Tell me how
debian is less secure out of the box ?
Well, if you're on x86 or x64, which most Debian probably will be, then
it's less secure in that it's capable of running the payload of most
cracking tools.
A VAX isn't, not unless you run an x86 emulator on it (which is
definitely not an out-of-the-box configuration).
Debian is also less secure in that it's popular enough to have had a
lot more cracker attention; Debian-attacking tools are far commoner and
far more commonly used than VMS-attacking tools.
Devil's advocate: isn't this the old "security by obscurity" argument?
Not that I'm not guilty of the same; I use PPC 10.4, which theoretically
could probably be owned, but in practice almost certainly won't be,
especially if the browser is kept up to date, ahem. But this is a different
argument than if the vulnerabilities exist.
I think a VAX (or insert name of unusual operating system and
architecture configuration here) is probably more secure in practice but
mostly because relatively few people know how to bust into one.
--
------------------------------------ personal:
http://www.cameronkaiser.com/ --
Cameron Kaiser * Floodgap Systems *
www.floodgap.com * ckaiser at
floodgap.com
-- The whippings shall continue until morale improves. ------------------------