Welcome, Guest. Please Login
 
  HomeHelpSearchLogin FAQ Radified Ghost.Classic Ghost.New Bootable CD Blog  
 
Pages: 1 2 3 ... 5
Send Topic Print
Windows as Secure as Linux (Read 62849 times)
Pleonasm
Übermensch
*****
Offline



Posts: 1619


Back to top
Windows as Secure as Linux
Oct 27th, 2006 at 10:39am
 
It is a debate that will surely continue, but - surprise! – recent data demonstrate that regarding “OS vulnerabilities only, Unix, Linux, Mac OS X, and Windows all had about the same amount of exploits, with Windows actually being slightly lower.”

See:
 

ple • o • nasm n. “The use of more words than are required to express an idea”
 
IP Logged
 

Rad
Radministrator
*****
Offline


Sufferin' succotash

Posts: 4090
Newport Beach, California


Back to top
Re: Windows as Secure as Linux
Reply #1 - Oct 27th, 2006 at 6:51pm
 
surprising.

would like to hear magoo's thots.

since linux is a primarily a server o/s, or began that way, it would seem it's designed with more security in mind.

altho everyone knows microsoft has made much effort to secure windows, especially since gates left control to that other guy (forget his name).

to be honest, i always feel like microsoft, since they are a big business, is in bed with the government, and give them a hidden back-door, so i never feel totally secure with that o/s. i always feel like somebody is looking over my shoulder (paranoia?).

linux was built by regular folks (like me and you) .. for the geeks of the world .. and geeks would nevewr sell out.

so if i really wanted to go secure, i'd go linux. it doesn't mean i'd never be hacked .. just not without serious hacking.

everybody should have a copy on linux on their system.
 
WWW  
IP Logged
 
Pleonasm
Übermensch
*****
Offline



Posts: 1619


Back to top
Re: Windows as Secure as Linux
Reply #2 - Oct 29th, 2006 at 9:34am
 
Rad, the most interesting thing I noticed about these data (see links in initial post) is not the comparison of one operating system to another, but the fact that the vast majority of security threats (about 95%) now come from applications.  It is a wake-up call to everyone to keep their applications up-to-date.

For example, in the past year, there have been updates to Adobe Acrobat Reader and Macromedia Flash that have specifically corrected security flaws.
 

ple • o • nasm n. “The use of more words than are required to express an idea”
 
IP Logged
 
MrMagoo
Übermensch
*****
Offline


Resident Linux Guru

Posts: 1026
Phoenix, AZ (USA)


Back to top
Re: Windows as Secure as Linux
Reply #3 - Oct 30th, 2006 at 6:57pm
 
Rad wrote on Oct 27th, 2006 at 6:51pm:
would like to hear magoo's thots.

since linux is a primarily a server o/s, or began that way, it would seem it's designed with more security in mind.

.....

linux was built by regular folks (like me and you) .. for the geeks of the world .. and geeks would nevewr sell out.

so if i really wanted to go secure, i'd go linux. it doesn't mean i'd never be hacked .. just not without serious hacking.

everybody should have a copy on linux on their system.


I've taken to not having this argument with anyone who hasn't run Linux.  It's hard to understand the built-in security in Linux until you've used it for a while.

One thing to note is that the article is talking about disclosed vulnerabilities.  Since Linux is open-source, any vulnerabilities are out there for anyone to see (and help fix.)  Microsoft has the luxury of being able to fix many issues before the public finds them.  I'm sure there were some vulnerabilities that weren't included.

Another thing to note is that this is the workstation version of Red Hat.  This is not the Linux kernel itself.  Red Hat adds many tools and applications that other distributions, such as Slackware or Debian may not have.  Red Hat Enterprise Server also doesn't include these applications, and would have a completely different security rating.  Also, the author doesn't mention if Red Hat's NSA approved SELinux security package was included in the numbers.  My guess is that a computer with SELinux turned on would have much lower numbers of possible vulnerabilities.

One last point I want to make is that this seems to be talking about remote vulnerabilities.  In general, there are very few remote vulnerabilities compared to local vulnerabilities (in other words, when a user is at the keyboard.)  Linux is much more secure in a multi-user environment due to its permissions system.

I agree that every good geek should have a copy of Linux on their system.  It will teach you a completely different way of looking at computing and a new way to approach problems.  You may not be able to replace Windows, but Linux will give you good experience you can use when troubleshooting or researching.

Rad, you seem to be including control over your system, or maybe privacy, in your notion of security.  You are correct that Linux is the way to go for that, since everyone can see the code and can tell that there aren't any backdoors in there placed by the government or the devolpers (a valid, concern with Microsoft.)  Although it would probably be slightly paranoid to assume Microsoft is watching your every move, it wouldn't surprise me if some devolper has put some sort of backdoor somewhere.

Finally, keep in mind that this author picked 2 of the thousands of versions of Linux/Unix to compare to Windows.  If we wanted to slant the study the other way, we could simply compare OpenBSD to WindowsXP.  OpenBSD has had 1 remote vulnerability in the past 8 years.  Per the article, WindowsXP had 13 in the last quarter.  Now, which one would you rather have running at your bank?
 
WWW  
IP Logged
 
MrMagoo
Übermensch
*****
Offline


Resident Linux Guru

Posts: 1026
Phoenix, AZ (USA)


Back to top
Re: Windows as Secure as Linux
Reply #4 - Oct 30th, 2006 at 7:16pm
 
Pleonasm wrote on Oct 29th, 2006 at 9:34am:
Rad, the most interesting thing I noticed about these data (see links in initial post) is not the comparison of one operating system to another, but the fact that the vast majority of security threats (about 95%) now come from applications

The user of a system is always the weakest link in security.  Any ignorant user can download spyware willingly and not know they have infected their computer.  This is where the Linux permission system excels at not allowing people who don't know what they are doing the permission to install things they don't understand. 

One of the common complaints among Windows power users is the need to run the computer as an administrator for daily use.  Sure, there are limited accounts, but they make daily use very cumbersome.  With Linux, you can give a limited user as much or as little power as necessary, allowing them to run any particular commands you want while locking them out of all the others.  Much of the security of Linux has to do with protecting the system from the users themselves, something Microsoft is notoriously bad at (see ActiveX.)
 
WWW  
IP Logged
 
Pleonasm
Übermensch
*****
Offline



Posts: 1619


Back to top
Re: Windows as Secure as Linux
Reply #5 - Oct 31st, 2006 at 9:09am
 
Well reasoned commentary, MrMagoo!

RE:  “One of the common complaints among Windows power users is the need to run the computer as an administrator for daily use.”

As I understand the situation, that issue has (fortunately) been corrected in Windows Vista.
 

ple • o • nasm n. “The use of more words than are required to express an idea”
 
IP Logged
 

MrMagoo
Übermensch
*****
Offline


Resident Linux Guru

Posts: 1026
Phoenix, AZ (USA)


Back to top
Re: Windows as Secure as Linux
Reply #6 - Oct 31st, 2006 at 3:50pm
 
Pleonasm wrote on Oct 31st, 2006 at 9:09am:
As I understand the situation, that issue has (fortunately) been corrected in Windows Vista.

I haven't had a chance to play with Vista yet.  I'm sure as a good geek I should find a copy and get some experience soon.  I heard lots of concerns of the user control features I think you are refering to in the pre-releases of Vista.  If they got it all ironed out for the release, it would be a major improvement in user security.
 
WWW  
IP Logged
 
Pleonasm
Übermensch
*****
Offline



Posts: 1619


Back to top
Re: Windows as Secure as Linux
Reply #7 - Jan 17th, 2007 at 9:46am
 
Interesting reading . . .

Quote:
It’s usually taken as gospel in many IT circles to assume that Windows Security is an oxymoron; anyone who dares to suggest using Microsoft IIS 6.0 for a public web server faces serious ridicule.  To see if there was any truth to this presumption that Windows Server is fundamentally insecure, I looked up these hacking statistics from www.zone-h.org for 2003 to 2004.  
Not only did it not show that Windows was hacked more often, but just the opposite.  The Linux servers were actually getting hacked and defaced far more often than the Windows server and Apache was also being hacked and defaced more than Microsoft IIS.

. . . and an insightful conclusion:

Quote:
… the argument about which OS is more secure is totally irrelevant since most modern exploits are against applications and not the operating system hosting them.

Source:  Does OS matter anymore for security?
 

ple • o • nasm n. “The use of more words than are required to express an idea”
 
IP Logged
 
MrMagoo
Übermensch
*****
Offline


Resident Linux Guru

Posts: 1026
Phoenix, AZ (USA)


Back to top
Re: Windows as Secure as Linux
Reply #8 - Jan 17th, 2007 at 9:01pm
 
Pleonasm wrote on Jan 17th, 2007 at 9:46am:
Does OS matter anymore for security?

Without reading the article, I would say my answer is yes, the OS absolutely matters.

The reason that applications are attacked more often than the OS is because applications are easier targets.  If someone finds an easy way to attack your OS, they will attack it.  Then, all your work to secure your applications will be worthless. 

One good example of this type of security hole is the XBox360.  Microsoft spent years securing the embedded OS against modification.  The community responded by simply flashing the firmware of the DVD-ROM and many of Microsoft's security features on the XBox360 went right out the door.

So, while I agree that people need to focus much more than you might think on securing applications, it is still important to make sure you OS is as difficult a target as it can be.
 
WWW  
IP Logged
 
ben_mott
Nuclear Grade
****
Offline



Posts: 278


Back to top
Re: Windows as Secure as Linux
Reply #9 - Jan 19th, 2007 at 5:55pm
 
Free alternatives to Windows Vista BitLocker

Free alternatives:

http://www.ce-infosys.com
http://www.abylonsoft.de
http://www.gnupg.org
...........................................
http://technet2.microsoft.com/WindowsVista/en/library/c61f2a12-8ae6-4957-b031-97...
personally I think it is going to lock a lot of people out of their computers.
at least with windows Xp and server 2003 we had Knoppix Cd and
Dream Pack Pl software to get in and recover the data ,

it is going to be a long time before any body can find a way round this one , basically one needs an expensive machine to run Vista and also BitLoker is only available with Enterprise and Ultimate versions of vista .
which again are too expensive for hobbyist to test and get their head round it.
it says you need 2 partitions :
For BitLocker to work, you must have at least two partitions on your hard disk. The first partition is the system volume and labeled S in this document. This volume contains the boot information in an unencrypted space. The second partition is the operating system volume and labeled C in this document. This volume is encrypted and contains the operating system and user data.
and also it seems that there is a boot manager some where in all this .
if there are any Hobbyist Like Damian (auther of Dream Pack PL)
out there see if you can get your head round this one Vista BitLocker!!!
Regards Ben

Wink
 
 
IP Logged
 
Pleonasm
Übermensch
*****
Offline



Posts: 1619


Back to top
Re: Windows as Secure as Linux
Reply #10 - Mar 23rd, 2007 at 10:21am
 
Quote:
You might not think it, but Microsoft's Windows Operating System has been listed as one of the most secure OSs available.

According to Symantec in its 11th Internet Security Threat Report the Windows OS had the fewest number of patches and the shortest average patch development time of the five operating systems it monitored in the last 6 months of 2006.
Source:  Symantec says Windows most secure OS
 

ple • o • nasm n. “The use of more words than are required to express an idea”
 
IP Logged
 

MrMagoo
Übermensch
*****
Offline


Resident Linux Guru

Posts: 1026
Phoenix, AZ (USA)


Back to top
Re: Windows as Secure as Linux
Reply #11 - Mar 23rd, 2007 at 9:50pm
 
From the article:

Of course as with any report you can twist the figures to suit your needs and delving deeper shows that of the 39 Windows vulnerabilities 12 of which were ranked high priority or severe compared to Apple's 1 high priority offering.
 
WWW  
IP Logged
 
Pleonasm
Übermensch
*****
Offline



Posts: 1619


Back to top
Re: Windows as Secure as Linux
Reply #12 - Mar 24th, 2007 at 5:32pm
 
It is most useful to go beyond the summary statements in the article and actually look at the source report produced by Symantec.  While individuals may disagree about the interpretation of the specifics, the key point is this:  the "common wisdom" that Windows isn't as secure as alternative operating systems may be "common" – but it is not necessarily representative of "wisdom."
 

ple • o • nasm n. “The use of more words than are required to express an idea”
 
IP Logged
 
MrMagoo
Übermensch
*****
Offline


Resident Linux Guru

Posts: 1026
Phoenix, AZ (USA)


Back to top
Re: Windows as Secure as Linux
Reply #13 - Mar 29th, 2007 at 7:28pm
 
I found an interesting analysis today on different operating systems at different patch levels.  We've discussed before that the weakest link in the security of any system is the user, and part of that is that users are often slow to apply patches that fix security holes.  Users also often configure secure applications in an insecure way.  This analysis shows what kind of trouble you might be in running different operating systems if you don't stay on top of your patches or don't pay attention when enabling services with security risks in the default configuration (both of which are common mistakes of even more advanced users.)

http://www.omninerd.com/2007/03/26/articles/74

Not surprisingly, WindowsXP had a few serious problems before all patches were applied.  Even more disturbing was the problems that Windows 2003 Server had before applying patches. 

On the other side of the trench, Fedora Core had no vulnerabilities at any time during testing.  Even Ubuntu, considered an insecure starter version of Linux by the hard-core Linux fans, faired better in this analysis than XP did.  So, while it seems that Microsoft is doing a better job of finding and correcting security issues than they used to, that doesn't make it a secure operating system, and certainly not more secure than Linux. 

Based on the results of the tests on Windows Vista, it seems like Microsoft is finally learning to be proactive with security, just like other software vendors have been for some time now.  Maybe in a few years, Windows will be a secure operating system.  As a member of the internet community, I look forward to it.  Linux is not for everyone, and insecure computers hooked to the network put everyone at risk of bot attacks and spam.  Unfortunately, it doesn't look like we are there yet.

From the article:

As far as "straight-out-of-box" conditions go, both Microsoft's Windows and Apple's OS X are ripe with remotely accessible vulnerabilities. Even before enabling the servers, Windows based machines contain numerous exploitable holes allowing attackers to not only access the system but also execute arbitrary code. Both OS X and Windows were susceptible to additional vulnerabilities after enabling the built-in services. Once patched, however, both companies support a product that is secure, at least from the outside. The UNIX and Linux variants present a much more robust exterior to the outside. Even when the pre-configured server binaries are enabled, each system generally maintained its integrity against remote attacks.
 
WWW  
IP Logged
 
MrMagoo
Übermensch
*****
Offline


Resident Linux Guru

Posts: 1026
Phoenix, AZ (USA)


Back to top
Re: Windows as Secure as Linux
Reply #14 - Mar 29th, 2007 at 7:42pm
 
And, to add insult to injury, I just got news that Vista can be forced into a crash-restart-crash loop by a buffer overflow in an animated cursor file:

http://www.betanews.com/article/Vista_Can_Be_Taken_Down_by_an_Animated_Cursor/11...

Now, an animated cursor is a silly reason to loose stability on a computer, but on top of the low tech speech engine exploit:

http://blogs.zdnet.com/Ou/?p=418

it gives me concerns about deploying Vista on my network.
 
WWW  
IP Logged
 
Pages: 1 2 3 ... 5
Send Topic Print