OT: Nix less secure than Windows.

[Thermodyne]

The numbers are in for 05, and Nix had more exploits than Windows. Almost 3 times as many for the whole family. But how many of Nix problems did you see on the news? Any? So, once again, another Nix-myth is disproven.


Linky

[Jack Simth]

Only sort of. The *Nix exploits on the list have a lot of the same one getting updated multiple times; while the Windows exploits appear to have fewer updates; of the first 10 in the *nix list, 5 have the [updated] flag; of the first 10 in the Windows list, two of them do. Granted, ten is hardly a representitive sample, but it's indicative of something a little off on the counts.

[NullAshton]

Linux just isn't hacked because Windows is a bigger target. If you hack linux, so what? Windows holds the market share.

[Suicide Junkie]

Holy crap... 90% of the linux entries are duplicate items.

That just lame. Somebody is desperate here...

[Thermodyne]

Sorry guys, but updates are just as bad as the original flaw. They mean that aditional fixes were required. Usually, they will all show the final fix.

[Jack Simth]

Quote:

Thermodyne said:
Sorry guys, but updates are just as bad as the original flaw. They mean that aditional fixes were required. Usually, they will all show the final fix.

Are they? Or is it just a matter of the first fix not really addressing the issue? If so, you'd expect an open source project to have a lot more of them - simply due to the nature of open source; someone thinks they have it down, and publish for testing; a security expert republishes the fix, then testing comes back and says it doesn't work; so an update is needed. Meanwhile, MS tests in-house before publishing, and only rarely does the fix not stop that attack on the first published try.

Likewise, I'd also expect more originals on *nix than on MS; partially because *nix is open for people hunting for exploits (more eyes see more holes), partially because an exploit must be reported fairly publicly to be resolved (it's commonly other people looking for a plug to fit), and partially because it seems like it'd be a tad embarrassing to MS when they admit a mistake, so they might consolidate solutions and thereby sweep a few under the rug... or not tell anyone about some of the ones with the "Currently we are not aware of any exploits for this vulnerability" tag.

[Thermodyne]

Quote:

Jack Simth said:

Are they? Or is it just a matter of the first fix not really addressing the issue? If so, you'd expect an open source project to have a lot more of them - simply due to the nature of open source; someone thinks they have it down, and publish for testing; a security expert republishes the fix, then testing comes back and says it doesn't work; so an update is needed. Meanwhile, MS tests in-house before publishing, and only rarely does the fix not stop that attack on the first published try.

Likewise, I'd also expect more originals on *nix than on MS; partially because *nix is open for people hunting for exploits (more eyes see more holes), partially because an exploit must be reported fairly publicly to be resolved (it's commonly other people looking for a plug to fit), and partially because it seems like it'd be a tad embarrassing to MS when they admit a mistake, so they might consolidate solutions and thereby sweep a few under the rug... or not tell anyone about some of the ones with the "Currently we are not aware of any exploits for this vulnerability" tag.

Without going into great detail, it’s a management issue, or lack there of.

Windows is the target of choice for botting and datamining for cc numbers and bank accounts. And while the people who do this are good, their resources are usually limited.

Nix is more of a two fold target. The Apache side of it draws a lot of industrial attention and UNIX FreeBSD side is methodically under attack by foreign governments as well as the industrial regulars. Of late, one government in particular has been spending lots of time inside US computer systems.

The main point of this post is not which is better, the point is that none of the Nix exploits ever get brought to the attention of the general public.

[Jack Simth]

Ahh, spreadsheets, great for crunching numbers....

Using the open parenthesis on the (updated) tag from the links....

Windows: 813 entries, 144 (Updated), 669 without (Updated) tag
All *nix: 2329 entries, 1475 (Updated), 854 without (Updated) tag

Yeah, *nix numbers kinda inflated... hmm... seems I may be off by 1 somewhere on my counts ... oh well, doesn't really matter all that much, when comparing numbers in the hundreds.

Edit: ... and, just for laughs, multiple operating systems:
2058 items, 568 (Updated), 1490 without (Updated) tag.

[Baron Munchausen]

Whoa! Every single brand/variant of Linux and Unix is lumped together vs. MS Windows, which has only a few versions. If this was broken down into specific versions I think it would look a bit different. Not only would the number of bugs for each version be less than MS Windows, but the severity of the bugs would be very different. How many of the Unix/Linux bugs are root exploits? Nearly all Windows 'security' problems give admin level access and total control of the machine because the inner workings of the OS kernel are not secure. If you can get around the outer layer of security checks you are then free to do what you want. Very few *IX bugs are this bad because these systems were designed from the ground up with security in mind. On top of that, most of the *IX bug require local access, while nearly any Windows flaw can be exploited through Internet Explorer, meaning you can get 0wned while surfing the web. Only actual flaws in your web browser (generally Mozilla Suite/Firefox) allow that to happen with *IX systems. Local exploits are only a risk when your users are out to get you, not when some random website carries a jiggered file.

[Thermodyne]

Do your home work, if it gets past one version, it gets past most of them. Take out the Unix and osX and you still have a lot of flaws. The thing that needs to be known here is that Nix is not in and of itself safe. You need to take the same steps as windows users.