Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Linux: More Vulnerable Than Windows?

  1. #1

    Linux: More Vulnerable Than Windows?

    According to a recent articles by www.geek.com, the number of linux vulnerabilties has surpased the number of windows vulnerabilties. They cite research performed by a UK firm called MI2G.

    Linux users worldwide are in for a rude shock. For the first time ever, the number of Linux vulnerabilities, attacks, and exploits has exceeded that of Microsoft Windows according to U.K. security research firm and integrator MI2G. MI2G collects data on hacker activity across the globe and covers every operating system in existence--and it's been doing it since 1995. The company has released prior reports that indicated Linux attacks were on the rise, but Windows exploits remained at the top of the list. The threat to Linux has been growing, though, and the war with Iraq apparently brought hackers of all shapes and sizes out in force. Between March and May MI2G recorded 19,208 successful attacks against Linux-based servers, whereas there were only 3,801 successful attacks against Windows servers.
    They go on to say that the likely cause of this is not only due to the Linux operating system. They indicate that the users of less-expensive or free (oh-yeah) software likely have less money to secure their systems than a Fortune 500 company.

    Despite what Linux mavens may want to think, the ultimate utility and security of a server has very little to do with what OS you're running. It has much, much more to do with whom is running the server.
    I think the lesson here, is that it doesn't really matter what OS you use if the user is careless.

    -Enough Said,
    theuser

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    This issues has been debated on just about every technical message board on the internet. Some may even say that it is nothing more than flame bait.....

    However, as OSes offer more features and enhancements, securing the said OS becomes more complex. So, the question and/or statement regarding which OS is more secure or which has more security holes is not really the appropriate question to ask. What should be looked at is the technical competence of the people responsible for administering the resource. I have to say that in my experience, 7 out of 10 vulnerabilities are caused by dumdums behind the wheel and not the OS itself. Again, this debate will go on forever and the "official" vulnerability count will hop from OS to OS as time goes on.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    I couldn't agree more with you. Its kind of like the saying, "A chain is only as strong as its weakest link."

  4. #4
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    This amy also be a sign of reporting. MS has shown over and over that they try to obfuscat Vulnerabilities until a patch is ready, and occasionaly the yjsut hide it and don't bother with a patch.

    I worry less about properly handeled vulns then 0 day exploites that the company tries to deny.
    Who is more trustworthy then all of the gurus or Buddha’s?

  5. #5
    Senior Member
    Join Date
    May 2003
    Posts
    115
    nothing is more vulnerable then the ID8 operator behind the screen - IMHO

    -w0rm3y

  6. #6
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Here is the report from zone-h which is where mi2g got their data. They were not looking at vulnerabilities perse, atleast mi2g wasn't, but rather hacks against systems.

    http://www.zone-h.org/winvslinux

    I wonder if they people who just laugh about the new microsoft strategy to improve security on their systems will admit that they may have been wrong. The linux community is in for a rude awakening as MS will just continue to tighthen up their products, albeit with even more hotfixes(ugh!).

    The computer community as a whole is more aware of security issues. So I think MS will think twice about doing someting insecure for the sake of ease, when they know they can now get away with saying, "It works like that because it is more secure like that." Just look at how many people complained about the new outlook security features, and now everybody just deals with having to save files to disk before opening them.

  7. #7
    "Linux users worldwide are in for a rude shock. For the first time ever,
    the number of Linux vulnerabilities, attacks, and exploits has exceeded
    that of Microsoft"

    A rude shock? I don't think the number of Linux vs Windows security issues
    is even close when were talking about M$ let's not forget their software
    is vunerable to some estimated 64,000+ known virus's (ok my number is
    way out of date) trojans/ worms and other nasties oh & vunerabuilities
    reported to bugtraq and other lists aren't the whole picture there's
    a gigantic number of known Windows vunerabuilities that aren't
    talked about by Hackers who find them and keep it to themselves
    for either research reasons or malicious reasons (future attacks hacks)
    Linux is a young operating system it's going to go through growing
    pains and within time the bugs will be worked out just like the
    BSD's but it's not anywhere near vunerable as Windows.


    Just my 2 cents

    Doc

  8. #8
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    Originally posted here by mohaughn
    Here is the report from zone-h which is where mi2g got their data. They were not looking at vulnerabilities perse, atleast mi2g wasn't, but rather hacks against systems.

    http://www.zone-h.org/winvslinux

    I wonder if they people who just laugh about the new microsoft strategy to improve security on their systems will admit that they may have been wrong. The linux community is in for a rude awakening as MS will just continue to tighthen up their products, albeit with even more hotfixes(ugh!).

    The computer community as a whole is more aware of security issues. So I think MS will think twice about doing someting insecure for the sake of ease, when they know they can now get away with saying, "It works like that because it is more secure like that." Just look at how many people complained about the new outlook security features, and now everybody just deals with having to save files to disk before opening them.
    Seeing a discription of how the most recent passport falw workd I seriously doubt that MS is "waking up" to security.
    MS being insecure is a much worse then a bug in code, it s a coperate culture thing and thats very hard to change without changeing the people in charge of the corperation.

  9. #9
    AO Veteran NeuTron's Avatar
    Join Date
    Apr 2003
    Posts
    550
    Originally posted here by doc crontab
    Linux is a young operating system it's going to go through growing
    pains and within time the bugs will be worked out just like the
    BSD's but it's not anywhere near vunerable as Windows.
    Linux, NEW!? Linux is nowhere near a new operating system. Any problems with the OS stem from the fact that the is designed not to make money. This makes it difficult to develope the OS further and further. However, a capable admin can lock down a linux server to a much higher degree than that of a an MS server. Forever, I hated Microsoft more than anything but these last two to three years, I am gaining some respect for their advances with domain controlling and network infrastructure. Don't get me wrong though, Linux is still my OS of choice but it's worth mentioning that Microsoft may be moving in the right direction...................... unfortunatley.........lol.

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    109
    **Sigh**

    Alright, this topic has come up plenty of times, and is far from old news...

    First off, Linux is open source. By design open source will have more reported vulnerabilities than propriety software. The reason obviously is because the source code is available to the public eye, where testing closed source software is extremely difficult in comparison.

    The number of vulnerabilities reported do not give a good metric to determine the security of a product. The more vulnerabilities reported, is also the more vulnerabilities fixed. This rule is even more applicable in an open source model, where bug fixes are often available almost immediatly. Propriety bug fixes are not only delayed much further, but sometimes never even come out (companies often drop support of older products).

    Last is my rant on statistics - the mere number of vulnerabilities doesn't show the whole picture. There is no factor of how serious the vulnerabilities are, Microsoft could have 50 remotly exploitable vulnerabilities that allow a complete system compremise while Linux could have 100 minor local vulnerablities - which do you think is worse.

    "Statistics are like a bikini. What they reveal is suggestive, what they conceal is vital."
    --Aaron Levenstein

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •