www.trustworthycomputing.com - enuff said!

dude,

linux has had just as many, if not even more than microsoft has.

microsoft -> 419,000
redhat -> 43,700
debian -> 36,200
suse -> 28,300
sun -> 400,000
solaris -> 65,400
linux -> 291,000
slackware -> 13,700

and where are you getting that from?

Originally posted by clocker1996
and where are you getting that from?

google, but the number of flaws/holes/whatever it has is defintely not that high so it's pretty much pointless

debian -> 36,200
suse -> 28,300
linux -> 291,000
slackware -> 13,700


OMG! You mean Linux isn't perfect?

That's not what the geeks have been telling me! This must be a plot by Microsoft to discredit Linux. It just can't be true. Linus wouldn't lie.

I've been duped! My illusions are shattered. I need a drink.

wait a sec, you are searching for websites containing the words microsoft and security etc.
Did you ever think about that when the internet explorer has a security hole, it gets posted all over the net, but when a linux browser or something else has, nearly nobody cares? Your search includes Outlook & IE bugs/security holes, in my opinion this has nothing to do with the windows os itself...

a happy windows user
greg

ps.: sorry for my english, still learning ;)

Originally posted by phpjames
www.trustworthycomputing.com - enuff said!

WHAT a complete load of crap, is all I can say, I wont throw the thread because it portrays how utterly stupid some people can be.

What you are showing there is nothing more than the popularity and frequency of pages talking actively about microsoft software.

Originally posted by xtstrike


WHAT a complete load of crap, is all I can say, I wont throw the thread because it portrays how utterly stupid some people can be.

What you are showing there is nothing more than the popularity and frequency of pages talking actively about microsoft software.

yeah, it's just...more people know more about microsoft then linux

plus when there are security holes in "linux" it's usually not linux itself but a 3rd party project..like wu-ftpd for example ;)

Originally posted by Schumi3
wait a sec, you are searching for websites containing the words microsoft and security etc.
Did you ever think about that when the internet explorer has a security hole, it gets posted all over the net, but when a linux browser or something else has, nearly nobody cares? Your search includes Outlook & IE bugs/security holes, in my opinion this has nothing to do with the windows os itself...


Well, last time I check Windows 98 and newer includes Outlook Express & IE. :)

If a vulnerability found in Netscape (for example), Linux vendors will treat it as operating system vulnerability as Netscape itself is included in the distribution.

but it still has nothing to do with the os, and you don't have to use it!

Security Focus publishes OS vulnerability stats:

http://www.securityfocus.com/vulns/stats.shtml

Acording to their chart, Windows NT/2000 is the leader in vulnerabilities with 235, Red Hat comes in a close second with 212, and Solaris 3rd with 146.

One thing to keep in mind about their methodology:

"There is a distinct difference in the way that vulnerabilities are counted for Microsoft Windows and other operating systems. For instance, applications for Linux and BSD are often grouped in as subcomponents with the operating systems that they are shipped with. For Windows, applications and subcomponents such as Explorer often have their own packages that are considered vulnerable or not vulnerable outside of Windows and therefore may not be included in the count. This may skew numbers."

So, take this for what it is worth.

hmm, one thing you forgot to mention from that site:

The numbers presented below should not be considered a metric by which an accurate comparison of the vulnerability of one operating system versus another can be made.

ive a feeling thats exactly what this thread is trying to do ?? :D

Originally posted by xtstrike

ive a feeling thats exactly what this thread is trying to do ?? :D

I know you are, but what am i :D.

Originally posted by uuallan


I know you are, but what am i :D.

You are attempting to get me irate ;)

And that would put you on a collision course with a solid concrete wall :rolleyes:

Originally posted by xtstrike

And that would put you on a collision course with a solid concrete wall :rolleyes:

::cowers in the corner::

Ahem...please remember that the data presented on that page does not claim to be authoritative information about the security of one OS versus another, it is just a list of security holes reported to Security Focus.

RedHat (Not linux kernel it self) and other Linux distros are not as stable as BSD or other UNIX systems. RedHat is basically rip off and it's almost like windows now. Give it little more time and it will be Windowz2. :)

Trying to use these stats as many people have pointed out, doesn't work, for many reasons, the main one being that people don't know about linux (or that there are different distributions), and BSD, hell, even unix.

Most of my friends could be considered "average computer users" been using windows since day1, know nothing about dos except that "it's there"

If I asked them about linux, they wouldn't have any idea what I'm talking about (in fact I have asked them about linux), I don't think they would understand what I mean by different distributions either. I'm not sure they would believe me if I told them there was *another* stable OS called BSD.

The point is that there are both too few people using linux to report the bugs, and too few other people to even care or check up on the linux bugs.

Originally posted by Relyc
The point is that there are both too few people using linux to report the bugs, and too few other people to even care or check up on the linux bugs.

There are a lot more Linux o/s developer time compared with Windows. This also applies to most opensource o/s out there. Take a look at http://www.dwheeler.com/sloc/redhat71-v1/redhat71sloc.html.

So, I don't think there are fewer people to care about the bugs in Linux.

Originally posted by Panzerfaust
RedHat (Not linux kernel it self) and other Linux distros are not as stable as BSD or other UNIX systems. RedHat is basically rip off and it's almost like windows now. Give it little more time and it will be Windowz2. :)

It is actually a good thing IMO. When Linux replaces Windows, people will get a nice and stable o/s to work with. And techies will get less problem to deal with :).

When Linux replaces Windows, people will get a nice and stable o/s to work with. Actually, W2K is very, very stable and easy to work with.

priyadi,

No, when Linux becomes like windows with more coding for graphics then something else, then you'll see how it will perform.

Over 8 million people use linux. Either GUI or Run level 3... it can do the same functions if not more than Winblows.

Originally posted by Panzerfaust
priyadi,

No, when Linux becomes like windows with more coding for graphics then something else, then you'll see how it will perform.

Yes, however you have the option to remove the GUI completely if you don't like or need it. That's what makes it different from Windows.

Originally posted by clocker1996
linux has had just as many, if not even more than microsoft has.


Microsoft has a systemic problem in their software development process. Bill Gates has admitted as much.

Unfortunately, Microsoft seem to be trying to solve the problem by the suppression of the people and companies who report on security bugs, and via "feel good" interviews that the Microsoft execs are having with the computer trade press. Neither will reduce the security problem that Microsoft has, but will only reduce the perception of it.

Microsoft showed they cared little about security when they moved GDI to ring 0 in NT4. Until they put GDI back up in ring 3 where it belongs, Microsoft will continue to exhibit their lack of concern about security.

priyadi,

System Architecture is still the same.

Originally posted by Panzerfaust
priyadi,

System Architecture is still the same.

Then your point is? You were arguing about 'graphics coding' or something else. Last time I check Linux doesn't have graphics subsystem in the kernel apart from framebuffers.

That still doesn't make it the best. I'm talking of the future here, not right now. Now it's a good system for desktops and all. I think it's starting to lack some server performance (especially redhat).

There are many more points to be considered:

1) when it is reported ..

I see that most Linux/OSS related problems are reported very soon after the release, most of the security problems are actually caught at pre-release stages. MS problems are, instead, reported just after the product is in wide spread and well established.

2) when it is fixed ..

And this is very important, because Linux/OSS problems are usually reported WITH the fix included at the same time or released after it within hours (or even minutes!), while for MS problems .. well .. it might take microsoft weeks just to notice the reported problem!

3) what kind of problem ..

The design of the Unix system itself and its security model makes the exploitations of the bugs (when found) very minimum. But in NT, access isn't controlled very well, making most problems exploitable to high extents.

4) how easy is it to be exploited ..

Most Linux/OSS security problems seem to be buffer overflows, which can only be exploited by an expert in the field. In MS problems, they are usually very easy to exploit, like the ASP dot problem and being able to login with admin privileges on some configurations by simply entering some non ASCII characters.

When you revise the points above, you will see that the difference is really what is between open and closed source projects. Open source products have most logical security problems solved early in pre-release, while in closed source programs, people just disocover silly problems (adding a dot to the end of an ASP page displaying its source! probably by chance), so I can assure you that there are many other buffer overflow problems in all parts of MS programs, but those problems aren't easy to discover without the source.

Linux has enough script kiddies which are not experts.

GUI's have complicated logic and caculations, that is why they are:
1) unstable
2) use lots of resources

to make the GUI faster, MS puts it in the kernel level, so the GUI's unstability and high resource demands are in the core of a windows system.

In Uinux, however, a GUI is just another program, you can use a unix system without any GUI run or installed if you don't need it.

From experience UNIX with GUI is more stable then LINUX with GUI.

Originally posted by Panzerfaust
From experience UNIX with GUI is more stable then LINUX with GUI.

I don't know what you are talking about. If you are talking about proprietary UNIX (solaris etc), some of them are going to replace their GUI with one that distributed with Linux (gnome). Try searching any news channel for more information. If you are talking about free UNIXes (freebsd etc), they are already using exactly the same GUI subsystem with Linux (XFree86 + KDE/GNOME/others).