Slashdot Mirror

"So, come back in five or ten years, and we can compare SQL Server 2005 -- maybe it'll be hit with a massive worm next year. Otherwise, either compare broader sets of versions, or older ones." - by SanityInAnarchy (655584) on Friday August 17, @06:43PM (#20268857)

Well? So far?? SO GOOD (absolutely current data as of this date, today, on both per my subject line above):

Vulnerability Report: Microsoft SQL Server 2005:

http://secunia.com/product/6782/?task=statistics

Zero/0 vulnerabilities in its ENTIRE HISTORY, to date (of this post/currently)...

----

July 2007 - Operating System Vulnerability Scorecard:

http://blogs.technet.com/security/archive/2007/08/ 16/july-2007-operating-system-vulnerability-scorec ard.aspx

AND THESE, whole year long, by category...?

WORKSTATION CLASS OS VULNERABILITIES:

http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_5.png

SERVER CLASS OS VULNERABILITIES:

http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_7.png

It seems that LINUX has had more problems this year, with vulnerabilities BY FAR, than Windows XP SP 2 or Windows Server 2003, period... & last year too, see next section below:

----

Gee, that's NOT TOO DIFFERENT from what I saw @ year start for 2006 here, now is it:

National Cyber Alert System: Cyber Security Bulletin 2005 year end/2006 start Summary:

http://www.us-cert.gov/cas/bulletins/SB2005.html

----

And, as far as your thinking CIS TOOL is malware?

COMPUTERWORLD - CIS tool aims to help federal agencies check Windows security settings:

http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list

SANS - CIS to Release Windows Configuration Assessment Tool: (May 1, 2007)

http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36#sID302

2 respected places seem to state otherwise (though you TRIED to lump this program into the SAME CATEGORY AS SQLSlammer? I would STRONGLY WAGER, that the Slammer worm was NEVER noted to be for purposes of helping you, HELP YOURSELF, & aid in securing your system... as CIS TOOL is/was, per the url's above).

----

You stated these objections:

1.) This tool might be malware - I can only say, PROVE THEN THAT IT IS! (you *NIX guys, you're NOT "too big" on providing visible proofs are you? Judging by how many people have run from this multiplatform valid test of security here that are *NIX users (around 30 now)? That tends to PROVE that & "2nd my motion" on that account!)

2.) This program may send data out I am not aware of - but, you are (they record data for security purposes, most likely noting what areas are typically found WEAKEST ON THE MOST SYSTEMS, per the data they get from this test) first of all, & secondly? Just either:

a. Disconnect your router or PC from the net, yanking the cable IF

"You can't deal with the reality of statistics, which don't back up your premise that "Windows is or can be made to be more secure than Linux." - by SanityInAnarchy (655584) on Thursday August 16, @04:37AM (#20246615)

Well, I have actually taken STAT 1 & 2, for one thing, while in college... have you?

Stats do have one weakness: Sample sets used, no doubt about it!

I know 1 statistic that might disturb you though - Windows dominance in the world of PC's, from single user home rigs, to home LANs, up thru departmental servers, right up into the datacenter for mission critical servers (e.g. here? NASDAQ recording its OFFICIAL RECORD OF TRADES & for information dissemination of them, using Windows Server 2003 + SQLServer 2005 (which has NO VULNERABILITIES IN IT, in this version, thru its entire history)...

Want stats though? OK, a super-current one (Lol!):

UBUNTU SERVERS HACKED/CRACKED (08/15/2007):

http://it.slashdot.org/it/07/08/15/1341224.shtml

& this:

National Cyber Alert System: Cyber Security Bulletin 2005 year end/2006 start Summary:

http://www.us-cert.gov/cas/bulletins/SB2005.html

A quote from it:

"There were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities."

3 times as many for *NIX/Linux variants & the software that rides on them, vs. Windows...

APK

P.S.=> What do you think of THOSE stats...? apk

"This in today- People wanting a secure server use Ubuntu Dapper Drake instead of Fiesty Fawn" - by daskinil (991205) on Wednesday August 15, @08:55AM (#20235231)

Ok, this just in/"new NEWS":

See this url:

http://slashdot.org/comments.pl?sid=264303&thresho ld=1&commentsort=0&mode=thread&cid=20159515

And download the multiplatform test of security by the CENTER FOR INTERNET SECURITY, noted by SANS + COMPUTERWORLD as a valid tool for benchmarking security on various *NIX derivant OS' (not all, no MacOS X or OpenBSD - noting a clear lack of development on them imo vs. other variants & yes, Win32) & Windows NT-based variants:

http://www.cisecurity.org/bench.html

& beat this score, obtained on a custom hardened-for-security build of Windows Server 2003 SP #2 fully hotfix patched (as of yesterday, "MS Patch Tuesday" & all):

84.735/100 score photo, obtained on Windows Server 2003 SP #2 fully hotfix patched:

http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg

On the *NIX variant of YOUR CHOICE, & of "server-class build"... I would honestly like to see a photo of the score on THAT multiplatform CIS TOOL test for security, which has been noted by SANS + COMPUTERWORLD, here:

SANS NOTES CIS TOOL:

http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36

&

COMPUTER WORLD NOTES CIS TOOL and PURPOSE:

http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list

As a legitmate program for the purposes of "shoring up" holes found by it on them!

APK

P.S.=> 30 *NIX people have outright evaded that test, & gee - "I wonder why"... I overcame each of their objections thru that thread, & those listed as well (27 of them prior to that url above)... no takers (though I suspect they tried, & their *NIX derivant OS could NOT surpass my score shown above)... & about *NIX vulnerabilities, vs. Windows ones (and, that apps that ride on them)?

National Cyber Alert System: Cyber Security Bulletin 2005 Summary:

http://www.us-cert.gov/cas/bulletins/SB2005.html

A quote from it:

"There were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities."

Also, that URL & report show LINUX as having 3x as many security holes/vulnerabilities in it than Windows NT-based OS' have mind you (in year end 2005/beginning of 2006, between the OS & its apps riding on it), so, let's compare them on security & vulnerabilities on THAT note as well... apk

"Ubuntu is mostly there. ...And it is better than MS in a lot of important areas: stability, security" - by turing_m (1030530) on Tuesday August 14, @10:04AM (#20224233)

Ok, then... PROVE IT!

See this url below:

http://slashdot.org/comments.pl?sid=264303&thresho ld=1&commentsort=0&mode=thread&cid=20159515

And, then, tell us all, the answer to this:

Why is it that not a single *NIX person (when challenged now, over 30 total times here @ /., & other *NIX oriented websites) have not posted a better score than the 84.735/100 done on a security-hardened build of Windows Server 2003 SP #2, fully hotfix patched as of today's date (since yesterday was "patch Tuesday" from MS) on the multiplatform CIS Tool test of security?

Thanks for the answer... I would, however, actually LIKE to see a score posted from a *NIX person, on the *NIX of their choice & configuration no less, that exceeds that score & even IF NOT (which they probably won't, if history is ANY indicator, thusfar - given the trend noted above? They won't exceed that score!).

APK

P.S.=> National Cyber Alert System: Cyber Security Bulletin 2005 Summary

http://www.us-cert.gov/cas/bulletins/SB2005.html

A quote from it:

"There were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities."

Also, that URL & report show LINUX as having 3x as many security holes/vulnerabilities in it than Windows NT-based OS' have mind you (in year end 2005/beginning of 2006, between the OS & its apps riding on it), so, let's compare them on security & vulnerabilities on THAT note as well... apk

...

BTW, here is the report on how linux has THREE times as many security holes as Microsoft:

http://www.us-cert.gov/cas/bulletins/SB2005.html

And back in the real world......

Yes linux will be adopted just for the sole reason "it's free." However it will never compete with a desktop or A/D.

"After that, it's just a matter of time before you have hardware manufacturers and gaming companies coming over too." --- Yea right, I have been hearing this for the last 10 years from the Linux community.

"Then it's over. Within a year you'll get everything of note imported or created. Be it photoshop or office, the bugs will be ironed out extremely quickly." -- Really? Wow, so why has it taken so long now?

Sorry guys, Linux is good no doubt but I am telling you now, it will NEVER compete with Microsoft. I, as a Sysadmin for a Fortune 500 Company, can tell you that no SysAdmin wants to deal with recompiling kernels, writing scripts for hours on end when I can just install Microsoft, lock it down and forget about it.

Yes Microsoft has spyware and viruses and if anyone remembers the report released in 2005 about Linux having more holes then Microsoft that will shoot your main point out of the water. The majority of people that have problems with spyware and viruses are companies that do not have knowledgeable admin's that do not use PKI, firewalls, standard users accounts, etc.

BTW, here is the report on how linux has THREE times as many security holes as Microsoft:

http://www.us-cert.gov/cas/bulletins/SB2005.html

Sorry Fella's you lose and please don't give me the standard B/S about different Distro's and how you can lock it down, I just made that same point with Windows....don't turn into the Macintosh crowd about how secure your O/S is :)

This is the same story I heard after XP was released, how the mighty linux O/S will dominate the field and still MAC OS X is beating it.

It will always be an enthusiasts Operating System.

go to http://www.us-cert.gov/

type in "windows"
Results for: windows Document count: windows (2543)

then,
type in "linux"
Results for: linux Document count: linux (2301)

well, no news is good news!
A differential of 242 reports is not that much! And I'm even a Linux admin!
this doesn't account for severity either, but it just goes to show you, don't trust security reports in any form.

The advice given to home users (and this) is clearly Windows specific, even though Windows is not mentioned. They go through the usual laundry list of things which are failing corporate users, firewalls, "patches", anti-virus and so on and so forth. Way down in the glossary is a mention of "Linux" linked to the "webopedia".

As I said before, these are important first steps. The information presented may be useful to novice computer users, but it's incomplete because it does not include some of the most effective options. We can only hope they follow up on this start.

Could Java 6 be affected by the recent Java vulnerability?

It isn't just script kiddies. Organized crime has been making moves into computer crime for some time. There are others too.

Transnational Crime Syndicates
Organized Crime Invades Cyberspace
Cyber Threat Source Descriptions

Let's hope there isn't still an undocumented backdoor account in GEMS.

You then have to move on to problems with central tabulators. Like, oh, hyptothetically, a backdoor account.

Hey, you know it's true when US-CERT says it too.

June 2006. Atleast that is what US-CERT seems to be saying.

What is interesting, but not really surprising, is that Microsoft chose to replace the unsafe functions such as strcpy with their own safe variants with names like safe_strcpy (though I can't remember the exact name, it's something like that). They could have just recommended people used already-existing functions such as strncpy or strlcpy, instead of adding yet another incompatibility obstacle that must be surmounted when porting software from/to the Windows platform...

Unless I am mistaken, strcpy_s() and the other 'safe' variants are part of and ISO standard. Check out https://buildsecurityin.us-cert.gov/daisy/bsi/arti cles/knowledge/coding/314.html

The thing is even the wiki article gets this wrong.

I think Bill is waiting for an apology for your rant :)

Shouldn't we be suspicious that the government has never openly declared critical Linux updates an imperative?

CERT has covered vulnerabilities in OSS products, apparently just not since 2004, which is as far back as the online archive you linked goes. I don't remember seeing anything about them discontinuing their coverage of OSS products, did they do that somewhere along the way? I know there have been holes in OSS products since 2004, have they just not been significant enough to warrant CERT's attention?

Do they know something we don't know?

Wow, look at the replies... I love how aroused everyone gets over the prospect of a possible government conspiracy. I think the government really does have its priorities, but monitoring 10 million computers to find out what porn sites people like to visit isn't one of them.

From the article: "This vulnerability could impact government systems, private industry and critical infrastructure, as well as individual and home users"

I think that statement is pretty much an ordered list of government priorities when urging these security measures. Why is the government getting involved? They're looking out for their own interests. The average government worker is likely sitting on a windows workstation right now, surfing the internet with IE, creating a presentation in Powerpoint, running some calculations in Excel, or typing a document in Word... and they probably don't even have the administrative rights to run their own updates, so they sit around waiting for some IT grunt to get off his lazy ass and do it for them.

Even as we speak, I'm sitting at a Windows work station without version management and without admin rights. I have to use the company standards of IE and Office because I can't install Mozilla and OpenOffice. I don't even know if our IT department is aware that they need to run any patches. I haven't seen them do it since I've started working here. And what's worse, I'm working for a government contractor which is always making a lot of fuss about security!

Which brings me to my next point. The government is also looking out for industry and commerce. I'm sure you've noticed the U.S. economy isn't what it used to be. The last thing this country needs is a cyber attack wreaking havoc among businesses and putting even less trust in online commerce than there already is.

Shouldn't we be suspicious that the government has never openly declared critical Linux updates an imperative?

Actually, the DHS has funded open source security auditing. Its true, they have never made it an imperative critical update, but you have to take into account the users and usages of open-source products. If you've installed and/or administrated Linux, its very likely you have enough know-how that you don't need a government warning to get you to stay on top of security patches.

Windows, however, is the most widely used operating system, especially for people who don't have the first clue about security or administration. How many Windows users out there use Administrator as their standard account? People like that need to be warned about the importance of updates.

While I'm not going to deny the possibility that they do have more up their sleeves, I think the past couple years have made me less likely to don the tin foil. With the terrorist attacks, resulting WMD wars, Gee Dubya elections, and blatant fear-tactics, I've really begun to realize that "government intelligence" truly is an oxymoron.

--
Take off every sig. Move sig for great justice.

And why isn't the government's warning message included with specific reasons and details of what the problems are and what the patch is going to do?

Why now?

Doesn't the United States CERT fall under DHS?

It makes sense that they would issue an advisory to tell people to protect their machines. While the R in CERT traditionally stood for Response (it is not Readiness), I still don't think its a huge deal for them to be proactive in telling people to get their act together

In my country, the United States of America, I have never seen everyone so polarized. As a result, I personally highly value the ability to see actions and events from both sides. It's a becoming a rare trait.

On one hand, this announcement shows that the government is looking out for us. They are concerned about terrorists using our machines to commit acts of cyber terrorism. They are helping us protect ourselves by advising that we patch our machines with hyper critical updates from Microsoft. We should be glad that our government is so thoughtful and has decided to twist Microsoft's arm into fixing these problems and releasing updates. After all, as Americans, nothing is more important to me than my internet. It's my commerce, education, and ... uh ... love life. I wouldn't care if terrorists destroyed every TV & radio station in the United States, but I would riot if I was denied an internet connection for more than a few weeks. They're just protecting my interests much like a public service announcement or a tornado warning. I mean, the US-Cert team has been doing this for a while--even on my Mozilla browser. This "Patch Windows Now or Else..." is just FUD from the Slashdot editors--if you read the government press release, it's merely a recommendation, not a demand, warning or threat to patch your machine.

On the other hand, should we be suspicious? I mean, there have been much more severe critical problems with prior editions of Windows that the government hasn't deemed necessary to recommend. How do we know that these patches aren't part of some sort of government initiative to harvest data? I mean, we've seen it with our phones and e-mail--why not another form of technology? Could it be that these patches will occasionally phone Microsoft who then relays our data and actions to the FBI and/or NSA? Shouldn't we be suspicious that the government has never openly declared critical Linux updates an imperative? Why Windows? And how can we believe them if we never get to see the source code of the original program and the source code of the patches? Two points to note: Why now? And why isn't the government's warning message included with specific reasons and details of what the problems are and what the patch is going to do? These patches might be a wolf in sheep's clothing. I don't think the government is so worried about our interests but more so they're worried about the gathering of intelligence in their case against every single United States citizen.

In my country, the United States of America, I have never seen everyone so polarized. As a result, I personally highly value the ability to see actions and events from both sides. It's a becoming a rare trait.

On one hand, this announcement shows that the government is looking out for us. They are concerned about terrorists using our machines to commit acts of cyber terrorism. They are helping us protect ourselves by advising that we patch our machines with hyper critical updates from Microsoft. We should be glad that our government is so thoughtful and has decided to twist Microsoft's arm into fixing these problems and releasing updates. After all, as Americans, nothing is more important to me than my internet. It's my commerce, education, and ... uh ... love life. I wouldn't care if terrorists destroyed every TV & radio station in the United States, but I would riot if I was denied an internet connection for more than a few weeks. They're just protecting my interests much like a public service announcement or a tornado warning. I mean, the US-Cert team has been doing this for a while--even on my Mozilla browser. This "Patch Windows Now or Else..." is just FUD from the Slashdot editors--if you read the government press release, it's merely a recommendation, not a demand, warning or threat to patch your machine.

On the other hand, should we be suspicious? I mean, there have been much more severe critical problems with prior editions of Windows that the government hasn't deemed necessary to recommend. How do we know that these patches aren't part of some sort of government initiative to harvest data? I mean, we've seen it with our phones and e-mail--why not another form of technology? Could it be that these patches will occasionally phone Microsoft who then relays our data and actions to the FBI and/or NSA? Shouldn't we be suspicious that the government has never openly declared critical Linux updates an imperative? Why Windows? And how can we believe them if we never get to see the source code of the original program and the source code of the patches? Two points to note: Why now? And why isn't the government's warning message included with specific reasons and details of what the problems are and what the patch is going to do? These patches might be a wolf in sheep's clothing. I don't think the government is so worried about our interests but more so they're worried about the gathering of intelligence in their case against every single United States citizen.

... why does there have to be a news story about every one?
if you are really concerned, rather try these rss feeds:
http://www.us-cert.gov/channels/techalerts.rdf
http://secunia.com/information_partner/anonymous/o .rss

I'm on a couple of these kinds of lists already.

I've been on the the CERT lists (and the Old system for 9 years now, and they have never abused the system to my knowledge. Granted, CERT is only for computers, but it is similar to some of the new proposed lists.

I also signed up for the Safe Community Alert Network, which is some sort of private-public partnership between SBC/ATT & various other organizations. Various government State, County & City agencies in California have referred me to ScanUSA.

ScanUSA does send me Amber Alerts, notifications about nearby fires, etc. However some of those Amber Alerts & Fire Alerts are from San Diego, which is 500 miles from me. Not very relevant.

The vast majority of the messages have been spam-ish -- I got notifications about the COPS program (COPS uses *very* agressive fundraising techniques), non-urgent warnings regardiing West Nile Virus, reminding me to wear sunscreen, and notifications about upcoming meeting for the County Health Department.

Here's the kicker: I'm only signed up for "Critical" alerts. I shouldn't be getting any of these--- but I do.

I would never sign up for SMS alerts from this organization. Way too much Spam.

Send them this...

http://www.us-cert.gov/current/current_activity.ht ml#ie6bugs

Someone at the local medical school told me they are in the process of converting from IE to Firefox for all their systems because they don't feel IE is HIPA complient.

2 months? You're kidding, right? Or are you really that out of touch with the "news"?

Or maybe... oh wait, I'm sorry. You're just trolling.

Never mind.

• A security alert from March of 2003 in which Sendmail has been determined to contain a buffer overflow vulnerability.
• Another security alert from later that year.
• A security alert also from 2003 regarding a remote buffer overflow.
• A security alert from 2002 regarding a trojan horse horse sendmail distro.
• Some freebsd specific Sendmail alerts.
• A security alert from March of 2006 (this year) regarding a race condition that may allow remote code execution by an arbitrary user.
• A plethera of similar or smaller security concerns can easily be found.
• The most recent release of Sendmail involves things like fixing possible integer overflows & unsafe use of setjmp(3)/longjmp(3) or adding time outs.

Time to dismantle this 'pot-calling-the-kettle-black' Ad-Hominum attack utilizing Linux Penguin who's already on the ropes, tossing names:

"It never fails to amaze me how the Anonymous Cowards post false information when hardly anybody reads it." - by Anonymous Coward on Thursday April 20, @09:37AM (#15164261)

Funny, you read it, first of all!

"Argue with the numbers, facts & figures." - by Anonymous Coward on Thursday April 20, @09:37AM (#15164261)

No no, senor:

You argue with these facts & figures here, from CERT (an agency that specializes in computer based security findings):

http://it.slashdot.org/it/06/01/05/0027219.shtml?t id=172&tid=218 http://it.slashdot.org/it/06/01/05/0027219.shtml?t id=172&tid=218

&

http://www.us-cert.gov/cas/bulletins/SB2005.html http://www.us-cert.gov/cas/bulletins/SB2005.html

QUOTE EXCERPT:

"Linux/Unix (including Mac OS) had almost three times the number of OS-specific vulnerabilities reported last year compared to Microsoft Windows."

Argue with the numbers & facts + findings from a gov't. organization that specializes in that area... you'll see it's better than your F.U.D. attempts & puny attempts @ it.

"Besides, Anonymous Cowards who post without backing their opinions up have no girlfriends, and tiny peckers." - by Anonymous Coward on Thursday April 20, @09:37AM (#15164261)

LOL, well... JUST in case you hadn't noticed?

You also post as "A/C" as well!

(YES, folks - yet another typical Linux user oversight, lol! They can't even realize they are the pot calling the kettle black! AND, I posted quite the body of facts & figures from a respected source in this field.)

Secondly - Ah, the INEVITABLE "Ad-Hominum" attack from the Linux/UNIX boys when they get floored by facts - Yes, truly the "VERY BEST" you can expect from Linux/UNIX people, when they are 'down-for-the-count' attack YOU, not the subject matter @ hand!

LOL!

(That the BEST you've got? No WONDER your OS & software are fast becoming (or in the case of Linux already are) the '2nd-class citizenry' of computing by comparison to Microsoft-based OS users worldwide, machine for machine)

* :)

Time to dismantle this 'pot-calling-the-kettle-black' Ad-Hominum attack utilizing Linux Penguin who's already on the ropes, tossing names:

"It never fails to amaze me how the Anonymous Cowards post false information when hardly anybody reads it." - by Anonymous Coward on Thursday April 20, @09:37AM (#15164261)

Funny, you read it, first of all!

"Argue with the numbers, facts & figures." - by Anonymous Coward on Thursday April 20, @09:37AM (#15164261)

No no, senor:

You argue with these facts & figures here, from CERT (an agency that specializes in computer based security findings):

http://it.slashdot.org/it/06/01/05/0027219.shtml?t id=172&tid=218 http://it.slashdot.org/it/06/01/05/0027219.shtml?t id=172&tid=218

&

http://www.us-cert.gov/cas/bulletins/SB2005.html http://www.us-cert.gov/cas/bulletins/SB2005.html

QUOTE EXCERPT:

"Linux/Unix (including Mac OS) had almost three times the number of OS-specific vulnerabilities reported last year compared to Microsoft Windows."

Argue with the numbers & facts + findings from a gov't. organization that specializes in that area... you'll see it's better than your F.U.D. attempts & puny attempts @ it.

"Besides, Anonymous Cowards who post without backing their opinions up have no girlfriends, and tiny peckers." - by Anonymous Coward on Thursday April 20, @09:37AM (#15164261)

LOL, well... JUST in case you hadn't noticed?

You also post as "A/C" as well!

(YES, folks - yet another typical Linux user oversight, lol! They can't even realize they are the pot calling the kettle black! AND, I posted quite the body of facts & figures from a respected source in this field.)

Secondly - Ah, the INEVITABLE "Ad-Hominum" attack from the Linux/UNIX boys when they get floored by facts - Yes, truly the "VERY BEST" you can expect from Linux/UNIX people, when they are 'down-for-the-count' attack YOU, not the subject matter @ hand!

LOL!

(That the BEST you've got? No WONDER your OS & software are fast becoming (or in the case of Linux already are) the '2nd-class citizenry' of computing by comparison to Microsoft-based OS users worldwide, machine for machine)

* :)

"netBSD [netbsd.org] refutes you troll." - by Whiney Mac Fanboy (963289) * on Thursday April 20, @09:31AM (#15164214)

First of all, it doesn't refute this:

From CERT (an agency that specializes in computer based security findings):

http://it.slashdot.org/it/06/01/05/0027219.shtml?t id=172&tid=218 http://it.slashdot.org/it/06/01/05/0027219.shtml?t id=172&tid=218

&

http://www.us-cert.gov/cas/bulletins/SB2005.html http://www.us-cert.gov/cas/bulletins/SB2005.html

QUOTE EXCERPT:

"Linux/Unix (including Mac OS) had almost three times the number of OS-specific vulnerabilities reported last year compared to Microsoft Windows."

Also, I don't see BSD able to run 1/10th the types of peripherals Windows does, point-blank.

(You can try to add up all of those other platforms, CPU-wise, but it still doesn't equal or surpass Windows support of peripheral equipment... no questions asked).

I nearly hate to tell you this, but you need a "dose of reality":

It's a WIDELY known & accepted fact that Windows based OS run on a good 90% of the world's computers... most of which, machine-for-machine out there nowadays, are x86 based!

In fact, X86 has proven such a versatile and fast platform, that it just took down stuff from the RISC world, 1 by 1 over the last decade or so.

(Anyone recall MIPS &/or PowerPC? They are being used less & less, and Apple's MacOS X is one recent proof of it... a UNIX based example, no less).

AND, that same 90%++ or better numbers in favor of machines running Windows based OS (specifically nowadays NT-based types like 2000/XP/2003 Server) are fully inclusive of systems ranging from:

Home desktops/laptops, to work based workstations on the job, up thru departmental servers and right up to the Enterprise-Class type (DB servers, webservers, app servers, file & print, you-name-it).

Versatility & ubiquity IS what Windows is all about, & why it's ontop!

(And, x86 is where it is at, especially since distributed & clustered computing is taking hold, ontop of client-server application designs).

E.G.-> It's already been proven time & again, that a few dozen/hundred/thousand clustered rigs can do more than many larger "big-iron" rigs can, which is why systems of that nature take the top-spots in today's super-computer shootouts/challenges.

(YES, Linux does clustering, as do many UNIX variants, AND, Windows can as well nowadays (albeit not final yet but close), via its compute-cluster edition versions).

ABOVE ALL:

Overall, since more systems worldwide run Windows NT-based OS from home desktop/laptop, departmental workstations, thru departmental servers as well as up to enterprise-class/mission-critical servers (web, db, application, file & print you-name-it), where are your employment opportunities greater?

Windows, or UNIX & its variants??

Windows, hands-down, of course!

* :)

Yup... You Linux Penguins & UNIX nuts either need to gain experience in this field, or wake up earlier & have more coffee in the A.M., to get the better of me...

Same to you mods also:

You've blocked me via 1 IP from replying (literally, lol, the "geek angst" of the defeated only shows itself MORE in that little debacle which I easily blew by)...

Mods blocking my IP addy or Mac Address doesn't stop me from posting from another set of those... Simply by just merely setting up my own anonymous servers, & blowing by your PUNY block attempts THAT way, seen here:

"Due to excessive bad posting from this IP or Subnet, anonymous comment posting has temporarily b

"netBSD [netbsd.org] refutes you troll." - by Whiney Mac Fanboy (963289) * on Thursday April 20, @09:31AM (#15164214)

First of all, it doesn't refute this:

From CERT (an agency that specializes in computer based security findings):

http://it.slashdot.org/it/06/01/05/0027219.shtml?t id=172&tid=218 http://it.slashdot.org/it/06/01/05/0027219.shtml?t id=172&tid=218

&

http://www.us-cert.gov/cas/bulletins/SB2005.html http://www.us-cert.gov/cas/bulletins/SB2005.html

QUOTE EXCERPT:

"Linux/Unix (including Mac OS) had almost three times the number of OS-specific vulnerabilities reported last year compared to Microsoft Windows."

Also, I don't see BSD able to run 1/10th the types of peripherals Windows does, point-blank.

(You can try to add up all of those other platforms, CPU-wise, but it still doesn't equal or surpass Windows support of peripheral equipment... no questions asked).

I nearly hate to tell you this, but you need a "dose of reality":

It's a WIDELY known & accepted fact that Windows based OS run on a good 90% of the world's computers... most of which, machine-for-machine out there nowadays, are x86 based!

In fact, X86 has proven such a versatile and fast platform, that it just took down stuff from the RISC world, 1 by 1 over the last decade or so.

(Anyone recall MIPS &/or PowerPC? They are being used less & less, and Apple's MacOS X is one recent proof of it... a UNIX based example, no less).

AND, that same 90%++ or better numbers in favor of machines running Windows based OS (specifically nowadays NT-based types like 2000/XP/2003 Server) are fully inclusive of systems ranging from:

Home desktops/laptops, to work based workstations on the job, up thru departmental servers and right up to the Enterprise-Class type (DB servers, webservers, app servers, file & print, you-name-it).

Versatility & ubiquity IS what Windows is all about, & why it's ontop!

(And, x86 is where it is at, especially since distributed & clustered computing is taking hold, ontop of client-server application designs).

E.G.-> It's already been proven time & again, that a few dozen/hundred/thousand clustered rigs can do more than many larger "big-iron" rigs can, which is why systems of that nature take the top-spots in today's super-computer shootouts/challenges.

(YES, Linux does clustering, as do many UNIX variants, AND, Windows can as well nowadays (albeit not final yet but close), via its compute-cluster edition versions).

ABOVE ALL:

Overall, since more systems worldwide run Windows NT-based OS from home desktop/laptop, departmental workstations, thru departmental servers as well as up to enterprise-class/mission-critical servers (web, db, application, file & print you-name-it), where are your employment opportunities greater?

Windows, or UNIX & its variants??

Windows, hands-down, of course!

* :)

Yup... You Linux Penguins & UNIX nuts either need to gain experience in this field, or wake up earlier & have more coffee in the A.M., to get the better of me...

Same to you mods also:

You've blocked me via 1 IP from replying (literally, lol, the "geek angst" of the defeated only shows itself MORE in that little debacle which I easily blew by)...

Mods blocking my IP addy or Mac Address doesn't stop me from posting from another set of those... Simply by just merely setting up my own anonymous servers, & blowing by your PUNY block attempts THAT way, seen here:

"Due to excessive bad posting from this IP or Subnet, anonymous comment posting has temporarily b

It's interesting. What this guy claims to be advantages, are precisely the FLAWS. Specially with Internet Explorer. Right now it would be much more secure if MS had open sourced it 6 years ago.

I may be wrong in this assumption, but it seems to me that you're implying Mozilla and Firefox are secure. I don't know if you're on the CERT mailing list, but I just got an advisory yesterday regarding some dozen odd vulnerabilities. That being said, you're probably right that many of IE's security issues would have been fixed by the public if they had access to the sourcecode.

This was lobbyist dollars hard at work, and if I lived in this state, I would be calling my legislature and governor ASAP.

As previous posters have noted, these attacks have become more frequent in recent months, prompting an advisory from US-CERT (PDF) in December. It's a hot topic on several security lists, and a special focus of SecuriTeam blogger Gadi Evron.

Paradise Pete: How could you infer that from what I wrote? I never once mentioned any other OS.

Precisely, you never mentioned any other OS with regards to privilege escalation attacks... and you'll notice I was really just _asking_ if you were trying to imply something about another OS, so actually, I didn't infer it as much as I wondered if you meant to infer it.

I have little doubt that XP is less secure, but that's not the issue. Up until a few days ago, no one was claiming to be able to escalate user privileges under OS X. Now someone is claiming that. And if it's true, it's a problem not to be taken lightly. And if it can be done programatically, then it's a very serious issue.

Um. Ok. Here's the thing: just about every form of *nix under the sun has had a history of problems with privilege escalation. Go to this CERT document and search for "elevated privileges"... as just one example of how widespread and ( fairly ) well-known this type of problem is. While you're there, note that OpenSSH is what OS X uses. I'm sorry that you ( and apparently a lot of other people ) weren't aware of this as a problem, and usually such attacks are fairly difficult and too obscure for most people to do, but... they are a real problem, and always have been.

For what it's worth, I don't run XP. I don't run Linux. I run OS X, and I've done so since it first came out. And I ran Mac OS 9, and 8, and 7, and 6, and even had a original Mac with only a floppy drive. So I'm not looking to bash Macs. In fact, my friends who I drive nuts with my "Mac talk" would laugh at the idea.

Well, consider for a minute then that OS 9 has pretty much *no* such concept as privileged and unprivileged users... it does have some user restrictions, but they never worked terribly well in part because they weren't implemented by much more than the Finder and system services. Would you have given someone an account on your OS 9 machine if you didn't know who they were? I doubt it.

But that still doesn't mean this is a trivial issue. And it doesn't really matter that's it's "less bad" than XP. I take that to be a given.

Yup... definitely not a trivial issue. Definitely an issue that Apple ( and, clearly, developers and system designers in general ) would like to ignore... because it's complicated and restricts what you can do. Apple needs to step up and treat privilege escalation as a more serious threat than it seems they have in the past. Hackers need to step up and do the right thing by reporting these problems when they find them. But most importantly, users like you and I need to remember that there is no such thing as giving someone "safe" access to your machine... if you're going to open up SSH or any other avenue that could be used for attack, do it carefully, check out OpenSSH CERT reports, and remember that you're not invulnerable, no matter what operating system you're using. They have not built an unsinkable ship, nor have they built an operating system that you can give someone "some" ability to directly execute arbitrary code on. You might think OS 9 did that, but it didn't- it made it really, really hard to execute arbitrary code from anything but the console, but once you were a user, it was easy to do whatever you wanted. OS X is an improvement on that, really... even *if* you give anyone who wants one a login account and ask them to own your machine. And it's definitely an improvement on WindowsXP, though I do wonder if OpenBSD or something might be more safe.

It really is like locking somone in the garage or basement and daring them to get into the rest of the house. If you actually *want* to be safe, you'll lock them out at the gate outside your house, and not let them in where they can start to attack through the drywall.

There already is, its called CERT http://www.us-cert.gov/cas/techalerts/TA06-032A.ht ml/
From February 1, 2006.

You could always report it to CERT (US Computer Emergency Readiness Team) or the FBI's Internet Crime Complaint Center.

You had better learn from the UNIX/Linux/MacOS X world then:

http://www.us-cert.gov/cas/bulletins/SB2005.html

(That's according to U.S. Cert.gov, a governmental agency specializing in the arena of security & vulnerabilities).

UNIX/Linux/MacOS X + the wares that run on them just plain were found to have more bugs in them and their wares in 2005, read the above & weep!

(Plus, as far as wares for all of them compared to Windows & Win32? Heh, they have far less of them in their world than is in Windows also & generally harder to use than Win32 wares AND OS' no less & STILL SHOWED UP MORE BUGS/SECURITY HOLES than Windows & Win32 software)...

LOL! Now, I can see why his post was modded up as "funny" because it is...

"While the *nix varieties are definitely more secure (as they are now)" - by dada21 (163177) * on Saturday January 14, @08:59PM

http://www.us-cert.gov/cas/bulletins/SB2005.html

Take a read of that. As of 2005, it seems Unix & all its derivants (+ wares that ride on them) turned up more security holes than Windows & all its wares this year.

APK

http://www.us-cert.gov/cas/techalerts/TA06-011A.ht ml

you must have missed the certs from friday osx has its own set of problems, yet since nobody actually uses them it wasn't frontpage news

http://www.us-cert.gov/cas/techalerts/TA06-011A.ht ml

good luck with the mac's

Microsoft Corp. seems to be moving away from focusing on the actual number of security patches and updates that it and its software competitors release.

But of course they are...since Joe Brockmeier and Joe Barr of NewsForge , as well as Pamela Jones of Groklaw did such a masterful job of debunking the ridiculous annual summary of vulnerabilities by US-CERT (discussed earlier on Slashdot), Microsoft has necessarily had to switch propaganda tactics.

Instead, it is concentrating on making it easy and efficient for customers to obtain the security fixes and update their systems.

That's funny...I've never had a problem with my Yast Online Update...

"...patching, particularly for security, is not a 'Microsoft problem,' but something that affects all operating system and platform vendors," Hilf said.

Nice straw man, Hilf. No one is claiming that non-Microsoft operating systems don't need to be patched. The issue is whether the patches are issued in a timely manner...or not.

"Counting WINE is moronic." - by node 3 (115640) on Thursday January 12, @01:24AM

LOL! And, your counting IE isn't?

Your namecalling ISN'T?? :)

* It's generally the last resort of the defeated in debate my boy...

"You can run every single flawed Linux binary on Windows, too, if that's your metric." - by node 3 (115640) on Thursday January 12, @01:24AM

ROTFLMAO... uhm, there's more of them in your precious UNIX based/derived/descended OS according to US-CERT.GOV (an impartial 3rd party agency that specializes in that area- security).

See here:

http://www.us-cert.gov/cas/bulletins/SB2005.html

APK

P.S.=> Gee, I wonder WHO the 'moronic one' is here - the one showing concrete evidences (like the WINE one showing Linux having flaws in .wmf format file hijacks online, when you said "linux has none" etc. in that capacity & I clearly showed you it does - ones Windows has fixed no less as of this date, & linux doesn't)... you talk a lot, but no verifiable proofs as I provided to counter your "BOLD STATEMENTS" from your last posting prior to this one!

TOO EASY... apk

APK

"No, Windows is not "less bug-prone/filled" than Linux (you got that wrong anyway, it's not "bugs", it's "vulnerabilities", that matter in terms of security)." - by node 3 (115640) on Tuesday January 10, @10:41PM

First of all, that is what the URL showed: Unix based OS (since they are all knockoffs of the original unix designs from Bell Labs/BSD/Minix etc.) had more security holes in them...

The funny part is?

Unix based systems have less softwares than Windows do, and less drivers for the amount of peripheral hardwares out there.

Unix based OS run less peripheral hardwares period, because many platforms UNIX's run on just don't have them, or drivers for them!

(There is little question that x86 platforms are the MOST used between end-user desktops/laptops and servers out there worldwide, and that Windows runs more peripheral devices than any other platform, not only x86, but the hardwares for it)

Unix based OS have less software, and drivers for peripheral hardwares than Windows does no less, yet showed more security holes!

Secondly - See here, tell us otherwise, in regards to what was found having the most security holes, period:

http://www.us-cert.gov/cas/bulletins/SB2005.html

That's no Microsoft sponsored test, and run by an impartial gov't. agency (if anything, they are 'anti-ms' because of all the lawsuits the gov't. targetted @ MS for 'antitrust' etc.) which specializes in that area- security.

APK

"Actually it is all Microsoft's fault. Whether or not they deserve to be villified for it is another issue. But consider the following: 1) They don't fix bugs they know about so they don't break compatability with programs that rely on the bugs." - by pHatidic (163975) on Tuesday January 10, @07:03PM

Better check the URL posted below at the end of my posting in reply to you, ok?

That link will show YOU which OS family (Windows or Unix variants/knockoffs like Unix-Linux-MacOS X) had more security related bugs... ok?

(DO read it, you need to, in order to be informed better with current year-end 2005 security data)

Data & results from a 3rd party impartial site (us-cert.gov) that is NOT sponsored by MS @ all - heh, if anything?

They are AGAINST MS, because they levelled antitrust suits against MS, they're the U.S. Government, & the site is all about that area - security!

"2) They don't submit their code for review by the public." - by pHatidic (163975) on Tuesday January 10, @07:03PM

They do to institutions and companies that are part of an agreement with them to do so. Not for everyone, but they do that. Also, consider - they are COMMERCIAL software, & that codebase is their lifeblood as well.

Now, lastly, on that point of yours:

Have you even also considered the reverse of your statement, that opening up that same code would allow attackers to understand it better for the purposes of attacking it?

"3) They don't follow security best practices, like turning off services by default." - by pHatidic (163975) on Tuesday January 10, @07:03PM

LOL, sure they do man: Have you seen or used Windows Server 2003? It only installs in workstation mode first of all, less of a services based attack surface, & it has the Security Configuration Wizard (SCW) as well, & what is one of the FIRST THINGS IT DOES?

Turn off unnecessary services!

"4) They make their OS less secure by obfuscating design to make it difficult for competitors." - by pHatidic (163975) on Tuesday January 10, @07:03PM

Care to explain that? If you mean interfaces to file formats or say, API's Outlook uses, those are proprietary secrets... try to consider it from THEIR point-of-view as a commercial entity. Again, those are their trade secrets.

They have gotten better about that though.

"5) They use propriety data formats." - by pHatidic (163975) on Tuesday January 10, @07:03PM

And, what is wrong with that exactly? They DO provide API's to work with them MOSTLY, don't they??

(Uhm, also, correct me if I'm wrong but, isn't that same API I mention present & more used than ANY OTHER ON THE PLANET in more softwares because there are more softwares for varied purposes for Microsoft OS than any others?)

"6) They alter the OS to make it work with their programs instead of designing a solid OS so that anyone can make programs run with it." by pHatidic (163975) on Tuesday January 10, @07:03PM

WHAT? I've been building softwares for Windows professsionally in an MIS/IS/IT capacity for more than a decade now, and also sharewares as well... the Win32 API is VERY WELL DOCUMENTED & HAS FINE "RAD" TOOLS LIKE VB6 & Visual Studio as a whole, Borland Delphi, Visual Studio.NET & many more (heck, even their office suite is programmeable and pretty flexible, e.g.-> Excel & Access via VBA).

So... in addition to ALL that?

All I can say to you is - OH, really??

WELL, then you should see here which OS family + softwares had more bugs in 2005 exposed, Windows OR Unix type OS' and derivants/knock-offs like Linux/MacOS X etc.:

http://www.us-cert.gov/cas/bulletins/SB2005.html [us-cert.gov]

Findings & results from that site (which specializes in security mind you) showed that Windows and Win32 softwares had clearly LESS SECURITY RELATED HOLES IN THEM THAN Unix/Linux/MacOS X & their wares in the year 2005!

(And, yes,

"Second: That's a bunch of bullshit. There really are more holes in Windows, and it really is because Microsoft is fucking lame, doing things wrong at every potential opportunity." - by drinkypoo (153816) on Tuesday January 10, @07:35PM

OH, really?

Who's being lame (as well as the one full of shit, since your words are clearly disproven in the URL findings below)??

See here which OS family + softwares had more bugs in 2005 exposed, Windows OR Unix type OS' and derivants/knock-offs like Linux/MacOS X etc.:

http://www.us-cert.gov/cas/bulletins/SB2005.html

Findings & results from that site (which specializes in security mind you) showed that Windows and Win32 softwares had clearly LESS SECURITY RELATED HOLES IN THEM THAN Unix/Linux/MacOS X & their wares in the year 2005!

(And, yes, that's the results of a U.S. Gov't. agency's findings, not some Microsoft sponsored test which you Linux penguins & Unix fiends often rant about - so much for your rants that "Linux and Unix are more secure than Windows", eh?)

* :)

APK

P.S.=> Now that you're eating those words of yours boy, I gotta know - how do they taste? Oh, I know what flavor they are:

"The bitter taste of defeat"... lol! apk

The website url here

http://www.us-cert.gov/cas/bulletins/SB2005.html

Showed facts that in the year 2005 more bugs and security related issues were found in Unix based or derived operating systems and softwares than in Windows and its wares.

(Contrary to the information often stated by the penguins and unix fans worldwide and very often here at slashdot).

So I must ask - why was the post which I am replying to modded down?

It only showed things as they are from a reputable 3rd party source's findings in us-cert.gov which is a united states government website specializing in security related issues and it is also fairly obvious that the United States government is not partial to Microsoft because of the antitrust suits they have plagued Microsoft with.

The findings on the website used were also not results found by a test sponsored by Microsoft which is another complaint used by the linux people here at slashdot very often.

Shameful and childish modding down the posting that way slashdotters. Is that what unix people are about?

Unix, Linux, and MacOSX users are now the ones with the least secure operating system platforms it appears, not Windows users.

That "unending stream of patches" seemed to have made Windows & Win32 API based programs less bug-prone/filled than Unix (and its derivants/offshoots like MacOS X (via BSD) & Linux (via MINIX))!

See here:

http://www.us-cert.gov/cas/bulletins/SB2005.html

As of the year ending of 2005...

(And, yes, guys (specifically the Pro-Linux/Unix/Mac crowd here @ slashdot (you KNOW WHO YOU ARE, lol, the guys that endlessly blast on windows here)) :)

* That's an IMPARTIAL 3rd party that wasn't sponsored by Microsoft, & a gov't. agency that specializes in the area - security!

APK

P.S.=> Considering also that Windows based OS nowadays are the most used out there overall, on the most utilized hardware platform (x86) between personal computers/laptops & servers? That's QUITE an achievement on Microsoft's part imo... (Ducks as the Penguins prepare to flame the hell out of me) apk

"Hey asshole, wipe off your chin, there's still some billg cum on there" - by Anonymous Coward on Sunday January 08, @05:13PM

Aha, hey everyone:

Please note the severe lack of intelligence illustrated above by the anonymous penguin there I quoted... the VERY typical "insulted penguin" zealot who can't face facts!

Facts like these:

http://www.us-cert.gov/cas/bulletins/SB2005.html

Windows has LESS BUGS in it and the apps that run on it, than Linux or Unix (and knockoffs/variants/derivants), period.

Oh, & by the way?

I don't think you can pull your usual Penguin diatribes of:

"The test was not fair"

OR

"it was sponsored by Microsoft" (especially when, like the old mindcraft tests, Linux OR UNIX (and their variants) gets their ass handed to them in legit tests & findings by agencies like US-CERT that specialize in that area).

Now, can you? What's the matter?? Nothing better to say than your raging vomit I quoted above, boy???

(See, it's not too hard to be 'crude' like yourself, but @ least I back up my words with verifiable facts... playing by YOUR rules, & not using a citing from an MS sponsored test no less!)

Ah... lol!

So much for "Unix & Linux being more secure than Windows" eh, the 'typical mantra' of the losing team now proven F.U.D. & ineffectual lies apparently as of 2005!

Because that's now manifesting itself as untrue, pure bullshit, especially when faced with facts from US-CERT.gov & the URL I posted above!

Linux zealots now have less pots to piss in nowadays to put down Windows with, apparently... Well, too bad!

Quit bitching, & spreading "F.U.D." & learn what the HELL you're talking about for once... & back yourself up with verifiable facts from a credible source, ok?

And, mostly?

Thanks for the laugh & further proving my point here for me with that crap you spouted above which I quoted - no wonder you wouldn't post your name on it - you're a coward with NO balls!

Modding down my initial post as "100% overrated" only proves you Slashdot Pro-Linux/Unix fools can't face up to the facts, verifiable ones from a credible source, & you act like children in the doing of it.

Please - grow up boys, improve your OS + wares, instead of acting like hurt children. Men improve their lot, instead of acting childish.

Everytime I see you fools telling noobz your b.s. & I point out facts like that URL to them?

They're left speechless & start to question your linux zealot b.s., & are left with a "deer in the headlights" look on their face. Not their fault though, it's linux zealots like the one I quoted above for misinforming those folks!

(They're noobz, & I can excuse that... but, not the ones filling their heads with crap, which url's like the one above easily disprove!)

APK

P.S.=> Above all to the poster I quoted? Please, do yourself a favor - grow up boy!

Learn to face facts, OR @ least learn to code to improve your OS, because it's showing its flaws badly... replies like that one only show the truth & facts get to you, & you do NOT possess the intelligence to debate it effectively with verifiable fact... thanks for proving THAT for me!

To the moderators here - fools like that make slashdot appear VERY poorly... can or did I act like that here at times? Sure, right in this post, but ONLY when attacked first, & for what?

For putting up verifiable concrete facts from a credible source as I did? Please, give me a break! apk

"ROFL guys, you made me laugh. :D" - by hazah (807503) on Sunday January 08, @03:50PM

Hell, lol, I suspect Slashdot is MOSTLY Linux/Unix freaks, @ least the mods & such here!

Why??

Well, hell, I just told the truth in my initial posting, & then even backed it with facts (upon request) in debate throughout this post thread!

Then, I got "modded down" as 100% overrated in my initial posting?

LOL!

Alrighty then... thanks for proving my point!

(After all, having to mod me down when I only used provable facts backed by current data from sources that are NOT pro-MS & certainly not funded by them... well, that only proves my point I state right-off-the-bat here in THIS particular reply)...

And, like you?

Heh, it just makes me laugh, because nothing hurts like the truth & when I get a "mod-down" here regarding putting down facts that have shown Microsoft's OS doing better than Unix/Linux?

Guys - That's better than a "modded-up" post to me, because you only prove my point - Linux penguins are SO deluded in the superiority of there OS & API + programs produced with it (for years I kept hearing "how secure Linux & Unix are vs. Windows" & yet I can show clear evidence to the contrary, easily).

Linux has come a LONG ways, but it's not as secure as Windows is (especially Windows Server 2003 SP #1 fully hotfix patched) & most certainly doesn't have as much software for it, nor does it run as much peripheral hardwares for various purposes...

Why & how?

Well, the drivers aren't there for it most times, & it proves that monetary incentive drives fantastic amounts of commercially produced softwares... especially drivers!

APK

P.S.=> Funny part is? I like Linux with KDE & do like MacOS X very much... but, MacOS X doesn't have as much software to run on it as Windows NT-based OS do, & Linux is still not there on THAT account either... & the link from the agency in the U.S. gov't. that is responsible for tracking OS + software security related flaws here:

http://www.us-cert.gov/cas/bulletins/SB2005.html

Which showed in 2005, the past year, that Windows & its software actually had less bugs than Linux/Unix/MacOS X (all Unix knockoffs & derivants) apparently isn't good enough to be used as facts here @ slashdot... even if the agency is not "pro-MS", as the U.S. gov't. is not (hence the lawsuits they had against MS for monopolistic practices allegedly), & the tests are NOT sponsored by MS (like the old mindcraft ones the person arguing here with me about used, even though Linux got TRASHED there as well, & the test was unfair? Maybe to penguins it is, but then, they tend to be zealots & windbags, especially when faced with facts)...

Mod me down all you like boys, but the facts are just that - facts! You only prove my point for me... thanks! apk