Which is secure?...Windows or Linux

hi

well now sahirh had mentioned buffer overflows, may i ask how does one inflict a buffer overflow and mostly i know that windows are the ones prone to these kinds of attacks..is linux also prone to this kind of attack?

any suggestions how could i simulate a scenario wherein i could involve a buffer overflow?...


thanks...

Sorry to multi-thread this thread(?), but I have a question.
Sahirh, with reference to Linux you mentioned that "once you get over the learning curve you fall madly in love with it". What is the best way to get over the learning curve without either losing your sanity (copious examples provided on request) or trashing your box and having to reinstall it more times than you have the patience for.
This is a question I think many others might benefit from. I'd really like to get more proficient with the penguin but can't seem to get past the knowledge holes. And much of the linux stuff on the net goes too far over your head far too quickly when you're getting started. The manuals seem to do that too. My other big problem is that I find myself looking at Linux from a Windows perspective and that really doesn't help either.
Perhaps one of our illustrious moderators might like to relocate this thread into another forum once it's up and running?

Well this is a nice idea, so lets kickstart it and then i'll split the post and maybe make it sticky at the top of the unix forum...

To begin with, a newbies mindset to linux has to change. Coming from 10+ years in windows, anyone would feel things are different and yes it is a harder o/s to *FIX*.. i repeat fix.. not learn.

Heres a case in point : I recently met a smart young fellow who was pretty new to both windows. he knew how to surf, check mail etc and thats it. He didnt know that another o/s even existed.

So I gave him redhat 9 and knoppix. He installed them both (said he found redhat install easier than windows 2000), and he feels that linux is easier to use... why ? because he hasnt got used to doing things a particular way.

In linux, half the battle is learning how to find help. The following things are your friends :
man - yes the man pages are complicated sometimes, but they are very easy to follow once you get the hang

apropos - find that command you didnt know existed

forums - like this one

It also helps to have someone experience show you around a little bit.

If you are just using a linux box.. chances are, it wont break... if however you're a newbie and you decide you want to recompile your kernel on the first day, you're probably going to get yourself seriously burned.

How about everyone ask a few common questions, kinda like a faq, and the nix gurus here can help answer them.


Now about buffer overflows.. the simplest way to talk about buffer overflows is like this.

Whenever a program takes input, the programmer sets aside a bit of memory for that input. For example if you have to input your name, the programmer might have set aside 20 characters for the name.. now what happens if you type something 30 characters long ? You overflow the buffer he had created for you..

This doesnt really help you much until you understand that the address of the next instruciton the CPU has to execute is stored just above this buffer in memory.. In other words if you overflow hte buffer, you can overwrite the address of hte next instruction ot execute. This means oyu can tell hte microprocessor where to run code next..

if you fill the buffer with your own code, and overwrite the next instruction address with the address of the buffer, the cpu will execute YOUR CODE.. that means you can do anything you want..

yes linux is also vulnerable to this...there are various workarounds.. but the best way is for the programmer to check how much input he is getting in the first place.


We can take this up in detail in another post if you're interested... with code as well.


Cheers,

Excellent Sahir. I'll put in a couple of questions once the thread is suitably relocated. By the way, you're next post will be your 1000th!!

I agree totally with Sahirh, unix way is not actually THAT more difficult than windows, it's just different.

I believe the best way to get used to linux or any OS, is to force your self to! So.. just get your hard drive rid of windows, make a full slackware installation for first time and force yourself to do your every-day work.. and you will be a star in a week or so

The only important think is to have your internet connection set up so that you can access the MR. Wise, Google. That can be as simple as two commands (ifconfig & route) if you are lucky enough to use an ethernet dsl router, but in the case of dial up modem it is also simple (you could connect simply from kppp front end with a procedure similar to windows). Only if you have a USB dsl router things are a bit tough and you should consider getting some experience first installing linux in a virtual vmware machine.

This is an excellent free ebook that I recommend to skim-read or access thematically, as a reference to answer all your basic questions: Linux Newbie Administration Guide

VMWare is a very good way to start using linux.

So is Knoppix.