Windows 10 isn’t the most vulnerable operating system – it’s actually Linux

TechRadar ^ | 3/9/2020 | Darren Allan

[TomServo]

Surprising reports paints Linux and Android as less secure than Windows

Which operating system has suffered the most vulnerabilities since around the turn of the millennium? That would be Linux, not Microsoft’s Windows, at least according to a freshly released report.

An analysis of the National Institute of Standards and Technology’s National Vulnerability Database, compiled by Thebestvpn.com, tracked ‘technical vulnerabilities’ in popular pieces of software between 1999 and 2019.

And Debian, a flavor of Linux, was top of the table with 3,067 vulnerabilities over the last two decades. Reasonably close behind was Android on 2,563 vulnerabilities, with the Linux kernel in third place having racked up a count of 2,357. Apple’s macOS was only slightly behind that with 2,212, with Ubuntu in fifth place on 2,007.

[bigbob]

Ooh...a report!

The millions of set-top boxes, routers, Android phones and tabs, etc that run linux will be surprised to know this.

[Secret Agent Man]

yup

[McGruff]

There are no vulnerabilities in Linux, not a single one.

[LesbianThespianGymnasticMidget]

I code, princess. All software has bugs/vulnerabilities. Saying Linux is perfectly secure is insane. Even the Qubes OS and Tails OS distros are not perfect. You go ahead and trust MS to fix all the b/v in Windows while I will much prefer the open approach. I hope no one steals your tiara when another 0 day for Windows opens your drawers after MS is scrambling to fix it and hackers are exploiting it. I prefer the Linux army of coders to address issues to MS’s squad of coders in sheer numbers of emergency responders. Want to know how long 0 days stay open on Linux? 0 days. Hell, half (more than) of the black hat hackers run Linux and don’t want to run a vulnerable OS.

Just a hint. If someone running Kali Linux moves into the neighborhood forget about having any security if you are not running EVERYTHING through a VPN or run cables to everything.

[SanchoP]

Ooooh,Kali Linux? Is that like BO2K in drag? I gave up cracking years ago (boring) but it might be worth a look.

[LesbianThespianGymnasticMidget]

Not a script kiddie tool like BO2K

[MarkL]

Corona Virus Panic or Kernel Panic, take your pick!

Mark

[SanchoP]

I’m downloading the live (iso) version now but anything __untu based is a big “no-no” as far as I’m concerned. I’ll dump it on a stick and check it out. :)

[MarkL]

There is actually an Ubuntu kernel that can be added using Control Panel in Windows 10 Professional, but unlike a VM, it runs natively under Windows 10.

Personally, I prefer using a VM, which can copy files back and forth between the host and VM. The MS native ubuntu uses the NTFS filesystem directly, and the different file format drove me crazy when trying to use the GNU utilities like awk and sed with files created using PowerShell.

Mark

[MarkL]

If you want to see Kali and/or Metasploit in action, watch some old episodes of “Mr. Robot!”

Some of the things they did on there, if you take screen-shots were actual tooks attacking well-known exploits, and some of the ideas they floated, like social engineering the guys in charge at the data storage location and “hacking” the HVAC to “melt” the backup takes was interesting, though impractical.

Crazy TV show, but it was the most realistic one I’ve seen... One of the funniest/weirdest episodes had a couple of guys watching the horribly bad movie “Hackers” with Angelina Jolie while doing acid.

Mark

[LesbianThespianGymnasticMidget]

How is the bigendian littleendian (BigInjun, LilInjun) issue handled?

[LesbianThespianGymnasticMidget]

Most of the fun stuff is command line only. It is a nice suite of tools. A shortcut so to speak.

[MarkL]

It shouldn’t be an issue, since both are native Intel architectures.

The problem for me was the funky text file formatting I got from Powershell, and just didn’t feel like hunting it down. Later I figured out that it was probably a difference between UTF-8 and UTF-16, but it wasn’t worth it for me.

Like I said, I just copy the files to and from the VM on my laptop. I could probably work it out in PowerShell, but I’m OK the way I’m doing it now.

Mark

[LouieFisk]

Never use VM. Just Win in it’s regular state and Xubuntu as it is installed on an outboard USB drive. Never have problems with document files as I stick with the Windows Doc or LibreOffice ODF formats. I wouldn’t use a format that isn’t compatible back & forth.

I like that some programs have both Win & Ubuntu editions, like SMPlayer - it can handle playing almost anything you can throw at it. VLC is good, but it’s kinda clunky and not as easily customizable as SMPlayer.

[familyop]

"And Debian, a flavor of Linux, was top of the table with 3,067 vulnerabilities over the last two decades."

The same tactic that the femicommies are using against the President. Whoever solves the most problems is accused of causing those problems.

[SanchoP]

Looks like some fun stuff. I’m an old Slacker so CLI is good. Thanks for the headsup.

[minnesota_bound]

An aside. Never install Norton 360. I thought I would try it. Big mistake.
I use Windows 7 Pro. It took 4 attempts to get it installed.
5 bluescreens in 8 days. 2 just today. Had not had any prior for years.
I uninstalled using Norton’s own uninstallerand restarted ok. I installed the past anti virus program I used called Webroot and restarted. It got stuck at the Welcome screen just after the log in.
The fix was running chkdsk /f /r

[dayglored]

Windows 10 vs. Linux... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

Thanks to Army Air Corps for the ping!

[Swordmaker]

As per usual, reported vulnerabilities are not reported exploits. Open platforms can be examined by everyone and his aunt, uncle and second cousin looking for vulnerabilities and report them, closed systems, not so much.

[dayglored]

> FWIW, Ubuntu is a flavor of Debian, so technically Linux owns 40% of the Top 5.

Overall comment: This is a grossly ignorant article. It is based on a demonstrably false premise, that all vulnerabilities are of equal importance. That premise is clearly inaccurate as hell.

I did not see a statement in the article acknowledging what you mention, that Ubuntu is Debian with tweaks. The substantial overlap between the two knocks a hole in your argument summing the Debian percentage and the Ubuntu percentage. How many of the vulnerabilities counted twice are common between Debian and Ubuntu? Those should only count once, not twice, so I don't agree with your 40% figure. The truth has to be something less, but the article is useless to try to determine how much less.

Apologist articles like this have to be very carefully researched, thought out, and written, to avoid being crap. Doesn't matter whether it's Windows apologist, Mac apologist, Linux apologist, or anything else. Stating "X is not as bad as you thought" has to address the high likelihood that "what you thought" was actually based on a lot of accumulated facts. Without facts clearly proving that "what you thought" is actually wrong, it's just crap.

This article, sorry to say, is crap, from premise to conclusion, because it doesn't provide support for its conclusion. Whether its claim is true or false is almost beside the point (after all, who bloody cares? Every OS has vulnerabilities).