Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
clutch

Is Windows Less Secure than Linux, Not Here...

By clutch, in Slack Space

Recommended Posts

AndyFair    0

AndyFair
Posted

Absolutely - too many people install NT or Win2k server, and assume that MS has automatically set all the security options...it's a bit like buying a car with a super-duper alarm, then expecting Ford (or whoever) to set it when you're not in the car!

 

I believe that the majority of security problems arise because people assume that the default settings are secure...for which MS is only to blame for a small part - using the analogy above, it's like leaving your car unlocked, then blaming Ford when it gets stolen!

 

AndyF

Share this post

Link to post

insaNity    0

insaNity
Posted

that story is obviously an attempt to deter people from linux. Nothing more.

 

[*]The article was written during the one period that windows had less known holes that linux.

[*]The counts are the number of holes found and resolved, not the number of holes. So another way of looking at it is Linux security improved much more than windows during that period.

[/list:u]

Share this post

Link to post

clutch    1

clutch
Posted

I was actually looking at these numbers here from the link on the first article:

 

http://securityfocus.com/vulns/stats.shtml

 

Even with dated numbers, you can see as there are more Linux installations (and it strives to become more "Windows"-like) the holes in it are climbing. So, I guess another way to look at it is since it has even less features than a Windows OS (and far less application support), it is still becoming a great security risk. Or, here's yet another way to look at it; as the installed base grows larger, there's more people changing focus to look for exploits in Linux distros. Hmmm....

Share this post

Link to post

insaNity    0

insaNity
Posted

Or maybe it's just because Linux is still in such a developmental phase with things changing around a lot. Look how many releases there are of it, and how many parallel distributions. Windows has only 2 versions - 9x and NT....which has now become one.

 

or maybe....it's a CONSPIRACY wink

Share this post

Link to post

insaNity    0

insaNity
Posted

Also, look at point 2 in the article:

Quote:
There is a distinct difference in the way that vulnerabilities are counted for Microsoft Windows and other operating systems. For instance, applications for Linux and BSD are often grouped in as subcomponents with the operating systems that they are shipped with. For Windows, applications and subcomponents such as Explorer often have their own packages that are considered vulnerable or not vulnerable outside of Windows and therefore may not be included in the count. This may skew numbers

 

I think this is a pretty major point.

Do you realise just how many optional applications come with these distributions?

 

that would make this quote:

Quote:
since it has even less features than a Windows OS (and far less application support)
basically wrong.

 

As mentioned, I believe that with both systems configured properly, linux is already far more secure. The article is also based on default installations.

 

Whichever is the most secure now, all things aside, I sincerely believe that when things settle - When linux matures and reaches some common standards, It will be amazingly more secure.

There is much greater support for fixing vulnerabilitys in linux.

Share this post

Link to post

clutch    1

clutch
Posted

Basically wrong? How's that? Am I missing something here? It would seem to me that if you offer *less* things that can go wrong, then less thing should go wrong. And that's where I put Linux, in the "less things available to go wrong" catagory. Today I received a newsletter from Windows & .NET Magazine (formerly Win2K Mag), and in it there's a nice editorial from Paul Thurrott about some of these stats. Here's a big portion of it, but I would be glad to forward the whole thing to anybody that wants it:

 

Quote:

Drawing conclusions based on all the informational clutter about Linux and

Windows is frustrating, tiring, and ultimately impossible. Here's a classic

example: We've all heard that the open-source Apache Web Server has about 57

percent of the Web server market, compared with Microsoft IIS, which has 31

percent. Open-source partisans point to this statistic as a victory, but

Microsoft can show that more top e-commerce sites use IIS than use competing

products and that more Forbes 500 companies use IIS than use Apache.

 

Let's examine a more recent example. In Friday's WinInfo Daily UPDATE

newsletter, I mentioned a set of statistics from BugTraq, a reputable security-

information provider, that shows how various OSs compare securitywise. The

statistics show a surprising trend: When you aggregate all the Linux

distributions, Linux, not Windows, has had the most security vulnerabilities,

year after year.

 

If you break down those numbers by Linux distribution (despite the fact that

Windows 2000 and Windows NT are lumped together), Win2K/NT had 42

vulnerabilities in 2001 (data is through August only), and the leading Linux

distribution, Red Hat, had 54. In 2000, Win2K/NT had 97 and Red Hat Linux had

95.

 

I believe that the number of vulnerabilities in a given OS is tied, in part, to

its usage. That is, more popular OSs are hacked more often because they're more

viable targets. Therefore, Red Hat is the right Linux distribution to compare

with Windows because it's the most popular. And because fewer servers run Red

Hat Linux than Windows, yet the number of vulnerabilities in both OSs is

similar, arguably, Linux is less secure. When you factor in usage, Windows

doesn't look so bad.

 

I read a lot of articles on Linux Web sites that describe Windows as "on the

ropes," but major corporations around the world use Windows servers every day,

and the servers, for the most part, work well. I'm not saying Microsoft has done

a good job of securing its products, and the company's recent decision to focus

on security is long overdue. But statements that "Linux is more secure than

Windows" are definitely not true.

 

 

Now, this sounds a lot like what I mentioned earlier, so this didn't come as any sort of shocker to me. However, most of these "holes" are probably in the form of client attacks, and honestly, how many people do you think are out there using Linux as a client? Most patches have been directed at workstation usage since that's where most vulnerabilities are at. I mean, you have to see the trend here and realize that there are WAY more users out there on Windows clients, and most people feel like they are wasting their time writing hacking tools for Linux boxes. That does appear to be changing though, and as it gets more "Windows-like" you can count on there being even more holes in it, especially since there are so many people trying to dictate what should and should not be in a distro.

 

I am just getting a bit fed up with people claiming that Linux will be *so* much better "when it matures". That's funny, since I have been fiddling with it since '98 and the damn thing hasn't matured that much to me. I was expecting to at least see Star Office in a stronger light than it is, some sort of 3rd party directory service for object/container management and application support that would use said directory service. But instead, we now have 50 text editors. Hurray, I am thrilled. Most people wait until the first or second service pack of a Windows OS before they call it "mature", and that can take up to 18 months. But here, I have waited almost 3 years (and 2 or 3 version levels depending on the distro) and Linux still isn't "mature". They can't keep hiding behind that excuse anymore; you are either in or you are out. Suck it up, and take the lumps. Nobody expected them to be perfect, except for themselves. Personally, I am glad that there are people working on a different OS (even if it isn't BeOS ;)), but you can't keep covering up failures with excuses such as it being too "new" or that nobody understands it yet. It has been around for a long time now, and the community that backs it needs to accept responsibility for it. I have seen some MAJOR screw ups from MS, believe me. But, I would just ask that they fix it (and they usually do, even before I knew it was a problem to begin with) and move on.

 

I pointed out the article because it was nice to see stats on Linux for a change, and found out that an OS with a far smaller user base than Windows seems to be catching up with it in terms of holes and bugs.

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Slack Space
×