Is Windows Less Secure than Linux, Not Here...
All I have to say is LOL. Just about any OS can be secure or not depending on its configuration and administration. And here's another one. . . .
All I have to say is LOL. Just about any OS can be secure or not depending on its configuration and administration.
http://www.wininformant.com/Articles/Index.cfm?ArticleID=23958
And here's another one...
http://www.theregister.co.uk/content/55/23901.html
http://www.wininformant.com/Articles/Index.cfm?ArticleID=23958
And here's another one...
http://www.theregister.co.uk/content/55/23901.html
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
I have never had any security issues and i have been running iis on broadband for years.
It's all about administration.
It's all about administration.
Absolutely - too many people install NT or Win2k server, and assume that MS has automatically set all the security options...it's a bit like buying a car with a super-duper alarm, then expecting Ford (or whoever) to set it when you're not in the car!
I believe that the majority of security problems arise because people assume that the default settings are secure...for which MS is only to blame for a small part - using the analogy above, it's like leaving your car unlocked, then blaming Ford when it gets stolen!
AndyF
I believe that the majority of security problems arise because people assume that the default settings are secure...for which MS is only to blame for a small part - using the analogy above, it's like leaving your car unlocked, then blaming Ford when it gets stolen!
AndyF
that story is obviously an attempt to deter people from linux. Nothing more.
The article was written during the one period that windows had less known holes that linux.
The counts are the number of holes found and resolved, not the number of holes. So another way of looking at it is Linux security improved much more than windows during that period.
[/list:u]
The article was written during the one period that windows had less known holes that linux.
The counts are the number of holes found and resolved, not the number of holes. So another way of looking at it is Linux security improved much more than windows during that period.
[/list:u]
I was actually looking at these numbers here from the link on the first article:
http://securityfocus.com/vulns/stats.shtml
Even with dated numbers, you can see as there are more Linux installations (and it strives to become more "Windows"-like) the holes in it are climbing. So, I guess another way to look at it is since it has even less features than a Windows OS (and far less application support), it is still becoming a great security risk. Or, here's yet another way to look at it; as the installed base grows larger, there's more people changing focus to look for exploits in Linux distros. Hmmm....
http://securityfocus.com/vulns/stats.shtml
Even with dated numbers, you can see as there are more Linux installations (and it strives to become more "Windows"-like) the holes in it are climbing. So, I guess another way to look at it is since it has even less features than a Windows OS (and far less application support), it is still becoming a great security risk. Or, here's yet another way to look at it; as the installed base grows larger, there's more people changing focus to look for exploits in Linux distros. Hmmm....
Also, look at point 2 in the article:
Quote:There is a distinct difference in the way that vulnerabilities are counted for Microsoft Windows and other operating systems. For instance, applications for Linux and BSD are often grouped in as subcomponents with the operating systems that they are shipped with. For Windows, applications and subcomponents such as Explorer often have their own packages that are considered vulnerable or not vulnerable outside of Windows and therefore may not be included in the count. This may skew numbers
I think this is a pretty major point.
Do you realise just how many optional applications come with these distributions?
that would make this quote:
Quote:since it has even less features than a Windows OS (and far less application support) basically wrong.
As mentioned, I believe that with both systems configured properly, linux is already far more secure. The article is also based on default installations.
Whichever is the most secure now, all things aside, I sincerely believe that when things settle - When linux matures and reaches some common standards, It will be amazingly more secure.
There is much greater support for fixing vulnerabilitys in linux.
Quote:There is a distinct difference in the way that vulnerabilities are counted for Microsoft Windows and other operating systems. For instance, applications for Linux and BSD are often grouped in as subcomponents with the operating systems that they are shipped with. For Windows, applications and subcomponents such as Explorer often have their own packages that are considered vulnerable or not vulnerable outside of Windows and therefore may not be included in the count. This may skew numbers
I think this is a pretty major point.
Do you realise just how many optional applications come with these distributions?
that would make this quote:
Quote:since it has even less features than a Windows OS (and far less application support) basically wrong.
As mentioned, I believe that with both systems configured properly, linux is already far more secure. The article is also based on default installations.
Whichever is the most secure now, all things aside, I sincerely believe that when things settle - When linux matures and reaches some common standards, It will be amazingly more secure.
There is much greater support for fixing vulnerabilitys in linux.
Basically wrong? How's that? Am I missing something here? It would seem to me that if you offer *less* things that can go wrong, then less thing should go wrong. And that's where I put Linux, in the "less things available to go wrong" catagory. Today I received a newsletter from Windows & .NET Magazine (formerly Win2K Mag), and in it there's a nice editorial from Paul Thurrott about some of these stats. Here's a big portion of it, but I would be glad to forward the whole thing to anybody that wants it:
Quote:Drawing conclusions based on all the informational clutter about Linux and
Windows is frustrating, tiring, and ultimately impossible. Here's a classic
example: We've all heard that the open-source Apache Web Server has about 57
percent of the Web server market, compared with Microsoft IIS, which has 31
percent. Open-source partisans point to this statistic as a victory, but
Microsoft can show that more top e-commerce sites use IIS than use competing
products and that more Forbes 500 companies use IIS than use Apache.
Let's examine a more recent example. In Friday's WinInfo Daily UPDATE
newsletter, I mentioned a set of statistics from BugTraq, a reputable security-
information provider, that shows how various OSs compare securitywise. The
statistics show a surprising trend: When you aggregate all the Linux
distributions, Linux, not Windows, has had the most security vulnerabilities,
year after year.
If you break down those numbers by Linux distribution (despite the fact that
Windows 2000 and Windows NT are lumped together), Win2K/NT had 42
vulnerabilities in 2001 (data is through August only), and the leading Linux
distribution, Red Hat, had 54. In 2000, Win2K/NT had 97 and Red Hat Linux had
95.
I believe that the number of vulnerabilities in a given OS is tied, in part, to
its usage. That is, more popular OSs are hacked more often because they're more
viable targets. Therefore, Red Hat is the right Linux distribution to compare
with Windows because it's the most popular. And because fewer servers run Red
Hat Linux than Windows, yet the number of vulnerabilities in both OSs is
similar, arguably, Linux is less secure. When you factor in usage, Windows
doesn't look so bad.
I read a lot of articles on Linux Web sites that describe Windows as "on the
ropes," but major corporations around the world use Windows servers every day,
and the servers, for the most part, work well. I'm not saying Microsoft has done
a good job of securing its products, and the company's recent decision to focus
on security is long overdue. But statements that "Linux is more secure than
Windows" are definitely not true.
Now, this sounds a lot like what I mentioned earlier, so this didn't come as any sort of shocker to me. However, most of these "holes" are probably in the form of client attacks, and honestly, how many people do you think are out there using Linux as a client? Most patches have been directed at workstation usage since that's where most vulnerabilities are at. I mean, you have to see the trend here and realize that there are WAY more users out there on Windows clients, and most people feel like they are wasting their time writing hacking tools for Linux boxes. That does appear to be changing though, and as it gets more "Windows-like" you can count on there being even more holes in it, especially since there are so many people trying to dictate what should and should not be in a distro.
I am just getting a bit fed up with people claiming that Linux will be *so* much better "when it matures". That's funny, since I have been fiddling with it since '98 and the damn thing hasn't matured that much to me. I was expecting to at least see Star Office in a stronger light than it is, some sort of 3rd party directory service for object/container management and application support that would use said directory service. But instead, we now have 50 text editors. Hurray, I am thrilled. Most people wait until the first or second service pack of a Windows OS before they call it "mature", and that can take up to 18 months. But here, I have waited almost 3 years (and 2 or 3 version levels depending on the distro) and Linux still isn't "mature". They can't keep hiding behind that excuse anymore; you are either in or you are out. Suck it up, and take the lumps. Nobody expected them to be perfect, except for themselves. Personally, I am glad that there are people working on a different OS (even if it isn't BeOS ), but you can't keep covering up failures with excuses such as it being too "new" or that nobody understands it yet. It has been around for a long time now, and the community that backs it needs to accept responsibility for it. I have seen some MAJOR screw ups from MS, believe me. But, I would just ask that they fix it (and they usually do, even before I knew it was a problem to begin with) and move on.
I pointed out the article because it was nice to see stats on Linux for a change, and found out that an OS with a far smaller user base than Windows seems to be catching up with it in terms of holes and bugs.
Quote:Drawing conclusions based on all the informational clutter about Linux and
Windows is frustrating, tiring, and ultimately impossible. Here's a classic
example: We've all heard that the open-source Apache Web Server has about 57
percent of the Web server market, compared with Microsoft IIS, which has 31
percent. Open-source partisans point to this statistic as a victory, but
Microsoft can show that more top e-commerce sites use IIS than use competing
products and that more Forbes 500 companies use IIS than use Apache.
Let's examine a more recent example. In Friday's WinInfo Daily UPDATE
newsletter, I mentioned a set of statistics from BugTraq, a reputable security-
information provider, that shows how various OSs compare securitywise. The
statistics show a surprising trend: When you aggregate all the Linux
distributions, Linux, not Windows, has had the most security vulnerabilities,
year after year.
If you break down those numbers by Linux distribution (despite the fact that
Windows 2000 and Windows NT are lumped together), Win2K/NT had 42
vulnerabilities in 2001 (data is through August only), and the leading Linux
distribution, Red Hat, had 54. In 2000, Win2K/NT had 97 and Red Hat Linux had
95.
I believe that the number of vulnerabilities in a given OS is tied, in part, to
its usage. That is, more popular OSs are hacked more often because they're more
viable targets. Therefore, Red Hat is the right Linux distribution to compare
with Windows because it's the most popular. And because fewer servers run Red
Hat Linux than Windows, yet the number of vulnerabilities in both OSs is
similar, arguably, Linux is less secure. When you factor in usage, Windows
doesn't look so bad.
I read a lot of articles on Linux Web sites that describe Windows as "on the
ropes," but major corporations around the world use Windows servers every day,
and the servers, for the most part, work well. I'm not saying Microsoft has done
a good job of securing its products, and the company's recent decision to focus
on security is long overdue. But statements that "Linux is more secure than
Windows" are definitely not true.
Now, this sounds a lot like what I mentioned earlier, so this didn't come as any sort of shocker to me. However, most of these "holes" are probably in the form of client attacks, and honestly, how many people do you think are out there using Linux as a client? Most patches have been directed at workstation usage since that's where most vulnerabilities are at. I mean, you have to see the trend here and realize that there are WAY more users out there on Windows clients, and most people feel like they are wasting their time writing hacking tools for Linux boxes. That does appear to be changing though, and as it gets more "Windows-like" you can count on there being even more holes in it, especially since there are so many people trying to dictate what should and should not be in a distro.
I am just getting a bit fed up with people claiming that Linux will be *so* much better "when it matures". That's funny, since I have been fiddling with it since '98 and the damn thing hasn't matured that much to me. I was expecting to at least see Star Office in a stronger light than it is, some sort of 3rd party directory service for object/container management and application support that would use said directory service. But instead, we now have 50 text editors. Hurray, I am thrilled. Most people wait until the first or second service pack of a Windows OS before they call it "mature", and that can take up to 18 months. But here, I have waited almost 3 years (and 2 or 3 version levels depending on the distro) and Linux still isn't "mature". They can't keep hiding behind that excuse anymore; you are either in or you are out. Suck it up, and take the lumps. Nobody expected them to be perfect, except for themselves. Personally, I am glad that there are people working on a different OS (even if it isn't BeOS ), but you can't keep covering up failures with excuses such as it being too "new" or that nobody understands it yet. It has been around for a long time now, and the community that backs it needs to accept responsibility for it. I have seen some MAJOR screw ups from MS, believe me. But, I would just ask that they fix it (and they usually do, even before I knew it was a problem to begin with) and move on.
I pointed out the article because it was nice to see stats on Linux for a change, and found out that an OS with a far smaller user base than Windows seems to be catching up with it in terms of holes and bugs.