Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Windows more secure than Linux?

  1. #1
    Senior Member
    Join Date
    Aug 2001
    Posts
    356

    Windows more secure than Linux?

    Windows more secure than Linux?

    Windows suffered fewer security vulnerabilities than Linux last year, according to figures released by vulnerability tracker SecurityFocus.
    Although the statistics so far only go up to August 2001, aggregated distributions of the Linux operating system suffered 96 vulnerabilities while Windows NT/2000 suffered only 42.

    Breaking the figures down by distribution, Mandrake Linux 7.2 notched up 33 vulnerabilities, Red Hat 7.0 suffered 28, Mandrake 7.1 had 27 and Debian 2.2 had 26.

    Windows, on the other hand, shared fourth most vulnerable position with 24, alongside Sun Solaris 7.0 and 8.0.

    Although in previous years Windows has suffered the most vulnerabilities when compared to individual distributions, against the Linux aggregate the Microsoft operating system has consistently come out looking better off than its open source brethren.

    For five years straight, in fact, Windows has come out less scathed than Linux, with 2000 pinpointed as the most significant year when Linux suffered over 150 vulnerabilities and Windows fell just short of 100.

    But when looking at the bigger picture, the number of vulnerabilities discovered has rocketed since the start of last year and now peaks 150 new security discoveries a month, revealing a lot of bug-hunting activity poking holes in the security of operating systems in general.

    http://www.vnunet.com/News/1128907
    An Ounce of Prevention is Worth a Pound of Cure...
     

  2. #2
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    This is one of the problems with open source code. Anyone can view it, improve it, and unfortunately, locate any holes and abuse it or write something else that'll abuse it. As for linux having more vulnerabilities, you're talking about several distributions which might slant the number a bit. Windows is relatively the same as far as base code for 95/98/98SE which is the predominant release out there, XP probably filling that rather fast. For vulnerabilities, the XP UPNP hole is about as big as Sun's grand + .rhost entry for root's profile by default.

    There will always be people who look for holes and exploits, and there will always be people like me looking for holes to fix.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  3. #3
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    I didn't see slackware in the list though...
    nor openBSD..

    so it should be.. Newbie-focused linux distro's are less secure then windows-professional distro's

    I don't think that is a fair comparisson, do u???
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    472
    My first thought on this list was that it probably seperates the OS from the applications. And if I remember right, most of the vulnerabilites this year on the MS platform was located in IIS and IE. For a server you don't need IE, and you don't have to use IIS either. So all in all you can have a perfectly secure server running MS2000 Server and the Apache web-server (or Netscape or whatever).

    From a programmers point of view, not using the IIS takes away the the whole point of using MS OS in the first place. I mean, if you think of using the .Net or Visual Studio features for web development, you have to use IIS as a web server. (As far as I know, correct me if I'm wrong). And if you want to use Java and PHP, you might as well go for some type of *nix. I actually haven't thought of using anything other than MS developing tools on the MS platform. Maybe that is something I should consider?
    ---
    proactive

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    109
    Gotta love statistics- In the words of my 11th grade English Teacher:
    "Statistics are like bikinis- while what they show is interesting, what they hide is even more intriguing"

    I don't believe the sheer number of security holes discovered is a true determinant of a secure OS. There are many more factors to take into account.

    I can have one operating system with a dozen remote vulnerabilities that allow root acces and another operating system with two dozen less severe vulnerabilities such as mail relaying - just because OS #2 has twice the # of vulnerabilites as OS #1 does not makeOS #2 less secure.

    In addition - when a vulnerability is brought to the publics attention on an open source platform, a bug fix is out in no time at all (and even sooner if you know what you are doing). On a Microsoft product it could take a week or never at all for a fix - there was an example of a vulnerability in a MS service that was never fixed because Microsoft was phasing it out (I can't find that example though).

    The point is you can't claim that WIndows is more secure that Linux on the sole number of vulnerabilities.

  6. #6
    You all have made good points...
    I think your OS is only as secure as the user.
    You have the option to update your software
    and install patches to fix the problems.
    The holes are going to remain there untill
    YOU fix them. Other wise you're not going
    to learn untill something goes seriously wrong.
    Even then some people still won't get it..
    Your box/network is only as secure as you make it.

    Remote_Access_

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    206
    Reading this post certainly surprised me, I have always been under the impression that Linux by and by has been more secure than Windoze. It would be interesting to look at the criteria that were used for comming to this conclusion.
    Also Windoze NT uses the NTFS file system which is inherantly more secure than 98/XP.

  8. #8
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    You will also notice that normally, Windows is more secure that all linux combined, but not more secure then any one distrobution. (Not necessarilly true this year). Anyway, a security problem in one distro, may affect all the other distros also. So 1 security hole gets markes like 7 times for linux, wheras it would only get marked once in microsoft.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  9. #9
    Senior Member
    Join Date
    Oct 2001
    Posts
    689

    Post

    This is very true souleman. The problem isnt the vulnerabilities, the true problem is the attitude that most windows users take towards security. Most windows users rarely update their OS to make sure that it remains secure, while I believe the linux user does whatever possible, including updating often, to keep their box safe. Linux users are what makes linux so much more secure.

    btw jared_c, i just noticed that the distributions that are listed are running the old linux kernels. Many of these vulnerabilities have already been fixed in the newer versions of mandrake and redhat.
    Wine maketh merry: but money answereth all things.
    --Ecclesiastes 10:19

  10. #10
    Senior Member
    Join Date
    Jan 2002
    Posts
    882
    Originally posted by the_g_nee
    Reading this post certainly surprised me, I have always been under the impression that Linux by and by has been more secure than Windoze. It would be interesting to look at the criteria that were used for comming to this conclusion.
    Also Windoze NT uses the NTFS file system which is inherantly more secure than 98/XP.
    Linux is more secure as far as /root access. It's mainly (as others have stated) the user that won't patch holes or apply hot fixs that cause problems. Besides. In my personal experiance. I have saw more Win32 machines broken into than Tux boxes. As far as the NT/98/XP thing. XP can be used with the NTFS file system as well. If it's the home version default is FAT 32. The Pro version is defaulted to NTFS. The upgrade defaults to whatever file system was in place. As well, the secure parts and some of the networking components were left out of the home version of XP. The Pro version offers NTFS as well as the EFS. The problem with XP that I have found is that most people login by default to the admin account on XP. This it what it does during instaltion and on first boot and most people don't chage it or create a user account. There by offering root access if broken in to. So that takes us back to, it is usualy the user that makes the system unsecure. Thats the first step in security. Educating the users. Most distibutions of Linux force a user account on instalation and first boot with the user account. Thats just my take on the lack of security in Windows.
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •