Bush2000 wrote:Ah, yes. The usual "but-it-isn't-Windows defense. This game is getting a little tired. You guys constantly slam Linux security over things such as Apache, WUFTP, and other applications that aren't part of the Linux kernel, including some really obscure and rarely used applications like ISDN voice response systems and command line MP3 players. And then you have the gall to turn around and say that, because Outlook Express, Internet Explorer, SQL Server, IIS , and countless other Windows OS Components and add-ons and applications distributed by Microsoft that are often distributed as part of the "Windows Operating System" (IE and OE), or as part of a "Plus Pack," or as part of a "solution suite" specifically designed for use with the Windows operating system, that it "isn't Windows". See how this little game works?1
There you go again: Attributing flaws in IIS to Windows. You do realize that IIS is a server-based web server, right? You might as well talk about Apache, if you're going to talk about IIS.
Bush2000, you seem to be the one that wants it both ways here. Your position seem highly hypocritical.
If you want to make apples to apples comparisons, or oranges to oranges comparisons, that's fair. For example, it's fair compare security issues with the Linux Kernel (only) with security issues with the Windows Operating System (only). It's also fair to compare Linux/Apache/MySQL with Windows/IIS/SQL Server, or Linux/Mozilla with Windows/Internet Explore/Outloook Express.
However, you want to compare every patch and security update released by any Linux distributor to only those security patches from Microsoft that deal with the Windows Kernel. That's not a fair comparison. A fair comparison would be every security patch from a Linux distributor compared to every security patch from Microsoft for any Windows related product.
And don't deny that you do this. For example, on another thread Friday, you gave a list of "Linux" security patches from Debian, and the first security patch on your list showing "Linux vulnerabilities" was a patch for a voice response system for ISDN connections, a package which is rarely installed, requires special hardware, and the exploit required a user account on the target machine with sufficient access to write scripts for the system. The exploit allowed such a user on such a system to escalate their privileges and possibly gain root access to the system.
1. This paragraph adapted from http://www.freerepublic.com/focus/f-news/1053778/posts?page=37#37 by Bush2000
You don't want to do that. If you take a W2K server with IIS and compare it to basic GNU/Linux with Apache, set up to be only a Web server, the Windows installation will have far more vulnerabilities.