Windows beats Linux / Unix on vulnerabilities

deafclimber

deafclimber

New Member
Joined
May 23, 2003
Messages
3,566
Reaction score
0
deafclimber said:
this is a better news for little faithful ms windows ppl like me. i did see several other news like this article about windows with less vulnerablities. :smoking:
Click to expand...

Original URL: http://www.theregister.co.uk/2006/01/05/windows_linux_unix_security_vulnerabilities/

Windows beats Linux / Unix on vulnerabilities - CERT
By Gavin Clarke in San Francisco
Published Thursday 5th January 2006 09:41 GMT
It might not feel like it, but Windows suffered less security vulnerabilities than Linux and Unix during 2005.

Linux and Unix experienced more than three times as many reported security vulnerabilities than Windows, according to the mighty US Computer Emergency Readiness Team (CERT) annual year-end security index.

Windows experienced 812 reported operating system vulnerabilities for the period between January and December 2005, compared to 2,328 for Linux and Unix.

CERT found more than 500 multiple vendor vulnerabilities in Linux and Unix spanning old favorites such as denial of service and buffer overflows, while CERT recorded 88 Windows-specific holes and 44 in Internet Explorer (IE). For a complete list of vulnerabilities, you can visit the CERT site here (http://www.us-cert.gov/cas/bulletins/SB2005.html).

The annual poll does not include the Windows MetaFile (WMF) vulnerability, which has become the most widely (http://www.pcworld.com/news/article/0,aid,124179,00.asp) reported attack on Windows according to security and antivirus specialist McAfee since being reported on December 28.

News of Windows' relative security will prove little comfort to millions of computer users now bracing for the latest attack of the Sober worm variant due this week (http://www.infoworld.com/article/06/01/04/HNnextsoberworm_1.html?9809798).

CERT's data underlines the scale of the challenge faced by Microsoft on security, four years into the company's highly publicized Trusted Computing initiative.

Despite posting fewer vulnerabilities than its Unix and Linux challengers and Microsoft going out its way to talk up its "progress" (http://www.microsoft.com/presspass/features/2005/dec05/12-21Security2005WrapUp.mspx) in security in 2005, it is attacks on Windows that still cause more concern and generate most headlines.

The reason is that, unlike Linux, Windows has greater potential to cause harm because of its presence on desktops in the hands of users who receive self-propagating worms, click on email attachments and download malicious code. And while it seems just as each hole is fixed, a new vulnerability is unlocked elsewhere in the vast Windows code base.®
 
beware: MS doesnt fix any patch for windows 98 and ME for good. windows 2000 will be tossed out in 2010 for good.
 
*whistle*
I knew it.. MS doesn't fix any patches old prevouis win98/2000/me....

Will come next xp too... who knows.. :Ohno:
 
My linux never had any vilnerability issues because i simply dont go to those websites and open email attachments like most suckers do these days.

Richard
 
well, that's not a fair stats, it says so there. Windows is NOT less vunerable than UNIX, why? They combined many different UNIX varieties to total that many. It's pretty stupid to combine all of them to make Windows look good, Windows is still MORE vunerable than UNIX. :)
 
There's also something really critical to note that of course Microsoft doesn't even consider discussing.

Most Linux, BSD and OpenSolaris security bugs are found and fixed before anyone installs the software because of Linus's Law that all bugs are shallow with enough people watching. Free Software developers do have other people look over their code before they make a release, y'know.

Additionally, when a bug is discovered after a release, there is usually a vendor patch available within a few hours of the bug's discovery... Contrast that, with Microsoft's policy of forcing you to wait at least two weeks.

Also, the number of Windows bugs is kind of out of scope--Are we talking about the operating system or applications? And are Windows Media Player and Internet Explorer applications or part of the OS? If they are the latter, then perhaps MPlayer and Firefox should be factored in for Linux/BSD, but...

Windows is very secure. If you don't use the Internet. That can be said about any OS.
 
deafclimber said:
beware: MS doesnt fix any patch for windows 98 and ME for good. windows 2000 will be tossed out in 2010 for good.
Click to expand...
well, businesses, schools, governments still use 2k and some older business computers can't handle xp.
 
Nesmuth said:
My linux never had any vilnerability issues because i simply dont go to those websites and open email attachments like most suckers do these days.

Richard
Click to expand...
It's not just Linux, but all operating systems. People should use their common sense before clicking on links.

One good example would be those AIM viruses. No, I'm not talking about sending a virus through AIM... but a link that's sent through AIM that leads to a virus. The link is harmless, but clicking on it will cause the virus to work. Why did I bring this up? It's similar to using common sense. People get IMs from other people saying something like, "hey, check out my pictures... click here". Well, that link is usually a virus. The virus takes over another person's AIM and sends the same message to everyone on that person's buddy list. Everyone should know that most people send pictures using Direct Connect or File Transfer, but not to websites. Websites are very rare. Secondly, rolling the mouse over the link should usually show the actual URL of the link... which usually ends with ".SCR"... a virus. Secondly, I've heard of people clicking on those links without thinking about that person's background. For instance, this person IMs me a lot... but rarely shows me pictures of herself or anything. If she does have pictures, she always sends them through email or through file transfers. She is internet illiterate. So, I know that if it was an IM with a link to her pictures... that's a red flag that something is wrong. So, I use my common sense and not click on it. Sadly, other people do it anyway... in a similar situation. They just don't think. So, besides blaming the people who send viruses... we should be blaming people who were stupid enough to actually click on that link or download an attachment that was obviously a virus. ;)
 
yeah vamp, internet is dangerous unless you're protected by firewall and antivirus.
 
rjr2006 said:
yeah vamp, internet is dangerous unless you're protected by firewall and antivirus.
Click to expand...
Yep. But, protection is not always the issue. Common sense is. It's like having a gun. Guns don't kill people. People do. If I am going to look at porn, I should be prepared to expect pop-ups and spyware. If I get an IM from someone saying to click on a link (when I am fully aware of the fact that this person does not like to share pictures), I know not to click on it. Nothing is 100% safe.
 
rjr2006 said:
well, businesses, schools, governments still use 2k and some older business computers can't handle xp.
Click to expand...


i am aware of that. what is more that i have wins 2k on my old pc. it runs just fine. 4 more years to go is plenty of time.... yet 98 and ME are just history to microsoft... no more patches or no more updating stuffs..
 
VamPyroX said:
Yep. But, protection is not always the issue. Common sense is. It's like having a gun. Guns don't kill people. People do. If I am going to look at porn, I should be prepared to expect pop-ups and spyware. If I get an IM from someone saying to click on a link (when I am fully aware of the fact that this person does not like to share pictures), I know not to click on it. Nothing is 100% safe.
Click to expand...

agreed !
 
GalaxyAngel said:
*whistle*
I knew it.. MS doesn't fix any patches old prevouis win98/2000/me....

Will come next xp too... who knows.. :Ohno:
Click to expand...

nah u shuldt worry bec xp is still young... probably xp will be discontinued next 8 to 10 yrs.
 
Nothing to safe.

Just be smart what u do.

I sick of someone said Mac is safe!
no.. Linux is SAFE
no... UNIX is SAFE
NO... Sun is safe!
blah blah

If u still worry then put computer back in the box then return to store and refund it.
 
rjr2006 said:
well, businesses, schools, governments still use 2k and some older business computers can't handle xp.
Click to expand...

Believe or not. My father still use Windows NT with RAID *no idea what channel he use* for server at his store. No problem since ummmm 1997 or something... well just failed SCSI hdd once and replace new SCSI hdd then no problem. No reformat and no defrag. Finally start Defrag two years ago that I gave a software to my father. Windows NT do not have defrag program.

http://www.oo-software.com/en/index.html
 
VamPyroX said:
One good example would be those AIM viruses. No, I'm not talking about sending a virus through AIM... but a link that's sent through AIM that leads to a virus.
Click to expand...

The problem isn't all common sense. Common sense is a big factor, but if I am using my computer, I shouldn't be able to get a virus by simply following a link that was sent to me. How did the person that sent me that link get infected? Oh, guess what, they clicked on the link and the virus installed itself on their machine transparently due to flaws in Windows. That's not a problem of common sense, that's virus writers finding something, let's say, pictures, that will socially propogate and will allow them to compromise computers with little user interaction.

I can simply give you a URL to go to in IE and have SYSTEM access on your machine in about ten seconds. If I am smart, I would then have my virus install a rootkit to ensure that you:

A. Cannot restrict my access without removing the rootkit.
B. Cannot remove the rootkit without erasing the harddrive.
C. Do whatever nefarious, evil things I wish to do with my unrestricted access to your computer.

This *SHOULD NOT BE ABLE TO HAPPEN*. This isn't a matter of the user being stupid or the user being intelligent or the user having common sense or not. The operating system should not say to viruses/rootkits, "Sure! Come on in! Our user doesn't know what to do, maybe you know better! How's unlimited access sound? You think that will be helpful? Great! I'll arrange it in a second!"

Windows needs a least-privileged-user execution security system. Supposedly it's going to have one for Vista. It's been a long wait for something so basic that has existed in UNIX and UNIX-like systems since the beginning of time.
 
Teresh said:
Windows is very secure. If you don't use the Internet. That can be said about any OS.
Click to expand...

Snicker. Snicker. ;)

I love Gentoo Linux. I won't go without my dear Gentoo and GIMP and OpenOffice and . . . and . . . even though I know I'm a half sellout and still use XP Professional and Microsoft Office.
 
Endymion said:
I love Gentoo Linux. I won't go without my dear Gentoo and GIMP and OpenOffice and . . . and . . . even though I know I'm a half sellout and still use XP Professional and Microsoft Office.
Click to expand...


Woo! Another Gentoo user!

But I must ask--why XP and Office?
 
Teresh said:
Woo! Another Gentoo user!

But I must ask--why XP and Office?
Click to expand...

OpenOffice do not have Access programs. I still need use Access at my workplace so I use M$ Office.
 
Back
Top