OT: Nix less secure than Windows.

[NullAshton]

Linux just isn't hacked because Windows is a bigger target. If you hack linux, so what? Windows holds the market share.

[Suicide Junkie]

Holy crap... 90% of the linux entries are duplicate items.

That just lame. Somebody is desperate here...

[Thermodyne]

Sorry guys, but updates are just as bad as the original flaw. They mean that aditional fixes were required. Usually, they will all show the final fix.

[Jack Simth]

Quote:

Thermodyne said:
Sorry guys, but updates are just as bad as the original flaw. They mean that aditional fixes were required. Usually, they will all show the final fix.

Are they? Or is it just a matter of the first fix not really addressing the issue? If so, you'd expect an open source project to have a lot more of them - simply due to the nature of open source; someone thinks they have it down, and publish for testing; a security expert republishes the fix, then testing comes back and says it doesn't work; so an update is needed. Meanwhile, MS tests in-house before publishing, and only rarely does the fix not stop that attack on the first published try.

Likewise, I'd also expect more originals on *nix than on MS; partially because *nix is open for people hunting for exploits (more eyes see more holes), partially because an exploit must be reported fairly publicly to be resolved (it's commonly other people looking for a plug to fit), and partially because it seems like it'd be a tad embarrassing to MS when they admit a mistake, so they might consolidate solutions and thereby sweep a few under the rug... or not tell anyone about some of the ones with the "Currently we are not aware of any exploits for this vulnerability" tag.

[Thermodyne]

Quote:

Jack Simth said:

Are they? Or is it just a matter of the first fix not really addressing the issue? If so, you'd expect an open source project to have a lot more of them - simply due to the nature of open source; someone thinks they have it down, and publish for testing; a security expert republishes the fix, then testing comes back and says it doesn't work; so an update is needed. Meanwhile, MS tests in-house before publishing, and only rarely does the fix not stop that attack on the first published try.

Likewise, I'd also expect more originals on *nix than on MS; partially because *nix is open for people hunting for exploits (more eyes see more holes), partially because an exploit must be reported fairly publicly to be resolved (it's commonly other people looking for a plug to fit), and partially because it seems like it'd be a tad embarrassing to MS when they admit a mistake, so they might consolidate solutions and thereby sweep a few under the rug... or not tell anyone about some of the ones with the "Currently we are not aware of any exploits for this vulnerability" tag.

Without going into great detail, it’s a management issue, or lack there of.

Windows is the target of choice for botting and datamining for cc numbers and bank accounts. And while the people who do this are good, their resources are usually limited.

Nix is more of a two fold target. The Apache side of it draws a lot of industrial attention and UNIX FreeBSD side is methodically under attack by foreign governments as well as the industrial regulars. Of late, one government in particular has been spending lots of time inside US computer systems.

The main point of this post is not which is better, the point is that none of the Nix exploits ever get brought to the attention of the general public.

[Thermodyne]

Quote:

Imperator Fyron said:

And yeah, the list does seem to include a lot of beta fixes and the same fix for the same problem in multiple distributions needlessly... Not that useful of a list for basing any claims, other than software is insecure.

Anytime a patch is released, it gets an entry. If you release 10 patches, you get 10 events. Only the final patch will be listed, this is because the purpose of the list is to index exploits against patches. Nix gets more multiple entries because of the structure of the Nix industry. Lots of very small shops and single people, all working on the same problem. It should also be noted that the bad guys patch their work too. So you get some back and forth sometimes.

Quote:

And I'd like to know who Thermodyne is talking to that says Linux is secure because it is Linux. Any competent user of Linux is aware of vulnerabilities cropping up. Its insecurities are rarely as severe as Windows ones, but it of course it still has them...

The myth is that Nix is not attacked because the installed base is too small to be of interest. That statement is often made on this very board.


I also noticed some posts about the data being tainted to make Nix look bad. Perhaps you should do some research and then make an informed statement. CERT could care less about who had how many hacks. They just report them. Nix looks worse because of the way the community is organized.

[Fyron]

Quote:

I also noticed some posts about the data being tainted to make Nix look bad.

I don't know that Cert was trying to intentionally taint the data to make *nix look bad, but if you are just trying to use numbers to draw the conclusions you are drawing, the data on the site is indeed not valid for that purpose due to the duplications.

Quote:

The myth is that Nix is not attacked because the installed base is too small to be of interest. That statement is often made on this very board.

I rarely see anyone post a never or a "*nix is not attacked" as an absolute, and I can't recall a single recent instance on this board; it usually is more akin to being attacked far less frequently, as concerning home desktop use.

[Jack Simth]

Ahh, spreadsheets, great for crunching numbers....

Using the open parenthesis on the (updated) tag from the links....

Windows: 813 entries, 144 (Updated), 669 without (Updated) tag
All *nix: 2329 entries, 1475 (Updated), 854 without (Updated) tag

Yeah, *nix numbers kinda inflated... hmm... seems I may be off by 1 somewhere on my counts ... oh well, doesn't really matter all that much, when comparing numbers in the hundreds.

Edit: ... and, just for laughs, multiple operating systems:
2058 items, 568 (Updated), 1490 without (Updated) tag.

[Baron Munchausen]

Whoa! Every single brand/variant of Linux and Unix is lumped together vs. MS Windows, which has only a few versions. If this was broken down into specific versions I think it would look a bit different. Not only would the number of bugs for each version be less than MS Windows, but the severity of the bugs would be very different. How many of the Unix/Linux bugs are root exploits? Nearly all Windows 'security' problems give admin level access and total control of the machine because the inner workings of the OS kernel are not secure. If you can get around the outer layer of security checks you are then free to do what you want. Very few *IX bugs are this bad because these systems were designed from the ground up with security in mind. On top of that, most of the *IX bug require local access, while nearly any Windows flaw can be exploited through Internet Explorer, meaning you can get 0wned while surfing the web. Only actual flaws in your web browser (generally Mozilla Suite/Firefox) allow that to happen with *IX systems. Local exploits are only a risk when your users are out to get you, not when some random website carries a jiggered file.

[Thermodyne]

Do your home work, if it gets past one version, it gets past most of them. Take out the Unix and osX and you still have a lot of flaws. The thing that needs to be known here is that Nix is not in and of itself safe. You need to take the same steps as windows users.