Text only | Text with Images

Clan x86

Technical (Development, Security, etc.) => General Security Information => Topic started by: mynameistmp on January 06, 2006, 02:36:23 AM

Title: Windows outdoes Linux
Post by: mynameistmp on January 06, 2006, 02:36:23 AM
According to CERT, Linux/Unix had far more vulnerabilities released last year than Windows did...

http://www.theregister.co.uk/2006/01/05/windows_linux_unix_security_vulnerabilities/
Title: Re: Windows outdoes Linux
Post by: Ergot on January 06, 2006, 02:55:57 AM
Saw that and the Slashdot comments. I don't find it very accurate because there are a lot of 3rd-party programs involved there.  I mean... someone could just make some terrible program for Windows and they count as vulnerabilities :/.
Title: Re: Windows outdoes Linux
Post by: Blaze on January 06, 2006, 03:26:09 AM
Every single windows failure.. err... error isn't published. Also that could mean the problems are still in Windows, waiting to be found. :)
Title: Re: Windows outdoes Linux
Post by: Chavo on January 06, 2006, 09:40:07 AM
Number of vulnerabilities alone is a horrible base for judging how secure any application (OSes included) is.  Severity of the vulnerability, speed of patching it, and whether the software is in a beta or release stage are incredibly important to consider.  I'm not sure why I even have to say this.
Title: Re: Windows outdoes Linux
Post by: iago on January 06, 2006, 11:44:24 AM
Microsoft constantly claims that they are "faster" at patching vulnerabilities.  What they mean is, from the time they admit it exists to the time it's patched is shorter, on average, than Linux. 

The obvious mistake in there is that Linux programmers don't go, "Uhh, prove to us it can be exploited and we'll consider patching it". 
Title: Re: Windows outdoes Linux
Post by: Sidoh on January 06, 2006, 03:41:01 PM
Quote from: iago on January 06, 2006, 11:44:24 AM
The obvious mistake in there is that Linux programmers don't go, "Uhh, prove to us it can be exploited and we'll consider patching it". 

But it's so much more fun sending Microsoft code that will fry their computers! :)
Title: Re: Windows outdoes Linux
Post by: igimo1 on January 06, 2006, 06:13:21 PM
You have to disassemble Windows binaries to find exploits, generally. Linux is open-source, and so it's easier to find exploits. Also, since there are so many exploits floating around for Windows, most people don't even bother.
Title: Re: Windows outdoes Linux
Post by: iago on January 06, 2006, 06:22:21 PM
Quote from: Topaz on January 06, 2006, 06:13:21 PM
Linux is open-source, and so it's easier to find exploits.

It's also easier to fix them, since anybody can write their own patch for it, without worrying about damaging other things like you would with a binary patch.
Title: Re: Windows outdoes Linux
Post by: Sidoh on January 07, 2006, 01:08:57 PM
Plus, it's much less tempting to code something in a deemed "sloppy" way since others are going to be looking at your source.
Text only | Text with Images