Posted on 09/19/2002 12:44:33 PM PDT by HAL9000
REDMOND, Washington, Sep 19, 2002 (AP WorldStream via COMTEX) -- Microsoft Corp. on Thursday disclosed more flaws in its Windows operating systems, the most serious of which could let an outside attacker take over a computer.The software company advised that all users of Windows install a free patch to fix flaws in its "virtual machine" for translating applications written in the Java programming language. Microsoft termed the threat "critical."
Microsoft also disclosed "moderate" flaws in Windows 2000 and XP and advises administrators of Windows 2000 servers and end users of Windows XP to download a patch. The flaws involve a failure to encrypt certain kinds of data and an error that causes Windows XP to fail when sent certain kinds of bad data.
The flaws, detailed on Microsoft's Web site, are the company's 51st and 52nd security bulletins of the year.
Copyright 2002 Associated Press, All rights reserved
LVM
I assume MSFT's patches include code alterations that will further reduce the usability of non-MSFT apps I use, like Opera, so I won't be downloading anything from Redmond.
Microsoft...where the hits just keep on comin'!
LOL.
LVM
From Security Focus
| Number of OS Vulnerabilities by Year | |||||
|---|---|---|---|---|---|
| OS | 1997 | 1998 | 1999 | 2000 | 2001 |
| AIX | 21 | 38 | 10 | 15 | 6 |
| BSD/OS | 7 | 5 | 4 | 1 | 3 |
| BeOS | 0 | 0 | 0 | 5 | 1 |
| Caldera | 4 | 3 | 14 | 28 | 27 |
| Connectiva | 0 | 0 | 0 | 0 | 0 |
| Debian | 3 | 2 | 31 | 55 | 28 |
| FreeBSD | 5 | 2 | 17 | 36 | 17 |
| HP-UX | 9 | 5 | 11 | 26 | 16 |
| IRIX | 28 | 15 | 9 | 14 | 7 |
| MacOS | 0 | 1 | 5 | 1 | 4 |
| MacOS X Server | 0 | 0 | 1 | 0 | 0 |
| Mandrake | 0 | 0 | 2 | 46 | 36 |
| NetBSD | 2 | 4 | 10 | 20 | 9 |
| Netware | 1 | 0 | 4 | 3 | 1 |
| OpenBSD | 1 | 2 | 4 | 17 | 14 |
| RedHat | 6 | 10 | 47 | 95 | 54 |
| SCO Unix | 3 | 3 | 10 | 2 | 21 |
| Slackware | 4 | 8 | 11 | 11 | 10 |
| Solaris | 24 | 33 | 34 | 22 | 33 |
| SuSE | 0 | 1 | 23 | 31 | 21 |
| TurboLinux | 0 | 0 | 2 | 20 | 2 |
| Unixware | 2 | 3 | 14 | 4 | 9 |
| Windows 3.1x/95/98 | 3 | 1 | 46 | 40 | 14 |
| Windows NT/2000 | 10 | 8 | 78 | 97 | 42 |
You know why Chess is such a great game? Because they haven't changed the rules in such a very long time. That has given the world lots of time to do extensive analysis of the game. See the analogy? If they would spend more time stabilizing the existing operating systems, we would see less bugs and security holes. In that sense, Apple and Linux are far ahead of Microsoft
In all fairness, a raw number of bug reports alone is not sufficient to decide which OS to run. This graph does not show the severity of the vunderabilities, nor does it give any kind of information as to how long the vunderability existed before there was a fix.
Interesting that some Linux "distributions" fared better than others. Are the others doing better than RedHat, or is everybody just hammering them? I think the answer's a little of both. Also, the older and more refined FreeBSD and OpenBSD OSes compared well against their younger Linux compeditors. This doesn't come as much of a suprise, either.
That is for all versions of RedHat. If you add up all the Microsoft numbers for 2001, Microsoft beats RedHat 56 to 54. Interesting enough, Mac OS X (listed as Mac OS X Server) had ZERO! Ziltch, nada, zippo! Even the horrible Mac OS 9 and less (listed as MacOS) had 4.
Apples and Oranges.
There are two primary reasons for the relatively high number of Red Hat "vulnerabilities". I run Red Hat, and so can tell you from experience the reasons.
Reason #1 - there are a lot of hackers/programmers that try to probe Red Hat. When they find a flaw, they report it. Their names are listed as the discoverer of the flaw - thus they get a little fame. However, most vulnerabilities are for obscure areas - applications or libraries that relatively few people run. The vast majority of these "vulnerabilities" are of no consequence. If I am running a web server and mail server on a host, what do I care about a vulnerability discovered in an audio driver used for game playing? Nothing. Because I DON'T have it installed! But Red Hat will provide fixes for all in an open manner - no concealing or dancing around.
Reason #2 - Red Hat includes a lot of stuff with their distribution. Version 7.3 came on 3 CD's, with 2 more CD's for the source code, and other CD's for documentation, system admin stuff, etc. A typical MS OS comes on one CD. So - with Red Hat you get flaws reported with the overall distribution which includes both applications and programming environments - really, a TON of stuff. With Microsoft, they distinguish between OS and application vulnerabilities.
And since the Red Hat distribution can be configured as: a server, or a workstation, or a custom system - you really are comparing Apples to Oranges here.
Comparing Apples to oranges isn't fair! Apples had only had four combined in that list! : )
You are right about the RedHat/GNU Linux problems. There are some hackers out there with their only goal in life finding the most obscure flaw. A great thing for GNU/Linux...and you don't need to file a lawsuit to get the security data out of RedHat. I, personally, like the OpenBSD approach of line by line security audits for problems.
I HATE that dang thing.
A POX on Bill Gates.
Switch or sorta Switch. Either way, you don't have to deal with those pop-up wizards, dancing paper clips, spyware or tens of thousands of viruses. You might get to do the things you bought the computer for in the first place.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.