Windows beats Linux - Unix on vulnerabilities

powdermonkey

Regulars
[OP]
Regulars
Apr 28, 2005
457
0
Windows experienced 812 reported operating system vulnerabilities for the period between January and December 2005, compared to 2,328 for Linux and Unix.

Source
 

St0le

The Funny One
Regulars
Dec 3, 2005
766
6
i feel its coz they are open source...hacker can just watch source codes and say..."oooh! look at line 336, that strcpy function has no bounds chker...i am looking at a buffer overflow..hahahaa(and laughs somemore)"windows is like waiting for some1 with a lot of patience diassembling dll's and exe's ...who gives an f* about the PE File Format??
 

avinds

Regulars
Regulars
Oct 31, 2004
633
2
that is not a valid point for the end user
 


netfreak

Regulars
Regulars
Sep 8, 2005
2,160
14
Its meaninglessOn one side, they consider windowsOn other side, there are Unix + Linux. Count of Unix and Linux includes, Solaris, AIX, Linux, IRIX + QNX + VxWare.If you compare # of vulns in Windows with # of vulns in a single family of systems e.g. Solaris. You get a completely differet picture.
 

blr_p

Regulars
Regulars
May 26, 2005
3,935
12
Windows experienced 812 reported operating system vulnerabilities for the period between January and December 2005, compared to 2,328 for Linux and Unix.[/b]
Umm did you notice that they added up all the vulnerabilities across all unix systems and if an an app that was avaialble in several distros got counted each time.

WTF...This statistic is total bullshit. But then it was paid for by.. guesss who.

Every system has a weakness, it's up to whomever looks after them to patch them in time. Not much diff there between the unix or m$.
 

prathapml

Mjölnir
Regulars
Aug 27, 2004
832
9
Bangalore
If unix is THAT bad, then why is Windows stealing more & more *nix concepts with every release? :pBTW, one thing to note in that survey is, the windows vulnerabilities are concerned with OS alone. The linux vulnerabilities mention a lot of irrelevant apps too!!!!!!!! $#%@
 


powdermonkey

Regulars
[OP]
Regulars
Apr 28, 2005
457
0
^Thats not true. You will find 'irrelevant apps under Windows lists too.
They added Mozilla Firefox under Unix vulnerabilities even though it runs on Windows too! And why Apple Mac OSX a vulnerability of Unix?
Lists
 

max

Regulars
Regulars
Oct 6, 2005
2,780
6
I am immune to viruses. I use GNU/Linux. You wan't to challenge that? To get to me you will have to break 3 heavy weight firewalls and IDSs (no my ISP is not smart enough to protect me) and if at all you get anywhere near me, my IDSs will have so much evidence against you that the cops will be knocking on your doors before you get to my system.Can you say the same for the windoze machines? Put a vanilla Windows Server 2003 online and just see it getting cracked within hours. Your precious Windows doesn't even come with a proper firewall ( IPSec doesnt come close to being called a firewall ). Yes that includes Windows Server 2003 Enterprise Edition which is supposed to be used by the big wigs.Concerning Windoze, well with Win2k, M$ has started implementing POSIX (google for more info). Windoze Vista has "stolen" a lot of concepts from OSS. The MSH is a rip off of the Bourne Again SHell (BASH). GNU/Linux, UNIX, BSD was there much earlier than M$. BASH and other shells existed before even M$ existed (i.e. when Billy boi was still in his diapers).Please dont help spreading FUD. The register sucks...
 

prathapml

Mjölnir
Regulars
Aug 27, 2004
832
9
Bangalore
I wasn't spreading FUD, I was supporting OSS in fact.
But well, now that you DID post what you did, I'm tempted to take u up on it.

Fact 1: 3 heavy-weight firewalls - nah, average user does not know to configure it.
Fact 2: IDS - average user has no idea how to analyze a log.
Fact 3: Nobody brings a vanilla WS2k3 server online. The only ones that do so would be pirates deluding themselves to be "31337 h4xx0r5" & using a server OS for desktop purposes.
Fact4: True legit buyers who run WS2k3 have complex procedures & deployment methodologies that go much farther than simply booting up from a CD & installing the OS alone.
Fact5: Since XPSP2 (=2 years ago), security has gone beyond IPsec. And where appropriate, server installations are reinforced with enterprise-class firewalls & transparent security solutions. None of this is anything rare, linux fan boi's have been so dis-connected from reality that they have no idea what they talk.

These fun facts are enough to prove that, while its true that linux CAN be more secure, in reality its not so by DEFAULT - and linux users perpetuating the myth of the "secure linux" are only harming the cause.
Amateurs start using linux & do almost nothing to secure themselves, since they are living under the false impressing that simply the act of using linux will keep them away from all trouble.
Its not true.

In the end, you are comparing dumb users of one OS, with expert hackers that use another OS. Is it any surprise that the 2nd one wins theoretically? Wouldn't they win whichever OS they used? Have you noticed that high-end deployments of Windows & *nix are pretty much level on most parameters? When you compare experts on windows to experts on *nix, you see a similar picture of both managing their systems just fine.

And for any smarting responses to this, that have been posted without properly reading the content in this post, I will simply post a reply quoting my own words again, to be analysed for its full meaning.

Stop the anti-MS FUD.


(nothing personal against you max, its just that I've been in deep, on both sides - windows/linux - and take it as my responsibility to show the truth.
Plus, I like reasoning out things with you.
Depresses me to see a lack of intelligent, well-researched posts on here... I thrive on long-running huge posts that are almost articles!) :)
 

max

Regulars
Regulars
Oct 6, 2005
2,780
6
oh boy...i was telling the author of this thread to stop spreading FUD and NOT you lest you are powdermonkey :confused:. Will it suffice to say that I have Windows Server 2k3 running on 2 of my machines out of the four I have? I too have been on both sides. I use Windows heavily. I respect it for its ease and usability. But I just can't take people spreading FUD about any OS, be it GNU/Linux or Windoze.Windoze is windoze there will be security risks on this platform. It is being used on 95% of the computers. But that doesn't mean that you compare the security risks on ONE OS with an ENTIRE family of OSes. That ticks me off...I agree with almost all your facts except the last one. When XP SP2 was released IPTables was in existance for a LONG time. Besides, I can understand XP SP2 but what about Windows Server OSes? Why do we need to PURCHASE and install an entirely separate application just to get a decent firewall? This shows the lack of commitment of M$ to security. Atleast a SPI firewall should've been the part of Server family of Windows.