Windows is insecure

[FlashOveride]

Originally posted by NoNeckJoe


You would sound so much more intelligent if you got your facts straight *before* posting.


Factoid # 1: Yes windows is the most exploited OS running. This is due to the fact that windows is running more than 85% of the worlds computers. This could be sumed up with the following example.

Example: If 85% of the world's automobiles were ford pintos then ford pintos would have the higest accident rating. Malfunction rating, etc. The more of one thing you have the more attention it's shortcomings get.

My Reply....LOL LOL LOL LOL LOL if you have a fact then you quote the source!! Apparently you just decided to use one of your own little personal analogy.


Factoid # 2: Yes windows is exploited more often than *nix systems. This could be due to the fact that there are 100,000 more kids online with little to no talent other than download a prog. designed to break into windows. ya know that whole "point-n-click" issue again. Security would be a non-issue if we didn't have a bunch of little **** heads trying to "better" the security of the internet. There are actually many more expliots written for *nix systems than there are for windows. The problem is that the KIDS do not have the skill or knowlege to use them.

My reply to this whole message....LOL LOL LOL
I have one for you NoNeck......READ WHAT I WROTE!!!! First off I said that I was a newbie in the security arena. Second the point and click hackers.....well no kidding!!! Thank you for stating the obvious. Third thing lets talk about all the obvious statements that YOU made. Like there are more exploits for Unix........well no kidding it has been around since the beginning. That is not hidden knowledge. As for your example I have no idea of what it has to do with anything that I wrote. You make a good point but really it had very little to do with what I was trying to say.

FACT: The reason that microsoft will fall when it comes to viruses and worms is because it is not OPEN SOURCE.
FOR EXAMPLE: Code Red attacks the buffer overflow and variants of this code will be smarter and change to fight different systems. With Linux everyone can help by making patches and looking at the code. MICROSOFT is all alone to get there programmers to find where their problems lie. Linux has the world to help it!!!

Code Red was not made by a point and click newbie and that is what I am talking about. Who cares about the little programs that they use to hack because those are just a nucsense. Code Red however is what can really hurt a system and the only people that can fix the security problem is microsoft.....scary!! Oh now it is your turn to flame me for this. What can I say I don't mind being told that I am wrong just don't care to be attacked especially when the person attacks because he misread what I wrote. Even worse I was not talking to him/her.

[Quad]

heh.....If I wanted to "flame" you I would. I am just having a rational debate about windows vs. *nix and the security involved.

you keep citing "code red" code red is ****, it drops a trojan on your systems.....ooooh nooooo. ahhhhh! Or DDoS's the whitehouse.....again noooo I 'm so scared for the state of the internet.

You say microsoft is vunerable to viruses because it is open source.....nonsense. It is vunerable because of it's tight integration with a loose scripting language like VBS and WSH.

Have you ever installed Linux or OpenBSD before? Have you ever tried to install in on more than one type of PC? If so then you will understand why people use windows. It is a more refined OS. Period.

[Negative]

One fine day, some bright, clever, goodlooking guy (let's call him WebFlashOver(r?)idedudeguy to make it easy) wrote:

'FACT: The reason that microsoft will fall when it comes to viruses and worms is because it is not OPEN SOURCE.
FOR EXAMPLE: Code Red attacks the buffer overflow and variants of this code will be smarter and change to fight different systems. With Linux everyone can help by making patches and looking at the code. MICROSOFT is all alone to get there programmers to find where their problems lie. Linux has the world to help it!!! '

1. The FACT indeed is a fact.
2. MS is all alone (...) to find where their problems lie. Fact: they wrote a patch for Code Red. Yes they did. They find all the 'problems'? Nope. MS doesn't discover problems, others do (i.e. Code Red: 'someone' discovered a weak spot in ISS, wrote 'something' to exploit it. 'Someone' else discovered that Code Red exploited the weak spot in ISS and told MS. MS wrote the patch.)
3. 'With Linux everyone can help by making patches and looking at the code. ' U want to take a look at the Code Red code? It actually IS OPEN SOURCE, so go ahead! U want to write a patch? Go ahead (bet u don't even know where to begin, but I just guess writing a Windows-patch is easier than a Linux-patch). Does it have to be open source to write programs for it, to write patches for it?
4. Linux has the world to help it? How many people have the knowledge to actually write USEFULL Linux stuff (such as security patches)? Small world that is...
5. Don't mix the terms 'Linux' and 'Unix'. Linux is just a taste (Mr. Torvalds, remember?). Unix has been around quite some time. Linux hasn't.

[FlashOveride]

Ok first off I said Microsoft is not open source.

Since we are debating I can handle that and will address this as a learning experience and not a bashing war.

My reason for citing Code Red is the fact that it is just the beginning to a Buffer Overflow problem that OS systems have.

Interactive Week Aug 6,2001
pg. 14

According to the computer Emergency Response Team, more than 50 percent of the vulnerabilities found in operating systems are due to buffer overflows, and many are attributable to Mircrosoft technology.

Microsoft's software was developed for desktops, where buffer overflows are a minor problem. But with the same desktops now attached to the internet, the problems can leave a gaping hole for hackers to climb through, critics say.

- B.P.

This article goes on to say how it is not going to be an easy task to scan millions of lines of code to fix the problem.

Yes I have installed Linux several times including older versions and versions such as Mandrake and Red Hat. With the introduction of these two it is becoming easier for the lamen to put linux on there computer.

Code Red is just the beginning and leading to polymorphic worms. The whole basis of my argument was not to put down Microsoft but to show that because it is a closed source the only people able to fix it are microsoft. I agree with you on several of your points but they had nothing to do with my argument.....or at least so I thought.

My message is this because unix has been around for a long time and is refined by it's users and linux while not as old was modeled after unix and an open source. This makes it a much safer choice even though it is only as secure as the person who installs it.

In closing while I might not be able to do a whole lot in writing patches I would take the Operating System that can be patched by users all over the world over that of any that can only be patched by the employees.

[Negative]

OK, now we're talking!

I only want to add one little thing - about the part where you say 'Yes I have installed Linux several times including older versions and versions such as Mandrake and Red Hat. With the introduction of these two it is becoming easier for the lamen to put linux on there computer.'

There's also the Corel Linux version: even easier to install, BUT (and this is my point) you can hardly call that version open source. As Linux distributions are more and more commercialised, they become easier to work with - almost like Windows. I've also messed around with a lot of distributions, but the Corel one, I don't understand... OK, I got it installed. How? I don't know - almost like Windows.

In the beginning of the MS era, you had DOS (also several distributions, remember?). You could alter it as much as you wanted. Then the Windows story began. You can still alter it, but don't exagerate, or you'll srew it up.
My point again: What's the difference with Linux? It began with the command-line based versions. You could mess with them. But have you ever tried to mess with those GUI-distributions? Face it: everyone wants Linux (fashion!), so they came up with those easy-to-install distributions, wich are just as unsafe as Windows is (why? because they are configured for the majority, and the majority doesn't care/doesn't know about security - almost like Windows!). Windows isn't safe, but understand it, and make it 99 % safe. Linux isn't safe neither, but understand it, and make it 99 % safe.

[pwaring]

Windoze *is* insecure

For one thing, the *nix versions of software such as Apache, Perl etc. are far ahead of windows in terms of security (in fact the Apache group won't even claim that the current win95/nt version is remotely secure and don't recommend it for anything more than personal use).

I admit that there are a lot of games for windows, but with what look to be blockbuster titles such as NeverWinter Nights being ported to Linux, that might not last very long.

The very fact that on windows95/98 all I have to do is Cancel the password prompt, go down to C:\Windows\ and type 'del *.pwl' to delete all the passwords makes it insecure. It's much more difficult to do this under *nix - and it also *forces* you to use passwords and usernames as well!

*nix bugs tend to be patched far quicker than windows. If I found a huge security bug in windows 2000 and told microsoft about it , they'd probably tell me to get lost and either not repair the bug or take ages about it. With *nix I could patch the bug myself or ask someone who could to do it and it would probably be released the same day.

I didn't know that my little original post would generate so much attention!

pwaring

[xraystan]

Ok, yes you can just press the cancel button to take you straight into Windows 95/98.
Most home users will probably not even have to do this as they will have it set up to not ask for a user name and password when they start up Windows 95/98.
After all if some one has been messing with your home PC, using the above method, then the chances are you will know them.
Or do you let strangers into your house to use you PC?

In my opinion I think it's a bit unjust to compare Windows 95/98 to *nix. A more like comparison would be *nix versus Windows NT or Windows 2000. These flavours of windows are aimed at the same group of people who would probably think about using a *nix box.
As a side note, just recently, another vulnerability was found in IIS. A lot of people seem to comment that this is another weak point in Windows. Now I'm probably stating the obvious here, but please don't get the two mixed up. IIS is not part of the windows OS it is a separate bit of software.

Now I don't work for Microsoft and it may seem as I'm coming over as some sort of Windows fan boy, but I just hate the fact that a lot of people seem to bash Microsoft and Windows because it seems the thing to do.
These type of blinkered thoughts won't help you to learn anything and you'll just end up looking daft.

Finally I've managed to get the icon into a post

[Louie]

.

[FlashOveride]

Hey Louie...I took both of those classes and they sucked. Anyways thanks for stating the obvious. We all know that no computer is completely secure and that there is one person that is always a step ahead. We however are discussing which ones are the more secure choice and why.

Now how can you say to grow up on the HTML thread then post on here that we need to take a class to learn the obvious. Once again I refer to the above statement.

[Louie]

.