June 29th, 2004, 02:49 AM
Well, I'm no expert. However, I think one of the reasons Windows ME didn't have too many is likely because it doesn't run as many services as Win 2000/NT/XP... I was reading that a while ago in some book, sorry I can't remember which one. They said something like Windows 9x doesn't run as many services so it is more secure on default install than say Windows 2000 would be.
One more thing, I thought ME's reputation was for shoddy stability and installation, not so much security?
Besides, I used to run WinME, I know what its like. You spend more time rebooting than anything, so I guess there is less of a chance of getting hit with something anyways. :P
neways, just my Canadian two cents...
Alcohol & calculus don't mix. Never drink & derive.
June 29th, 2004, 03:34 AM
June 29th, 2004, 04:27 AM
Uhhh...., no, not really. I would agree that the number of flaws alone is not the definitive indicator of security for an OS, but you are also not taking into account the sheer volume of software that comes with Linux and Windows.
Originally posted here by XTC46
The number of flaws exploited on any OS is not an accurate representation of how secure or insecure it is. It simply shows that people using said OS spend more time looking...<snip>...but if everyone that uses windows switches over to linix, or unix, or any other OS that one will then have the most exploints revealed within months.
Linux = 4 or 5 gigs for most mainstream distros
Windows = 1 gig
Most of the Linux advisories are advisories for third party non-server apps that many people will never even run. This doesn't excuse it, but it does put it in perspective. For instance, xine (dvd and movie player) has an alert. Is this the same as Explorer having a hole? Not to me.
June 29th, 2004, 09:12 AM
The thing is I would expect an open source system to have more advisors as its easier to look at the code and find possible exploits with it, rather than having to take a random(ish) stab in the dark to find exploits like under windows.
Linux and Mac also come with a great deal more free software so its not surprising that the defualt install for these to has a larger amount of exploits than windows which is supplied with few apps
June 29th, 2004, 08:07 PM
More eyes does not necessarily make for better security. Relatively few people ever actually look at the code they are compiling and installing, fewer still have a clue of what they need to look for to actually prove that the application is bug free much less exploit free.
All of the operating systems in question suck to varying degrees. Arguing that ME is more secure than 2k based on bug count (or any other os for that matter) is a very flawed argument.
Windows comes with more than just the os. The browser, mail client (outlook express), media player, games, screen savers, http server (even 98/me come with pws if you want to install it), ftp server, smtp service, text editors, system tools, etc.
Just like *nix, many of these utilities and services provide openings for exploits.
Most linux distros don't come with 4 gigs of software, though they do have alot of software. There is also alot of source, documentation in 7 different languages, etc. Most of the distros I install can be handled by 1 or maybe two cd's for the os and all the required development environments, etc. If windows were to include the source with the binaries, and provide all of the documentation and so on for the other supported languages, you'd prolly get just as many iso's/cd's if not more.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
June 29th, 2004, 09:50 PM
Hmm... I didn't find my list last night, I will keep looking for it.
I am not arguing that *Nix is better. Though, I am bias to *nix systems. I will openly show *nix exploits, that I can find.
go to www.linuxsecurity.com and look on the right, shows all new exploits. Though to be honest, I don't even want to think about how bad Gentoo is, I swear everytime I look at that list Gentoo has atleast 2 or more on the list.
Take a look at this list of *nix exploits and compare them.
One other thing that has been pointed out, is that when you, install Windows XP Pro, you aren't just installing the OS, you are installing all of M$'s extra BS. All the stupid ****, they want you to have.
http://secunia.com/product/16/ That is it for Home.
Might as well toss in Windows 2000.
Now, I will personally say, that Both lists are very compeling.
But I personally find it, that the Windows side has a bit more other BS to worry about, man thing being all that other BS that you have to have on your system, if not only for a second.
Though *nix distros do come with things that are similar, they are not as rapant, and ****ing annoying to get rid of.
As far as which OS is more Secure. I will say *nix, The list of exploits I have at home is why I say that. (I really need to find that damn thing.)
As Juridan said, most people can't look at the Source of a Distro and check to see if there is an Buffer OverFlow or for that matter even look at the source and have a clue, what the hell is going on.
June 29th, 2004, 09:54 PM
Not to prolong a thread (especially where we both agree on the major point --bug counts are not the sole way to judge security) but I just don't agree with this statement.
Originally posted here by Juridian
Most linux distros don't come with 4 gigs of software, though they do have alot of software. There is also alot of source, documentation in 7 different languages, etc. Most of the distros I install can be handled by 1 or maybe two cd's for the os and all the required development environments, etc. If windows were to include the source with the binaries, and provide all of the documentation and so on for the other supported languages, you'd prolly get just as many iso's/cd's if not more. [/B]
Windows does come with a browser, and an email client, etc., but most linux distributions come with several of each. For example, Mandrake 10.0 comes with no less than 4 gui web browsers (mozilla, epiphany, opera, and konqueror, which doubles as the file manager). And this is just the 2 cd download edition, not the power pack or power pack plus.
While source and documentation does account for a lot of space, it simply doesn't account for most of it. When I installed Slack 9.1 a few months ago, a default install took around 2 gigs. And this is an installation that comes on 2 cds, not the 3 or 4 that fedora and mandrake use.
June 30th, 2004, 11:10 PM
Although I have no hatred for MACs, remember MACINTOSH IS and acronym. It stands for Most Applications Crash If Not The Operating System Hangs.
Lack of security holes does not inheritantly a safe operating system make.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
June 30th, 2004, 11:32 PM
After reading this thread I came upon a realization that no one else has mentioned. The number of copies of each OS presently in circulation. As for wndows xp, the number could easily be in the millions of active users by now. How many people use OSX from Mac? I would just estimate roughly that there are half as many active users of OSX vs. WinXP. So... when you put all of the numbers together with my observations, MAC SUCKS!!! Right?
I have a question; are you the bug, or the windshield?
July 1st, 2004, 05:26 AM
In these fire starter threads, I really (only) enjoy reading it when people can make there objective arguments backed up by leading standards organizations and security evaluation criteria /NSA/CIA/DIA/ISO/DOD/NCSC/ ect....
Everyone look through the exploit archives.
I thought nearly all Linux/UN*X exploits require code patching.
I also thought nearly all Windows NT line exploits can be resolved via correct configuration. ("though code patching is made availible for simplicity sake")
I am by no means a "security expert" it's not my field though I do work with some of these systems, but mainly custom made Texas Instruments DFS-III's & VII's hooked up to XP to run alot of GPS, ect.. software that is only supported on the windows platform. I know how to configure XP from it's "loose by default state" so I'm not losing sleep over the security of my data at night.