- TalkBack 25 of 35:
- Next »
- « Previous
- Thread View
- Flat View
- OS vs app flaws.
-
An OS flaw is a flaw that causes an OS or its kernel to fail.
An app flaw is one that causes an app to fail. If the app causes the OS kernel to fail then it may arguably be called an OS flaw.
This flaw is in the SAMBA app and it allows malicious users on the network to launch a DOS attack by flooding the server with requests. The server actually answers all of the requests and so it does its job.
The server does not crash but gets extremely busy at what it was meant to do. Stop the app, the problem goes away. The OS is not flawed.
The latest MS jpeg flaw is another issue. It may be an app flaw as it affects apps that use the GDI API and interprets jpeg files. However, the flaw can allow a malicious user to take over your system so that it stops doing what it was meant to do and start doing anything that the maluser wishes it to.
This now becomes an OS flaw manifested through an app vulnerability because the OS allows the app to execute malicious code, bypassing security, granting access and control to persona non grata.
Now, the app flaw in SAMBA affects every OS it is loaded on. SAMBA is not loaded by default on every Linux desktop instalation. Gentoo, Mandrake and Red Hat do not. They all ask you if you want or need the service --well the versions that I have used of them anyway.
FreeBSD also asks. At least it asked me the last two times I loaded FBSD. Therefore it cannot be a Linux flaw but if you insist on calling it so then it must be a FBSD flaw also.
Now if you are saying that Linux distro's that autoload SAMBA are flawed, (not that I am aware of any that do but I do not dooubt that they exists), then you are incorrect. They are not flawed since the flawed app does not crash the OS but they posses a vulnerability that may make ineffecient at what they do.
Take away your peripheral firewall and every OS has a vulnerability, even those with built-in firewalls because the blocked TCP/UDP package still travels across the ethernet to the OS and still chews bandwidth and still can cripple the network services.
So, you were saying? - Posted by: The King's Servant Posted on: 09/15/04 You are currently: a Guest | Members login | Terms of Use
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
- VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- The more you simplify, the more you save
-
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
- Learn more >>
- The Compelling Case for Conferencing
-
Read the whitepaper to discover the specific ways Unified Communications can improve your bottom line.
- Click to download >>
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
- Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
- Linking Decisions and Information for Organizational Performance Read the Tom Davenport study
