Windows beats Linux - Unix on vulnerabilities

  • Thread starter powdermonkey
  • Start date
  • Replies: Replies 55
  • Views: Views 7,269
P

powdermonkey

Regulars
Messages
448
Location
NA
ISP
Airtel
Windows experienced 812 reported operating system vulnerabilities for the period between January and December 2005, compared to 2,328 for Linux and Unix.

Source
 
St0le

St0le

The Funny One
Messages
743
Location
NA
ISP
MTNL
i feel its coz they are open source...hacker can just watch source codes and say..."oooh! look at line 336, that strcpy function has no bounds chker...i am looking at a buffer overflow..hahahaa(and laughs somemore)"windows is like waiting for some1 with a lot of patience diassembling dll's and exe's ...who gives an f* about the PE File Format??
 
A

avinds

Regulars
Messages
632
Location
NA
ISP
BSNL 900UL Plus
that is not a valid point for the end user
 
N

netfreak

Regulars
Messages
2,229
Location
NA
ISP
Airtel GPRS EDGE + VSNL
Its meaninglessOn one side, they consider windowsOn other side, there are Unix + Linux. Count of Unix and Linux includes, Solaris, AIX, Linux, IRIX + QNX + VxWare.If you compare # of vulns in Windows with # of vulns in a single family of systems e.g. Solaris. You get a completely differet picture.
 
B

blr_p

Regulars
Messages
3,912
Location
NA
ISP
Airtel 256k ultd
Windows experienced 812 reported operating system vulnerabilities for the period between January and December 2005, compared to 2,328 for Linux and Unix.[/b]
Umm did you notice that they added up all the vulnerabilities across all unix systems and if an an app that was avaialble in several distros got counted each time.

WTF...This statistic is total bullshit. But then it was paid for by.. guesss who.

Every system has a weakness, it's up to whomever looks after them to patch them in time. Not much diff there between the unix or m$.
 
P

prathapml

Agent Smith
Messages
804
Location
Bangalore
ISP
Load balanced, 100Mbit fake poop
If unix is THAT bad, then why is Windows stealing more & more *nix concepts with every release? :pBTW, one thing to note in that survey is, the windows vulnerabilities are concerned with OS alone. The linux vulnerabilities mention a lot of irrelevant apps too!!!!!!!! $#%@
 


P

powdermonkey

Regulars
Messages
448
Location
NA
ISP
Airtel
^Thats not true. You will find 'irrelevant apps under Windows lists too.
They added Mozilla Firefox under Unix vulnerabilities even though it runs on Windows too! And why Apple Mac OSX a vulnerability of Unix?
Lists
 
M

max

Regulars
Messages
2,750
Location
NA
ISP
MTNL
I am immune to viruses. I use GNU/Linux. You wan't to challenge that? To get to me you will have to break 3 heavy weight firewalls and IDSs (no my ISP is not smart enough to protect me) and if at all you get anywhere near me, my IDSs will have so much evidence against you that the cops will be knocking on your doors before you get to my system.Can you say the same for the windoze machines? Put a vanilla Windows Server 2003 online and just see it getting cracked within hours. Your precious Windows doesn't even come with a proper firewall ( IPSec doesnt come close to being called a firewall ). Yes that includes Windows Server 2003 Enterprise Edition which is supposed to be used by the big wigs.Concerning Windoze, well with Win2k, M$ has started implementing POSIX (google for more info). Windoze Vista has "stolen" a lot of concepts from OSS. The MSH is a rip off of the Bourne Again SHell (BASH). GNU/Linux, UNIX, BSD was there much earlier than M$. BASH and other shells existed before even M$ existed (i.e. when Billy boi was still in his diapers).Please dont help spreading FUD. The register sucks...
 
P

prathapml

Agent Smith
Messages
804
Location
Bangalore
ISP
Load balanced, 100Mbit fake poop
I wasn't spreading FUD, I was supporting OSS in fact.
But well, now that you DID post what you did, I'm tempted to take u up on it.

Fact 1: 3 heavy-weight firewalls - nah, average user does not know to configure it.
Fact 2: IDS - average user has no idea how to analyze a log.
Fact 3: Nobody brings a vanilla WS2k3 server online. The only ones that do so would be pirates deluding themselves to be "31337 h4xx0r5" & using a server OS for desktop purposes.
Fact4: True legit buyers who run WS2k3 have complex procedures & deployment methodologies that go much farther than simply booting up from a CD & installing the OS alone.
Fact5: Since XPSP2 (=2 years ago), security has gone beyond IPsec. And where appropriate, server installations are reinforced with enterprise-class firewalls & transparent security solutions. None of this is anything rare, linux fan boi's have been so dis-connected from reality that they have no idea what they talk.

These fun facts are enough to prove that, while its true that linux CAN be more secure, in reality its not so by DEFAULT - and linux users perpetuating the myth of the "secure linux" are only harming the cause.
Amateurs start using linux & do almost nothing to secure themselves, since they are living under the false impressing that simply the act of using linux will keep them away from all trouble.
Its not true.

In the end, you are comparing dumb users of one OS, with expert hackers that use another OS. Is it any surprise that the 2nd one wins theoretically? Wouldn't they win whichever OS they used? Have you noticed that high-end deployments of Windows & *nix are pretty much level on most parameters? When you compare experts on windows to experts on *nix, you see a similar picture of both managing their systems just fine.

And for any smarting responses to this, that have been posted without properly reading the content in this post, I will simply post a reply quoting my own words again, to be analysed for its full meaning.

Stop the anti-MS FUD.


(nothing personal against you max, its just that I've been in deep, on both sides - windows/linux - and take it as my responsibility to show the truth.
Plus, I like reasoning out things with you.
Depresses me to see a lack of intelligent, well-researched posts on here... I thrive on long-running huge posts that are almost articles!) :)
 
M

max

Regulars
Messages
2,750
Location
NA
ISP
MTNL
oh boy...i was telling the author of this thread to stop spreading FUD and NOT you lest you are powdermonkey :confused:. Will it suffice to say that I have Windows Server 2k3 running on 2 of my machines out of the four I have? I too have been on both sides. I use Windows heavily. I respect it for its ease and usability. But I just can't take people spreading FUD about any OS, be it GNU/Linux or Windoze.Windoze is windoze there will be security risks on this platform. It is being used on 95% of the computers. But that doesn't mean that you compare the security risks on ONE OS with an ENTIRE family of OSes. That ticks me off...I agree with almost all your facts except the last one. When XP SP2 was released IPTables was in existance for a LONG time. Besides, I can understand XP SP2 but what about Windows Server OSes? Why do we need to PURCHASE and install an entirely separate application just to get a decent firewall? This shows the lack of commitment of M$ to security. Atleast a SPI firewall should've been the part of Server family of Windows.
 
N

netfreak

Regulars
Messages
2,229
Location
NA
ISP
Airtel GPRS EDGE + VSNL
I agree with prathapml on Windows/*nix being safe if used by professionals. Most of fortune 1000 companies use Windows for their web servers. (Well true reason is .NET, ASPX makes web development real easy). And NO OS will survive if patches are not applied properly. And Both sides have their share of silly vulns. Simply reading an email with zip attachment (zlib vuln on *nix) or opening a webpage (JPEG / WMF vulns in Windows) can allow someone to take control of your PC even if you have firewalls in place.
 
M

max

Regulars
Messages
2,750
Location
NA
ISP
MTNL
Linux is inherently safer out of the box. And the reason why fortune 100 companies are using windoze webservers is because of the services & support that M$ provides them...
 
P

powdermonkey

Regulars
Messages
448
Location
NA
ISP
Airtel
Originally posted by [email protected] 14 2006, 12:31 AM
oh boy...i was telling the author of this thread to stop spreading FUD and NOT you lest you are powdermonkey :confused:. Will it suffice to say that I have Windows Server 2k3 running on 2 of my machines out of the four I have? I too have been on both sides. I use Windows heavily. I respect it for its ease and usability. But I just can't take people spreading FUD about any OS, be it GNU/Linux or Windoze.


Hey linuxguy,
I never said I support these statistics. Regarding FUD you are talking about, news spreads like fire, that too online. You can't stop them from coming to you. May be you will read them in newspaper or in some other forums. You and I know that these statistics are crap and has certain flaws, but what about those who blindly believe in such news(and make perception that Windows is good and Linux is bad)? Criticism is always appreciated and thats the reason why I posted this topic!
Max, please dont get offended by such posts. ;)
 
N

netfreak

Regulars
Messages
2,229
Location
NA
ISP
Airtel GPRS EDGE + VSNL
Originally posted by [email protected] 15 2006, 12:44 AM
the reason why fortune 100 companies are using windoze webservers is because of the services & support that M$ provides them...
[snapback]39286[/snapback]
[/quote]

I think reason is .NET, witing web apps is easier with ASP.NET environment (Nice IDE + WYSIWUG Editors + Complete stack from one vendor + lot of available developers). Other environments like PHP/Perl do not even have a usable debugger, you have to rely on print/echo statements to trace logic in your programs.

I have to deal with Windows/Linux/Solaris support as part of my Job, and Linux support is good too if you are paying IBM/Redhat for that.

And you cant risk putting ANY box on net without proper patches. Remember 1999 and 2000 incidents when lots of websites related to India were defaced by Pakistani hackers. They used a vuln in Redhat + attitude of web hosts that they are safe since they are running Linux (and can avoid having decent sysadmins because of that).
 
M

max

Regulars
Messages
2,750
Location
NA
ISP
MTNL
Thats the problem with Linux systems. If you have a good sys admin then you dont need official support. Gentoo, Debian have great communities! And yes, M$ provides RADs but PHP/Perl developement aint that bad! :)
 

Similar threads