MrMagoo, you will be interested to review the analysis documented in Windows Vista - 90 Day Vulnerability Report, which shows that Windows Vista (and Windows XP as well) had fewer security issues in the first 90 days following their release than either Red Hat Enterprise Linux, SUSE Linux Enterprise Desktop, or Ubuntu.

The key point in my posts isn’t to argue to that Windows is more secure than Linux, but rather to encourage a thoughtful reader to question the commonly held idea that Linux is more secure than Windows.  My perception is that many in the Linux community have an almost religious “devotion” to the belief that Linux is more secure than Windows, even in the presence of a growing body of contradictory evidence.  In my opinion, such evidence ought to cause an intellectually honest person to pause, and to possibly alter their position.  At a minimum, a summary statement on the issue ought to be “the assumed security superiority of Linux over Windows is questionable” (as opposed to “Linux is more secure than Windows”).

While I agree that any platform can be run securely, we've agreed that users often aren't experienced enough, observant enough, or motivated enough to take the necessary steps.  With Linux, things are often either secure by default, or you are forced to configure them securely before they will run. 

And I think I'll leave off this argument where I started it - I try not to have this discussion with anyone who hasn't personally run Linux long enough to become familiar with it.  It is difficult to understand the security inherent in Linux until you've used it.

I thought I post a quick link to an article I was reading about a new service where people can subscribe to virus updates.  Not antivirus, but virus updates.  The idea is that spammers and evildoers can pay a monthly fee to get fresh exploits.

What caught my eye is this this section from the article:

...many exploit providers simply wait for Microsoft's monthly patches, which they then reverse engineer to develop new exploit code against the disclosed vulnerabilities...

I think that really drives home the point that patching security holes quickly is a good thing, but it is much more important to not have security holes in the first place, since people are often slow to patch their systems or don't even know that they should be patching them.

Of course, taken from another angle, this underscores the importance of updating your computer frequently, something I think Windows and Linux have made easy for end users to do in the latest versions.

Edit:  Here is a link to the full article - http://www.computerworld.com.au/index.php/id;838771320;fp;16;fpid;0

Interesting link.

Quote:
Source:  Linux Community Looks Past Microsoft

No pre-release testing on Linux?  The user community is primarily responsible for “tracking down bugs”?  Could this be one reason why the “days-of-risk” with Linux is so high as compared to Windows?

nice, lucid post.

slightly off-topic, in reference to 'reverse engineering' .. is it possible, with available tools, for a hacker to decompile windows and and see all the source code?

.. or do they only get an *idea* of what the source looks like?

tho some may disagree, i like the idea behind this statement:

Quote:

For something like Windows, though, would a hacker really need all the source code?  That seems like it's overly-complex.  After all, Windows' goal was to use Jobs' GUI to make a user-friendly, and easily accessible system.  In doing that, it seems like they've laid a lot of security flaws out in the open.
It's not that hard to learn Registry functions, Bios tweaks, or (though it seems to be phasing out) Dos hacks for Windows.

I have not misunderstoond the "days of risk"; you have misunderstood the difference between a vulernability and an exploit.  Just because a vulernability is publicly disclosed doesn't mean that millions of script kiddies know who to exploit it.  There is a big gap between knowing of a vulernabilty and exploiting it.  Most of these kids don't know much - or anything - about programing.  They don't understand memory locations or buffer overflows.  They need a script they can run that will expliot the vurnability for them - hence the name script-kiddie.  It takes significant talent and time to write such a script - which is how a vulernability can be patched before it can be easily exploited, even if it is publicly disclosed for some time.

The idea behind disconunting the opinion of peopley who aren't familiar with Linux is not to close myself off from opposing points of view or different perspectives.  The idea is to take the oppsoing point of view with a grain of salt due to the limited insight available to someone who has no idea how Linux works.  The methods of gaining access to files, limiting permissions, and preventing configuration changes is different between Linux and Windows, so some knowledge of how the system works is necessary to comment intelligently on studies like this.  I used Windows exclusivly for years, and continue to use it on a daily basis.  I favor Linux based on my knowledge of both systems and my first hand experience.  I welcome you to install and run a Linux distribution for a few months and learn how it works and then provide us all with your reactions to what you find.  I would be very interested in the reactions to Linux of an analytical long-time Windows user like yourself.

I extend this challenge to you and anyone else willing to take me up on it:

Try it.  Try Linux.  You might like it.  And if you don't, I honestly will want to hear why.  If I agree with you, I'll even work on submitting feature requests to the relevant devolpment team(s) to make Linux better.  I've written a guide that should make Linux approachable for someone with any level of experience.  If you find anything incorrect or lacking in my guide, I would really like to hear about that too.  I am always open to feedback on my guides, and would welcome any oppertunity to improve it - especially since you are just about the exact type of computer user I was targeting when I wrote it.