OT: Linux most breached OS

Fairlight fairlite at fairlite.com
Sun Nov 21 15:57:07 PST 2004


On Sun, Nov 21, 2004 at 06:33:11PM -0500, John Esak may or may not have
proven themselves an utter git by pronouncing:
> 24/7 on whole clusters--been there, done that.  You can keep Windows fully
> > patched and never be secure.
> 
> A rather ridiculous statement... what if I said the very same thing about
> Linux... exactly *why* would it not be true for it also? :-)

I see where you're coming from given that no system is actually 100%
secure.  But the basis of my argument is that when a bug is found in OSS
software, it's just plain fixed.  Microsoft releases versions of Windows
with tens of thousands of bugs (80,000+ -KNOWN- bugs in win98se, and they
knew it when they put it out the door!)--some of which they -can't- fix
because they have features of things like Word that actually depend on
broken behaviour.

Anyone willing to go through -any- of the OSS platforms could find and plug
all the buffer overruns and such.  OpenBSD did that with a complete audit a
few years back, I think, and the results propogated into FBSD as well.
Nobody can look over Redmond's shoulder--therefore there's no peer-driven
QA system in place.  

To the degree that any bugs are known, linux system -can- be made more
secure than their Windows counterparts at any given point in time, as MS
doesn't fix all their bugs--and many times fixes them with buggy patches.
When they do bother to patch, they're late to the party.  You look at
something like the SANS digests, and they'll have dozens of bugs across
numerous platforms.  I'd say 80% of the time or better, everyone else has
their bugs acknowledged and patches out the door--and MS has yet to even
verify that their bugs exist.  Bill, you read those alerts--am I wrong
about this trend?

And the scheduled release cycle that MS got into has done nothing but
create a window of opportunity for crackers--there was another flaw
discovered -right- after their last released patch, and now all those
systems have to wait.  With other vendors, it Just Gets Done ASAP.  Days to
a week or so, versus up to over a month.  I know which I'd choose.

mark->
-- 
Bring the web-enabling power of OneGate to -your- filePro applications today!

Try the live filePro-based, OneGate-enabled demo at the following URL:
               http://www2.onnik.com/~fairlite/flfssindex.html


More information about the Filepro-list mailing list