nothing changes that.  Fortunately my experience is that most embedded
> devices are far too stupid / limited / sealed to respond to malware in
> anyway (you're lucky if most "appliances" even manage to do what they
> were advertised to do).

Depends on the device.  A lot of them use Linux and some can be
updated.  HP JetDirect devices have had security issues and updates
can be easily installed.

> Sure, and what does this have to do with Windows vs. LINUX desktops?
> The embedded devices are just there - nothing anyone can do about the
> bloody things. (I have well over two dozen hosts running NT embedded,
> real crap).

Security practices for embedded devices is no different than any other
platform.  Restrict access to those who need it.  If it's a concern
then install a SPI firewall between it and the network.

> And I've seen those numbers;  same thing with SPAM... it is costing some
> unholy amount of money.  I don't buy it.  If this is true then those
> networks are being administered poorly or someone is quite happy to just
> fork over buckets of money for someone else to deal with the problem (a
> legitimate business solution in some cases [although, I suspect, usually
> not]).

The cost depends on the environment but you have to check who is
reporting the numbers.

> So?  This is true of IBM, HP, Sun, etc... hardware & software is just a
> platform.  The solution is valuable part, so of course that is where the
> profit is.

Does Windows Live OneCare count?