Security FUD On Linux 679
bobmatnyc writes "InfoWorld reports that Microsoft is planning an "security assault on Linux" by hyping results of a commissioned study pointing to the number of security holes in Linux vs. Windows, the number of days it takes to fill the patches, and by raising questions as to the reliability of code submitted throught the OS process. I suppose if they focus very narrowly on one measurement of security, completely ignore script-level vulnerabilities, default settings vulnerabilities (such as root access for all users), and the demographics of the user population, as well as a zillion other things I'm not clever enough to think of off the top of my head, they may have a point. "
Finally! (Score:5, Funny)
Re:Finally! (Score:5, Funny)
Re:Finally! (Score:3, Insightful)
Re:Finally! (Score:5, Insightful)
I don't know if making "Redhat" a synonym of "Linux" is all MS's fault though.
What in Heck nowhere near as bad as 5 years (Score:3, Interesting)
Re:ha ha... (Score:3, Funny)
Now Bill Gates, pay up.
Re:ha ha... (Score:3, Insightful)
What's funny is that Linux zealots spread Windows FUD in the same manner ezcept for free.
"FUD" is typically reserved for unjustified fear, uncertainty, and doubt. The truth is generally not called "FUD"...
;-)
Re:For me, it's only about FREEDOM and INDEPENDANC (Score:3, Insightful)
FUD tactics _DO_ Work... how do you think microsoft got their current marketshare, and held onto it in the face of superior competition (Mac, OS/2, BeOS)
It certainly wasn't by having a superior product, it is well accepted that given versions of OS/2 BeOS or MacOS have always been superior to the versions of windows available at the same time. OS/2 had the best chance, since at the time not only was it compatible and capable of running windows/dos programs, it was also considerably faster and more sta
Re:As if... (Score:3, Interesting)
Are you implying that Windows is the right tool for the job? For any job? Whoa.
For non-techies, Apple is the way to go. For corporate and/or programming environments, Linux/UNIX is the way to go. Not much room for Microsoft in the middle.
Re:As if... (Score:3, Informative)
'For industrial strength linux applications, there's Linux. For everything else, there's VMWare.' Vmware, bridging the gap between you and your company's proprietary apps.
Ok now VMWare, pay up.
Re:As if... (Score:3, Insightful)
Re:As if... (Score:5, Interesting)
Then I started using *nix. I loaded Linux for the first time in 1992, and have been using it ever since. I was also a Unix system administrator during my career, and was using Sun systems in college before that. I learned the tool building paradigm of Unix, and absorbed awk, sed, perl, python, lisp, java, and a host of tools unheard of in the Microsoft world. Things that I spent hours accomplishing with Windows and DOS, I was accomplishing in minutes with Linux.
From my vantage point, it is plain to see that the Microsoft products are not up to the task of being a general purpose workstation/server operating system. When compared to industrial strength Unix and Linux distributions, it is a toy - and should be advertised as such.
I think the key distinction we need to understand is the ability of an end user to ameliorate security problems and other bugs when they manifest themselves. In *nix, usually the source code is available for modification, or a work around can be accomplished quickly with a scripting language because of the clear text interprocess communication mechanisms available. On the Microsoft side of the house, we are clearly dependent upon the good will and scheduling of Microsoft to get the fix implemented - and there is not much we can do to alter the outcome. So, the choices are independent ability to fix things, as needed - or Big Brother Knows Best; I know what I prefer.
Given the above, Microsoft is never the 'right tool for the job', unless your job is a toy application that is expected to be obsolete within a few years. The simple measure of this is to look at all the DOS applications that are currently being used by end users, versus *nix applications (albeit in GNU form) - *nix wins hands down. Don't believe I haven't tried using various DOS and Windows tools - but they just don't have the overall flexibility and usefulness that can be plentifully found under *nix.
What really boggles me about this whole issue is how people can be screwed by MS a thousand times over (non backwards compatible file formats, blecherous incomplete implementation of java, a malformed central configuration repository that causes complete system meltdowns when corrupted - that end users are not shown how to backup out of the box, etc...the list goes on and on), and yet come back smiling for more! What is really amusing (sad, really) is how I see some people rationalize that they were the ones at fault: "It was silly of me to build my spreadsheets in MS Works 1.4 back in '85 - what was I thinking! I should have copied all those entries across to Excell back in '95". To me this is a red flag that I am being taken for a ride. I woke up. I hope you do too.
Re:As if... (Score:4, Insightful)
People favour the things they favour. That should hardly be surprising.
The interesting question is why, given its relative user base, is Linux favoured so strongly by so many?
I hear very little subjective promotion of Microsoft (except where subjective == for profit), especially given its large user base (I hear a lot of complaints from their users, though). Isn't the relative intensity of voluntary, subjective lauding of software an assessment as objective as any at the end of the day?
Reward Program? (Score:5, Interesting)
Agreed (Score:5, Interesting)
Re:Reward Program? (Score:5, Insightful)
Re:Reward Program? (Score:4, Insightful)
Re:Reward Program? (Score:5, Insightful)
Re:Reward Program? (Score:3, Funny)
LOL. The correct quote is, "Microsoft 's Marketing Group is taking security hype seriously."
I think it was a misprint. Seems Bill doesn't know anything about the security initative that his marketing group spoke of.
Re:Reward Program? (Score:3, Interesting)
This complete and utter nonsense is almost designed to piss people off, so it's only a logical step that it might become an attempt to further discredit Linux and other free / open source software by portraying Linux developers and enthusiasts as untrustworthy, irresponsible, disrespectful, malicious individuals. As long as we make it through this PR thing (
Re:Good Call! (Score:5, Interesting)
Well, I don't know about that, but I think it will change the makeup of the virus-writing community. If Microsoft had done this 10 years ago, it might have made a small effect. I have gotten the impression that, back then, virus writers mainly did it for exposure and bragging rights. If you could no longer brag about it because it increased the odds that someone you bragged to would turn you in for $$$, it might have dissuaded a fair number of virus writers.
However now, a substantial number of virus/trojan/worm writers seem to write cyber-parasites to get zombie machines to play core wars-style turf games on the Internet (such as DDOSing the people they don't like) or to spam for money.
The motivation is no longer the same and these bounties are likely to have much less of an effect. It's too little, way too late.
Remotely vs. locally exploitable (Score:5, Insightful)
Re:Remotely vs. locally exploitable (Score:5, Interesting)
Talk about shooting yourself in the foot (Score:5, Interesting)
Re:Talk about shooting yourself in the foot (Score:5, Funny)
Re: (Score:2)
Easy Answer (Score:4, Informative)
On the other hand, OS can win the desktop domination war by creating better systems that are less vulnerable in real world situations if we focus on grass roots marketing.
Re:Easy Answer (Score:5, Insightful)
An obvious example is integrating their Web Browser into their OS to screw Netscape, a political decision taken by his Billship. Bugs in IE lead to the equivalent of root exploits, bugs in Mozilla mean that one user account can be compromised.
Another political decision has been to install software to offer all kinds of services, basically to keep third party vendors out. This software defaults to being active. What was that database port vulnerability again? Another consequence of this is that a virus/worm writer has reliable idea as to what components will be running/active.
They have the cash for PR *and* fixes, but political decisions have led to a situation where this does not help. Having said that, if as many computers ran Linux as the various Win versions, we would also be seeing more problems that at present - they just would not be as serious.
Re:Easy Answer (Score:4, Insightful)
One very telling fact, IMHO, is that currently Apache holds over 3x the market share for web servers compared to MS's IIS. (Source November Web Server Survey [netcraft.com] - 67% vs 21%.) Yet look at the number and type of security alerts for each over the past year or two.
An evil play?? (Score:4, Interesting)
If they like many of us see Linux as the biggest credible threat out there, they might resort to fighting dirty. Linux does have the potential to shift the paradigm of the whole IT industry in the same way that Microsoft themselves did through the 80s and 90s. Sun et al are already feeling the heat in the server market. I'm certain that Bill and co are getting twitchy about how things are developing.
We all know Microsoft is pretty cold and calculated when it comes to competitors. If Linux is next in the firing line, the open source community needs to be ready for this battle and the wars that will follow...
Can you keep a secret? (Score:3, Insightful)
If you are saying nudge, nudge wink, wink that Microsoft has programmers looking thru FLOSS source for vulnerabilities, well, it wouldn't stay secret for long. They would be overheard bragging to each other, or misdirect a memo or email, or have second thoughts.
In addition, if these Microsofties are as good and hard working as the propoganda mills claim, then good that someone is finding more bugs for us.
Plus, these Microsofties won't be doing anything evil for the evil
Great! You find, we fix. (Score:3, Insightful)
[...]
If they like many of us see Linux as the biggest credible threat out there, they might resort to fighting dirty.
The thing is, most OSS developers I know (myself included) welcome public review and full disclosure. If I get advance notice of a security problem, I look at that as a luxury, and have
Re:An evil play?? (Score:5, Insightful)
This has been a long time coming, from the looks of it--Many of you are probably familiar with the Halloween documents [opensource.org], "an internal strategy memorandum on Microsoft's possible responses to the Linux/Open Source phenomenon." This was back in 1998. MS verified the documents as authentic but claimed it was "a mere engineering study that does not define Microsoft policy."
They've probably been building up a case for a long time. But as Linux is systematically sound, they've apparently been forced to find specific, technical problems since their Ominously Vague Murmurs don't seem to be taking. The problem for them is whatever they pick is, by definition, fixable and not an element that defines Linux as Linux. Additionally, if you find 50 holes in Linux and 25 in, say, Windows Server 2003, that's not nearly as relevant as the average lifespan of the hole. With all the Linux distros, there may be dozens of holes at any given time, but there is only one Windows Server 2003. I challenge them to focus on one major distro.
Lastly, MS is has been coming off increasingly hostile and banging the "Linux BAD!" drum so obsessively, that they run the risk of sounding like they're accusing corporate Linux licensees of incompetence, rather than trying to merely educate them.
Easy Question to Ask (Score:5, Informative)
How many Windows Security Threats have made me work over 24 hours straight? 1 every 2 two months in 2003
Guess which OS I like to support?
Re:Easy Question to Ask (Score:2)
Hint: You don't have to like it.
Re:Easy Question to Ask (Score:3, Insightful)
Job security like a janitor who runs around throwing dirt and trash on the floor?
Re:Easy Question to Ask (Score:4, Funny)
Wake up, day 1, to phone call saying "all our computers are shutting down randomly!" You grumble and go to work.
At work, you pop in your trusty f_prot or other comparable antivirus software and BAM! There's Blaster/SoBig/Klez/whatever staring you in the face. You yell at a random staffer for opening attachments at work.
You begin isolating and cleaning all infected machines. You run scans on a few other machines just to make sure.
You lecture the entire office once again on how it never really is a cool screensaver or neat program that their friend sends them in the e-mail.
Two hours later someone comes back to your room carrying a printout of an e-mail with an attachment. "Is this a virus?" They ask. You cringe. The printout contains the words "application/octet-stream." You manage to croak something and nod hoarsely.
You grab your antivirus disk again and go clean the Klez off all the machines in billing. For a second time. You curse Outlook violently at this point and time. You are probably becoming irrational and violent, like an enraged monkey.
You go home at the end of the day and dream of playing Russian roulette with a shotgun.
This continues for a week until Microsoft releases the patch, which you download and install. You think everything will be OK for a while.
You get a call the following morning. Some idiot brought his laptop up from home, and his kids had been using it. You now have 30 more viruses to clean! Fun!
You tell your boss that he could pay you 1/3 of the pay he does (minus overtime) if he'd just go buy some Macs or let you install Linux on the office computers. He strokes his pointy hair and laughs at you.
You die cold, bitter and alone, and Bill Gates torments your soul for all eternity.
Re:Easy Question to Ask (Score:3, Informative)
Get fancy and put the laptop users on a separate segment with antivirus running on the gateway to the rest of the LAN.
Or you could add the Level1Add key to the registry at HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\O u tlook\Security and put
There's many better options than trying to e
Re:Easy Question to Ask (Score:5, Insightful)
Re:Easy Question to Ask (Score:3, Funny)
One of those foreign mythical events, very simular to a "bonus"
Another 'comissioned' report... (Score:4, Interesting)
And I just wish that the comments & replies of key figures in the Open Source community made the headlines in the same way as these 'reports' do.
Re:Another 'comissioned' report... (Score:4, Funny)
Yeah, but do you SEE it? (Score:2)
Check that Nigerian 419 article [syllabus.com] (this was in last week's
MS is like politicians. (Score:4, Insightful)
MS sells themselves to the public by issuing press releases. They can say whatever they want, as long as they make a claim that they're doing something. There is no accountability. No one holds them responsible. Consumers keep throwing money at MS. Occasionally, someone points a finger, but MS then releases more press releases about vaporware due in 200x.
Politicians do the same thing, "We need to spend more money on _____. We've been spending money on _____ for ___ years, and we've not solved the problem. We are renewing our effort."
In other words, "We're going to light some money on fire, pose for a few photos with the underprivileged, and then waste a lot of money on cigars, dinner, and entertainment."
Microsoft has excellent people playing the press release game. Everyone sells Microsoft products for MS.
How many people have actually met a Microsoft employee? Yet 1/2 of the planet owns or uses something with Microsoft products in it.
News flash (Score:2)
Ob "security through obscurity" post (Score:4, Interesting)
That's why Microsoft is so committed to solving security through obscurity -- they believe that keeping the flaws secret will keep crackers from developing exploits.
The "study" will also no doubt find that Microsoft fixes their bugs much faster than open source programmers since the Windows bug and downloadable fix are often announced on the same day.
Moving weel on into stage 3... (Score:5, Insightful)
Then they laugh at you
Then they fight you
Then you win
Mohandas Gandhi
Re:Moving weel on into stage 3... (Score:3, Funny)
Re:Moving weel on into stage 3... (Score:3, Interesting)
This quote is meaningless, except in hindsight. For instance, if Ghandi had used the same tactics in Hussein controlled Iraq, insetad of British controlled India, the quote would go
First they ignore you Then they laugh at you
Then they fight you
Then you die.
He would have ended up in a mass grave with the other 300k people.
You forgot one point... (Score:2)
If they highlight the supposed flaws against the Open Source model by highlighting any back doors that may have been inadvertantly placed in the Linux kernel. (Conspiracy hats on.)
MS will win, of course, they are running the test. (Score:2)
How about I point at one thing. (Score:2, Insightful)
And then I point at the number of similar-scale linux worms that have occured in the same time period.
And then note that despite the fact nothing but Windows worms so much as *register* on the scale, Windows is not a majority in the server space.
uh... wtf? :) (Score:3, Insightful)
>> an "security assault on Linux"
Microsoft prefers marketing...
Linux prefers a solid product...
Perhaps Microsoft should spend some more money on fixing their own products instead of trying to bring down others, it's turned in to a politcal compaign for them.
Reaching towards the goal (Score:5, Interesting)
First, they ignore you, [cnn.com]
Then they laugh at you, [guardian.co.uk]
Then they fight you, [infoworld.com]
Then you win. [eweek.com]
- Mahatma Ghandi
Re:Reaching towards the goal (Score:4, Insightful)
1) First they ignore you
2) Then you screw up and fail!
1) First they ignore you
2) Then they laugh at you
3) Then others laugh at you, and you fail!
1) first they ignore you
2) then they laugh at you
3) then they fight you
4) and they win !
Where are all those people ? I'd reckon they're still running OS/2.
Re:Reaching towards the goal (Score:5, Insightful)
It's been said many times before, but it bears repeating:
The truthfullness of a statment is independent of the number of times it is repeated. (Is not! Is too!, is not! is too! is not times infinity!)
First, they ignore you,
Then they laugh at you,
Then they fight you,
Then you win.
SCO have been ignored, laughed at, are being fought at the moment, so do you expect them to win too?
Linux isn't perfect (Score:5, Insightful)
There is an understanding that MS is also not perfect. People expect security holes, and bugs and crashes.
I think it is good that this might result in a nice list of where linux has gone wrong in the past, and what hurdles to overcome in the future.
If the competition wants to make you the "Build a better OS HOWTO" I think they should be as free as anyone to add to the LDP.
Free publicity (Score:3, Insightful)
Think about it, the article mentions Red Hat and lets them discuss what think of the whole matter.
Hardly suprising (Score:5, Insightful)
Isn't that a given?
Anybody looking to a vendor to provide accurate data about its products or the products of its competitors deserves the crap they get.
DG
Re:Bill Clinton also got caught lying... (Score:4, Funny)
Root access? No. (Score:5, Insightful)
such as root access for all users
On Windows, even the Administrator account (which is the level that lots of people log in to) is not really root access. The Local System account is comparable to root. The Administrator has control over all user-controllable parts of the OS but there are parts that are not user-controllable.
Re:Root access? No. (Score:5, Interesting)
Re:Root access? No. (Score:3, Insightful)
Now, to fix it is a cinch. Boot from favourite recovery CD ( Gentoo LiveCD for me), mount
On Windows 2K, right click My Computer, Manage, and go into the Disk Management. Change the C drive letter to X and reboot. What steps do you have to take to fix it then? (And it's a genuine question.)
What about doin
Re:Root access? No. (Score:3, Informative)
Or.. for other versions (NT or W2k), boot from the OS CD you installed from, choose R for repair, then C for Recovery Console. correct boot.ini.
If you change the drive letter from C: to X: the OS will still load (you mean, you thought you had to load Windows on primary partition called C:? shame). Some apps won't run properly though (fair enough really, they were coded to read
Great news! (Score:5, Funny)
China distributes Linux code? (Score:3, Insightful)
Ummm, because we can look at it before we install it instead of just 'trusting' someone that it is good?
And just how much code comes out of China anyway!?
It would not come as a shock (Score:3, Flamebait)
http://slashdot.org/article.pl?sid=03/11/06/058
Just what lows are they willing to sink to?
Or am I just paranoid?
Let's see, a corporation that stands to lose hundreds of millions of dollars in revenue to an open-source collective effort...
If I were MS, I know I'd be afraid and might even do something like that....
Has there been any new information on the security breach?
They still don't get it .... (Score:2)
How about because I can look at that code, know 100% for certain what it does, and fix / customize / improve that code as I see fit? By definition, that does make it "better".
Re:They still don't get it .... (Score:4, Insightful)
No. It makes it better for YOU. 0.5% of people who use a computer. How is that BETTER?
Nuts. It makes it better for everyone. Look at it this way: would you rather take a drug that has been tested by hundereds or thousands of independent testing labs around the world, who published their results for all to see, or one that was produced by some big company who assured you that theirs was safe and effective, but wouldn't tell anyone what was in it?
You don't have to be an independent testing lab to benefit from the existence of independent testing labs. Likewise, you don't have to be a coder to benefit from open source software.
-- MarkusQ
Ballmer comment... (Score:2)
And at the end of October, Ballmer gave the audience at Gartner's autumn symposium a taster of what was to come when he attacked Linux's assumed security superiority. "In the first 150 days after the release of Windows 2000," he said, "there were 17 critical vulnerabilities. For Windows Server 2003, there were four. For Red Hat Linux 6, they were five to ten times higher."
Yes.. some more classic FUD. But something did strike me about this comment. If they were to talk purely about
Kill them all.. (Score:2)
Looks like its welcome to the prime-time Linux.
Too long to fix bugs? (Score:2)
Too long to fix bugs? Please. There might be other chinks in the Open Source armour that could be exagurated to make newpaper inches, but the speed of the bug fixes? No way.
PS. How do you spell that damn word? Exagerated?
The weakest link (Score:2)
I'm increasingly convinced that a lot of the secureness of Linux boils down to better and more cautious sys admins, and, if this is the case, things can only get worse from here on in. If you run all your linux code as root and your password is 'password' (and I've met at least one person who does this), I don't think you have a wonderfully secure system. OTOH, W2K Server with the Security Pack applied is not a trivial thing to hack.
MS takes security seriously (Score:2)
Oppurtunity (at last) (Score:2)
This is the opportunity for community leaders to finally start talking about the FUNDAMENTAL architecture differences between Windows and Unix variants that allow security issues to be contained (permissions/groups). It allows us to talk about the superior response time in fixing exploits, as well as the power of open coding in spotting them in the first place.
I think this type of FUD campaign
Two things: (Score:2)
Fact is, the more people use linux, the more people will be looking over it's code (for good and ill intents). And the more people who look into the linux code, and the more users linux has, the more security flaws will be found and exploited.
Point being, sure, now linux is secure as houses (yeah yeah, also due to it's structure and whole OS mindset), but the more peo
first time SCARE to connect to the net... (Score:3, Insightful)
The Chinese know.... (Score:5, Interesting)
Sounds more like our government had better look at who is more secure.
Projection (Score:3, Insightful)
"We are fastest to attack others for the weaknesses we most fear in ourselves".
OK, I just made it up, but it's true anyhow.
Users are the security problem (Score:5, Interesting)
The point is this: When it comes to programmer-related problems (buffer overflows, etc) Windows and Linux seem about equal. The big problem with Windows is that Microsoft's focus has been entirely on "ease of use" for people who know little or nothing about computers. That's how you sell lots of computers (and lots of copies of Windows). They created all sorts of nifty features (scripting, etc.) and turned them all on by default -- never giving a moments thought to the harmful ways that these features could be used
Windows, in the hands of a knowledgeable person, can be just as secure as Linux.
But, "right out of the box" it's a security mightmare -- a disater waiting to happen.
Re:Users are the security problem (Score:5, Interesting)
Windows, in the hands of a knowledgeable person, can be just as secure as Linux.
In another dimension...
Tell me - can I not install any vbScript? Can I not install IE or Outlook Express? Can I UNINSTALL IE once it's installed? Can I skip RPC? What about messenger? What about the GUI? What about any of those dozens of services that run by default on my XP box?
Can I install JUST a linux kernel and the absolute bare bones minimum of tools for my box if I'm so inclined?
It's possible to tweak Windows down to help shrink your liability, but never as far as you can go with Linux.
Otherwise, I agree with most of what you said - especially about the users. It might helpful to look at it the OTHER way: in the hands of an idiot, Linux is just as dangerous as Windows. In fact, probably more-so because it's faaaaarrrrr more powerful.
Comment removed (Score:3, Interesting)
Balmer's PR mistake (Score:4, Funny)
That should have been, "terrorist hacker in China."
Lets have a go at this, then... (Score:3, Informative)
"In the first 150 days after the release of Windows 2000," he said, "there were 17 critical vulnerabilities. For Windows Server 2003, there were four. For Red Hat Linux 6, they were five to ten times higher."
Now I'm going to figure that he's saying there were somewhere between 20-40 'critical' vunerabilities in Redhat 6 in the first 150 days post release.
I assume that the reason he's picked Redhat Linux 6 for this comparison is that it was the release which moved to glibc 2.1, and migrated to the 2.0 kernel. So he's picked a big move for Redhat, instead of a point release. This isn't entirely fair (in fact its hard to draw a close comparison on security issues) due to the fact that Redhat 6.0 was released in April of 1999, whereas windows 2000 wasnt released until February of the following year. Furthermore Microsoft (wisely) relied heavily on a certain "Break into Windows 2000" campaign to test the hell out of that OS. (remember the guestbook on that server? what a riot)
Finally, comparing Redhat 6 to Windows 2003 is outright foolish. We may as well compare a freshly patched Redhat 7.3 to NT Service Pack 2 (though even this is an unfair analogy, 7.3 is far more stable than Win3k server).
In sum: Bah.
99.9% of all viruses in wild - Microsoft only (Score:3, Interesting)
Sobig, Mimail, Sircam, Lovebug, Nimda, Code Red the list goes on.
Microsoft will say that this is because most computers on the Internet run Windows, but a look at netcraft.com shows that more than 2 thirds of web servers run Apache, and only about 20% run IIS.
Windows has more than 90% of desktops, but not more than 99.9%. I run Linux on my desktop, and don't even bother to run the Sophos antivirus client I have a license for, no point, no one could infect my desktop with any of the 80,000+ viruses sophos detects.
If Microsoft are going to try this one then they will have to tell lies and pay for carefully run studies.
I bet they will not compare Windows and Linux viruses!!
Linux and Security Holes (Score:5, Funny)
The major security problem... (Score:3, Interesting)
Microsoft IS FASTER (Score:5, Insightful)
The problem is that they won't acknowledge a bug until they already have a fix for it. Often bugs are known about by the world for months, and MS says there's no such bug. When they do acknowlege it, then yeah, there's a fix out within hours or a day or two at most.
So, apples and oranges. If Linux takes 4 days to patch a bug as soon as it's known, and Windows takes 4 months to acknowlege a bug's existance, then 2 days to patch, which is better?
Meet 'tu quoque' (Score:5, Insightful)
So, even if Linux was the most bug-ridden operating system with massive security holes, it wouldn't even matter. It certainly doesn't excuse one of the largest and most powerful software companies on the planet, i.e., one that can marshal a massive amount of resources and money to produce respectable software, from the ridiculous numbers of security issues and bugs that arise in almost every product they release.
Politicians love tu quoque, by the way.
Thank you MS (Score:3, Insightful)
1) Make developers aware of bugs.
2) Encourage developers to fix said bugs
3) Ulitmately, Linux will get more reliable and secure.
MS should learn from their attempt to beat Apache - Open Source is a force of nature.
This is a dangerous strategy (Score:5, Insightful)
Pointing out that a some other, "free", product has flaws is hardly a good defense for flaws in an expensive one.
A customer who takes this advice and removes Linux simply makes any Linux problems irrelevant - it doesn't make the past, present, and future Windows security problems magically go away.
Linux vs. Windows (Score:3, Insightful)
Default install of Windows 98 compromise time: 4 years and counting...
I'm going to get modded down for this, but if I click the default crap on any Linux distro I'm more than likely going to install some god-forsaken client (in the case above, an ftp service) that will sit on an open port and eventually be scanned and compromised.
How is this any better than the RPC exploits?
I'd feel a lot safer if installations of *nix had easy to understand installation options.
Sure, someone can brag that you can get infected by Nachi in 6 seconds with an XP machine, but how often do you get rooted? How quickly do you notice? Is Linux as "fire-and-forget" as
Stick with Apache on *dows.
Re:Linux vs. Windows - wha? (Score:4, Insightful)
Are you stating these as times since you did an install until you got compromised?
Becuase if you have a Windows 98 default install and give it an unfirewalled connection to the Internet with a real IP address you've got 5 maybe 10 minutes before you're compromised.
I'm assuming you meant ftp server and not client, as for your box to get 0wn3d through a client requires your participation to some level.
The Nachi virus *does* root you. That's what's amazing about Windows. Many Linux vulnerabilities allow some types of access, but full remote root vulns in Linux itself are rare. Windows just doesn't seem as infected becuase most virus writers aren't out to wreck your machine and delete your data. Nachi, or any of the other ones, could have easily deleted your files, or read them and mailed the goods to the bad guys.
I'd stake money that one day in the next couple of years some malicious virus writer will strike, and all Windows users will realize that every virus since Melissa has had full control of their computers. Unfortunately, until it happens, nobody will think that virus' are more than minor nuissances.
Duh? (Score:3, Interesting)
If you install a workstation, you must explicitly request servers. You must punch holes in your firewall to run some software.
Wait a moment... (Score:3, Interesting)
Re:Spreading FUD in a submission about FUD (Score:5, Informative)
Tom
Re:Spreading FUD in a submission about FUD (Score:2, Informative)
Re:Spreading FUD in a submission about FUD (Score:2, Interesting)
Just because their name is not Administrator does not mean they don't have admin rights on the system.
Re:Spreading FUD in a submission about FUD (Score:5, Insightful)
This hole exists and actually has working exploits [microsoft.com].
Re:Root access for all users?? (Score:3, Interesting)
Windows has many levels of user access. The administrators group is closest to the concept of 'root' in the world of unix, but it isn't identical. Local System is the real 'root' user, which you cannot log in as.
It's perfectly permissable to run Windows not as a root user. And like Linux, this causes problems, and will require you to escalate priveleges to do certain operations (think: mounting a network share which requires elevated access in linux, or binding to por