Flaws raise red flag on Linux security

ComputerWorld ^ | JANUARY 09, 2004 | Jaikumar Vijayan

[eno_]

I can p0wN any NT/XP system I have physical access to in well under 5 minutes. Local attacks are not a big deal.

[Swordmaker]

. . . and our desktops and laptops will all be Macs (UNIX under the hood) . . .

Better watch out, Action. Bush hates Macintoshes even more than Linux!

[Bush2000]

He's attempting to compare just the windows operating system itself, with an entire distribution that includes the OS, various editors, html production software, multiple browsers, firewall software, multiple firewall software, cd/dvd writers, 2 full office suites, web server, and scripting software, games, image editing/creation software and much other stuff that dosn't immediately come to mind.

You OSS blowhards continually decry "Windows security" for flaws in IE, Outlook, IIS, etc which have nothing to do with the operating system. And then you turn around and have the gall to say, with every discovered flaw in a component distributed with Linux, that "it isn't Linux." In other words, you want your cake and you want to eat it, too. You want the freedom to slam Windows without being subject to the same treatment with regard to Linux. I'm one of the few here who have the balls to call you on it. It's pathetic sophistry and weaselry at its worst.

[Bush2000]

Note that part of their site name is "NT". How impartial do you think that makes them.

I dunno. What isn't objective about supplying bug reports?!? As for incident reports, give an example. I'd like to see exactly what you're complaining about.

[Bush2000]

I can p0wN any NT/XP system I have physical access to in well under 5 minutes. Local attacks are not a big deal.

Oh, puh-lease. You act as if the same isn't true of Linux and Mac boxes. Hint: They're equally vulnerable to physical intrusion.

[N3WBI3]

Stastical Crud, it includes Apache, and other apps that are not Linux where as the Win2K stats dont include SQL server, and ....

[Bush2000]

Stastical Crud, it includes Apache, and other apps that are not Linux ....

As well it should, since Linux primarily serves in a role as a web server running Apache.

[antiRepublicrat]

Logical fallacy. There aren't "more vulnerabilities" in Windows (Linux Actually Less Secure Than Windows?, http://securityfocus.com/vulns/stats.shtml).

Read more from SecurityFocus:

For instance, applications for Linux and BSD are often grouped in as subcomponents with the operating systems that they are shipped with. For Windows, applications and subcomponents such as Explorer often have their own packages that are considered vulnerable or not vulnerable outside of Windows and therefore may not be included in the count. This may skew numbers [big time].

Considering the vast number of Explorer, Outlook and IIS vulnerabilities that were out, the Windows number should have been quite higher, but they weren't counted. This also doesn't take into consideration that Windows enables most services and installs almost all packages by default, while usual Linux practice is to install only those packages and services that are needed, which for any one installation reduces the vulnerability count.

[zeugma]

Sorry, but it is you astroturfers for microsoft who constantly claim that liux distributions be measured against windows. I'm perfectly happy though, to go along with your game, providing that the comparisons be made against a level playing field. I'd still stand Debian, Mandrake, or RedHat against microsoft. I'm not the one who made the initial claim that you made earlier comparing microsoft windows itself against an entire distribution of over 3000 separate packages that are distributed with RedHat. It is interesting that when I point out the apples/oranges nature of your claim that you resort to typical ad hominem.

I have great confidence that in the long run, the fine folks who have created the incredible wealth of OSS appliactions that already outstrip proprietary operating systems will overrun and overtake you despite your desperate attempts at sowing fear, uncertainty, and doubt. Windows is such a pitiful excuse for an operating system, it is inevitable that eventually people will come to understand that worms, viruses, trojans, and crashes are not normal consequences of a properly designed operatin system.

[zeugma]

He must be worried about his options.

[N3WBI3]

Ok if we want to make this totally clear, I will give you Apache, Open SSH .... and if you count vulnerabilities (not CERTS) MS still get whipped..

According to cert.org in 2003 major issues
Windows 22
Linux 15
Unix 10
None 1
All 8

Now this take into account CERTS like CA-2002-09 which had 10 CAN issues..

[Swordmaker]

You OSS blowhards continually decry "Windows security" for flaws in IE, Outlook, IIS, etc

Seems to me that there is SWORN testimony from Microsoft representatives that Internet Explorer is an integral part of the Windows Operating System.

[Swordmaker]

Oh, puh-lease. You act as if the same isn't true of Linux and Mac boxes. Hint: They're equally vulnerable to physical intrusion.

Yeah, Bush, if I have that kind of access to a local computer I can use an AXE on it. So WHAT?

[Swordmaker]

You act as if the same isn't true of Linux and Mac boxes. Hint: They're equally vulnerable to physical intrusion.

I also might mention that the Mac G5 has an industrial strength locking system on it... might make it a little less vulnerable in the "physical intrusion" department than a PC or Linus box with screws...

[TechJunkYard]

Better watch out, Action. Bush hates Macintoshes even more than Linux!

Bushie hates everyone and everything that doesn't face Redmond and bow down to pray to Gates twice a day.

[Bush2000]

For instance, applications for Linux and BSD are often grouped in as subcomponents with the operating systems that they are shipped with. For Windows, applications and subcomponents such as Explorer often have their own packages that are considered vulnerable or not vulnerable outside of Windows and therefore may not be included in the count. This may skew numbers [big time].

Note the term "may". Provide an example. There's no evidence of that.

[Bush2000]

He must be worried about his options.

I have no stock options. But if you want to contribute some, I'd be happy to accept.

[Bush2000]

Ok if we want to make this totally clear, I will give you Apache, Open SSH .... and if you count vulnerabilities (not CERTS) MS still get whipped..

Is it too much to ask for -- provide a link so that your data can be evaluated...

[Bush2000]

Seems to me that there is SWORN testimony from Microsoft representatives that Internet Explorer is an integral part of the Windows Operating System.

It ain't part of the kernel -- which is the basis for what Linux blowhards to be considered part of "Linux". IE is integrated into the Windows shell. You do know the difference between the shell and the kernel, right?

[Bush2000]

Yeah, Bush, if I have that kind of access to a local computer I can use an AXE on it. So WHAT?

The point is that local access exploits affect ALL platforms, you bigots.

I also might mention that the Mac G5 has an industrial strength locking system on it... might make it a little less vulnerable in the "physical intrusion" department than a PC or Linus box with screws...

Will this "industrial strength locking system" prevent me from picking up the machine and removing it from the lab? Didn't think so, troll.