Many people is saying that Windows have many security-holes but i can find any in a clean install of Windows XP or 2k. I can find much more holes in Linux than Windows (on the web). Doesn't that mean windows is a secure OS??
Printable View
Many people is saying that Windows have many security-holes but i can find any in a clean install of Windows XP or 2k. I can find much more holes in Linux than Windows (on the web). Doesn't that mean windows is a secure OS??
Quote:
I can find much more holes in Linux than Windows
Show me proof!
i use a windows box and im desperately tring 2 get rid of it because of security flaws well hope i have linux by the weekend
Well Linux may be safe but but not secure, a secure OS would be OpenBSD.
But then again, really advanced Linux professionals can customize they're linux system to be really secure, so I guess it depends on the user or the person who administers the box.
It's very easy! Just search the web or read Hacking Exposed.Quote:
A default install of any OS is not secure (except for OpenBSD). There are 2 primary differences between Windows and Linux (or other open source software).
1> Being open source, you can customize anything. If you find a security flaw, you can fix it yourself. With Windows you have to wait for a vendor patch.
2> Being open source, holes are patched a LOT faster. It takes windows approximatly 2 to 3 weeks to patch a vulnerabilty while it takes linux less the 48 hours (normally around 24 hours).
Google search for windows exploits 125,000 resultsQuote:
It's very easy! Just search the web
Google search for linux exploits 84,600 reslutls
Ok, good proof ;)
[rubbish]
hmm a bit of a pot calling a kettle black...
or is that a bit like turning up at the GMH factory and extoling the virtues of FORD..
hmm I think I got that last one the wrong way around..
or comparing the towing performance of a Mini with a F250..
[/rubbish]
When I last thought that I had my XP box secured.. I learned I missed a simple one .. my toaster tried to join my network, gee it was bad enough with the fridge and stove... what next the Mixmaster.. j/k
Yep uPnP is now disabled.. now that is normal in a CLEAN install..
Know your systems weakness, and never never assume all is well.. Regardless of O/S
Cheers
I agree with you, souleman, but it´s also true that win2k or XP are a great improvement to the not very secure NT
With uPnP turned on by default you consider XP a security improvement over NT? Remember we are talking about default installs.. And even after patching the entire system, NT is a lot more tested then either 2K or XP. Threre are still a LOT more holes to find in both OS's, yet NT is pretty much worked over. But I wasn't trying to argue NT vs 2K/XP, I am arguing ANY open source vs ANY closed source. Microsoft vs. Linux is just the example that DBM used, so I went with it....
And not to forget the security holes (discovered years ago)that Microsoft has refused to fix till this day.
In my opinion many admins don't care about bugs and problems with an OS as long as it gets fixed, but what do you get from Microsoft? In the past people who reported bugs got laughed at or told to stop whining or Microsoft denied they're whas any problem at all.
Microsoft didn't take anything serious, nowadays they have to.
Right again.
What I meant is that there are hundreds of exploits for NT (great wingate daemon ;) ), and not many that I know for XP.
But you got it, it´s probably because they are still to be found.
Then, sure any *nix is usually better protected, because to use it you need to know a little more than just install it, so you take care of the protections.
Yes, linux is great for that.
not many that you know of in XP ? dare I say IE 6 anyone ? if thats not a vulnerability in a DEFAULT install of XP...what is ? how about the Upnp( as souleman said)... and the countless other exploits....they already have enough patches to make SP3....
Well, I always use Opera with my boy-frinds WindowsXP so...
i do agree with souleman!
A default install of any OS is not secure (except for OpenBSD).
so, now you know why.
imho...the security of any os is up to the user...my installs of win2k, fully patched and tweaked are a LOT more secure than my play box of linux...because i'm new at linux and don't have a great grasp on everything i need to know...this of course is the big flaw in windows...they've set it up to be so user friendly that literally anyone can use it...(can you say aol..:)
if you don't have a clue as to what your system is doing...you can't make it secure...it is possible to install windows and never ever know anything about the os...that is not true with *nix...
soulman,
I am not sure if your comment was directed at my previous post.. I did notice a gramatical error.. the intention was.. even though I had all the other patches as well as my own mod and sods, I had inadvertantly left uPnP enabled.. and this gapping hole is enabled by default in a clean install.. so what was I saying.. I was agreeing with ya, but I steped on me tongue, and me gonads were strangled in the fray.. and stuffed up me werds..Quote:
With uPnP turned on by default you consider XP a security improvement over NT? Remember we are talking about default installs..
When correctly installed XP home is "more" secure than Me/9x , and certainly it only takes a few careless step on the users behalf to open the doors and put out the welcome mat and flashing neon sign.. and do this "by accident"
I also am learning how to setup a linux system. By default the linux distros on a dumb install are fairly solid.. this is why I view this site.. to learn to do it better.. there is no right or wrong.. just this works better against that.. and so on.. ..
So true zigar!!Quote:
if you don't have a clue as to what your system is doing...you can't make it secure...it is possible to install windows and never ever know anything about the os...that is not true with *nix...
Deep mate you do need to support your statement better.. I work with M$ swisscheese 90% of the time..
cheers
That doesn't prove anything. Just that there are more websites with information about windows security vulnerabilities. Which makes perfect sense given that Windows has the market share by a far margin.Quote:
Originally posted here by souleman
Google search for windows exploits 125,000 results
Google search for linux exploits 84,600 reslutls
Ok, good proof ;)
An OS is only as secure as the administrator makes it.
undertaker> I wasn't talking about your post. I was talking about conjonudo's post saying 2k/XP are great improvements on NT.
zigar> Your defalt install of linux is still more secure then your default install of XP. Yeah, your XP is now more secure, because you know how to secure it, but default is a different story. And how many people actually know what they are doing. Besides, if you use something like redcarpet ( http://www.ximian.com ) you can keep your packages updated, which happens a LOT faster on linux then MS.
mohaughn> DBM said that his proof was based on a WWW search. I proved that a www search showed more results for windows then linux. That is all I was saying is that his "proof" of searching the web was BS.
Also, look at the results for linux sometimes. My guess is about 90% of all those exploits are based on packages, not on linux iteself. If I don't want to install lpd on my linux box, I don't have to. If I don't want to install the print spooler in XP, I'm **** out of luck. My point is that linux itself doesn't have many vulnerabilitis at all, but all the packages that come with it are where the problems are. With windows, especially IE6, you can't get rid of it, and it is the biggest flaw in existance right now.
You wanna find Windows exploits? Haha, that is too easy, just look under AntiOnline's security and find windows exploits. It was that easy. There are many more Windows exploits, Windows is too user friendly. I'm confident Linux is wwwaaayyy better than Windows in exploits. Did you know that Windows puts out around 5 updates a week to help secure their products?
http://windows-sucks.com/ gives some good information.
Security is all up to the user, not the OS. The main differance is that Linux can be easily customized to wall off security issues where Windows based products have a harder time because they have to count on the bug factory in Redmond to produce a proper patch. Another issue is that anyone can easily install win2k, set it up as a webserver, and call it a day. A linux user who does the same knows that he or she must plug some holes before going to bed. So Windows products can be nearly as secure as linux, but there are more security deficiant windows users than linux users.