OT: Nix less secure than Windows.
 

The numbers are in for 05, and Nix had more exploits than Windows. Almost 3 times as many for the whole family. But how many of Nix problems did you see on the news? Any? So, once again, another Nix-myth is disproven.


Linky

Re: OT: Nix less secure than Windows.
 

Only sort of. The *Nix exploits on the list have a lot of the same one getting updated multiple times; while the Windows exploits appear to have fewer updates; of the first 10 in the *nix list, 5 have the [updated] flag; of the first 10 in the Windows list, two of them do. Granted, ten is hardly a representitive sample, but it's indicative of something a little off on the counts.

Re: OT: Nix less secure than Windows.
 

Linux just isn't hacked because Windows is a bigger target. If you hack linux, so what? Windows holds the market share.

Re: OT: Nix less secure than Windows.
 

Poke around on /., I seemed to see a reference there (or maybe on Groklaw?), that the *Nix numbers are inflated -- the same exploit being listed multiple times.

I just don't care anymore. I'll probably jump in the Vista bandwagon, but only after a couple of years passes, and the price goes down, and I get a new computer.

If I programed, I'd program for Linux. 'Cause I'd only want the genuinely computer literate calling me with problems.

Re: OT: Nix less secure than Windows.
 

Holy crap... 90% of the linux entries are duplicate items.

That just lame. Somebody is desperate here...

Re: OT: Nix less secure than Windows.
 

Whoa! Every single brand/variant of Linux and Unix is lumped together vs. MS Windows, which has only a few versions. If this was broken down into specific versions I think it would look a bit different. Not only would the number of bugs for each version be less than MS Windows, but the severity of the bugs would be very different. How many of the Unix/Linux bugs are root exploits? Nearly all Windows 'security' problems give admin level access and total control of the machine because the inner workings of the OS kernel are not secure. If you can get around the outer layer of security checks you are then free to do what you want. Very few *IX bugs are this bad because these systems were designed from the ground up with security in mind. On top of that, most of the *IX bug require local access, while nearly any Windows flaw can be exploited through Internet Explorer, meaning you can get 0wned while surfing the web. Only actual flaws in your web browser (generally Mozilla Suite/Firefox) allow that to happen with *IX systems. Local exploits are only a risk when your users are out to get you, not when some random website carries a jiggered file.

Re: OT: Nix less secure than Windows.
 

Sorry guys, but updates are just as bad as the original flaw. They mean that aditional fixes were required. Usually, they will all show the final fix.

Re: OT: Nix less secure than Windows.
 

Do your home work, if it gets past one version, it gets past most of them. Take out the Unix and osX and you still have a lot of flaws. The thing that needs to be known here is that Nix is not in and of itself safe. You need to take the same steps as windows users.

Re: OT: Nix less secure than Windows.
 

Ahh, spreadsheets, great for crunching numbers....

Using the open parenthesis on the (updated) tag from the links....

Windows: 813 entries, 144 (Updated), 669 without (Updated) tag
All *nix: 2329 entries, 1475 (Updated), 854 without (Updated) tag

Yeah, *nix numbers kinda inflated... hmm... seems I may be off by 1 somewhere on my counts ... oh well, doesn't really matter all that much, when comparing numbers in the hundreds.

Edit: ... and, just for laughs, multiple operating systems:
2058 items, 568 (Updated), 1490 without (Updated) tag.

Re: OT: Nix less secure than Windows.
 

Are they? Or is it just a matter of the first fix not really addressing the issue? If so, you'd expect an open source project to have a lot more of them - simply due to the nature of open source; someone thinks they have it down, and publish for testing; a security expert republishes the fix, then testing comes back and says it doesn't work; so an update is needed. Meanwhile, MS tests in-house before publishing, and only rarely does the fix not stop that attack on the first published try.

Likewise, I'd also expect more originals on *nix than on MS; partially because *nix is open for people hunting for exploits (more eyes see more holes), partially because an exploit must be reported fairly publicly to be resolved (it's commonly other people looking for a plug to fit), and partially because it seems like it'd be a tad embarrassing to MS when they admit a mistake, so they might consolidate solutions and thereby sweep a few under the rug... or not tell anyone about some of the ones with the "Currently we are not aware of any exploits for this vulnerability" tag.

Re: OT: Nix less secure than Windows.
 

If you hack *nix, you get crucial information on lots of huge corporate web sites. Nowhere near as many with Windows.

And yeah, the list does seem to include a lot of beta fixes and the same fix for the same problem in multiple distributions needlessly... Not that useful of a list for basing any claims, other than software is insecure.

And I'd like to know who Thermodyne is talking to that says Linux is secure because it is Linux. Any competent user of Linux is aware of vulnerabilities cropping up. Its insecurities are rarely as severe as Windows ones, but it of course it still has them...

Re: OT: Nix less secure than Windows.
 

Without going into great detail, it’s a management issue, or lack there of.

Windows is the target of choice for botting and datamining for cc numbers and bank accounts. And while the people who do this are good, their resources are usually limited.

Nix is more of a two fold target. The Apache side of it draws a lot of industrial attention and UNIX FreeBSD side is methodically under attack by foreign governments as well as the industrial regulars. Of late, one government in particular has been spending lots of time inside US computer systems.

The main point of this post is not which is better, the point is that none of the Nix exploits ever get brought to the attention of the general public.

Re: OT: Nix less secure than Windows.
 

Anytime a patch is released, it gets an entry. If you release 10 patches, you get 10 events. Only the final patch will be listed, this is because the purpose of the list is to index exploits against patches. Nix gets more multiple entries because of the structure of the Nix industry. Lots of very small shops and single people, all working on the same problem. It should also be noted that the bad guys patch their work too. So you get some back and forth sometimes.


The myth is that Nix is not attacked because the installed base is too small to be of interest. That statement is often made on this very board.


I also noticed some posts about the data being tainted to make Nix look bad. Perhaps you should do some research and then make an informed statement. CERT could care less about who had how many hacks. They just report them. Nix looks worse because of the way the community is organized.

Re: OT: Nix less secure than Windows.
 

I don't know that Cert was trying to intentionally taint the data to make *nix look bad, but if you are just trying to use numbers to draw the conclusions you are drawing, the data on the site is indeed not valid for that purpose due to the duplications.

I rarely see anyone post a never or a "*nix is not attacked" as an absolute, and I can't recall a single recent instance on this board; it usually is more akin to being attacked far less frequently, as concerning home desktop use.

Re: OT: Nix less secure than Windows.
 

No one has claimed that *IX is inherently 'safe'. Many have claimed that it is more secure than Windows. Which is not very difficult to achieve. http://forum.shrapnelgames.com/images/smilies/laugh.gif But I think it's the authors of this study who need to 'do their homework'...

http://news.zdnet.com/2100-1009_22-6021867.html

"The study is confusing and misleading. When you look at the list, the vulnerabilities are miscategorized," Mark Cox, a consulting software engineer at Red Hat, said. "For example, Firefox is categorized as a Unix/Linux operating-system flaw, but it runs just as well on a Windows platform. Apache and PHP also run just as well on both platforms. There are methodological flaws in the statistics."

In addition, Steven Christey, an editor for Common Vulnerabilities and Exposures, an organization that maintains a common vulnerability database, said that the statistics were no basis for comparison of the relative security of Windows and Linux/Unix, because they had been collected from different sources with different criteria for the collection of flaws.

...

Secunia thought that the nature of the reported vulnerabilities also made it difficult to compare security on the platforms, as Linux/Unix researchers concentrate on vulnerabilities in local privilege separation, while Windows researchers look at possible remote vulnerabilities.