Slashdot Mirror


Security FUD On Linux

bobmatnyc writes "InfoWorld reports that Microsoft is planning an "security assault on Linux" by hyping results of a commissioned study pointing to the number of security holes in Linux vs. Windows, the number of days it takes to fill the patches, and by raising questions as to the reliability of code submitted throught the OS process. I suppose if they focus very narrowly on one measurement of security, completely ignore script-level vulnerabilities, default settings vulnerabilities (such as root access for all users), and the demographics of the user population, as well as a zillion other things I'm not clever enough to think of off the top of my head, they may have a point. "

6 of 679 comments (clear)

  1. Finally! by Anonymous Coward · · Score: 5, Funny

    I've been waiting years for Security FUD to run on Linux. I'm glad someone was able to port this over from Windows.

    1. Re:Finally! by msh104 · · Score: 5, Funny

      if that would just be all, 100 dollar on it that they are going only going to compare limitations of redhat only (perhaps even an old version) with their microsoft product. why don't they just spend that money and time on fixing bugs in windows instead of finding them in linux. perhaps we should create a bugzilla for them so they can post the problems they find there, i am sure someone will fix them.

  2. Great news! by DaHat · · Score: 5, Funny

    This is such good news for me, and here I was, ready to throw windows out of my life and become a linux guru, thanks microsoft for showing me what a mistake that would be!!!

  3. Re:Talk about shooting yourself in the foot by beacher · · Score: 4, Funny

    There are 5 stages of denial - denial, anger, bargaining, depression, and acceptance. Wonder which stage this PR campaign fits?

  4. Re:Easy Question to Ask by Anonymous Coward · · Score: 4, Funny
    If only applying patches were all one had to do to administer a Windows box! Due to Microsoft's delayed reaction times, it goes something more like this:

    Wake up, day 1, to phone call saying "all our computers are shutting down randomly!" You grumble and go to work.

    At work, you pop in your trusty f_prot or other comparable antivirus software and BAM! There's Blaster/SoBig/Klez/whatever staring you in the face. You yell at a random staffer for opening attachments at work.

    You begin isolating and cleaning all infected machines. You run scans on a few other machines just to make sure.

    You lecture the entire office once again on how it never really is a cool screensaver or neat program that their friend sends them in the e-mail.

    Two hours later someone comes back to your room carrying a printout of an e-mail with an attachment. "Is this a virus?" They ask. You cringe. The printout contains the words "application/octet-stream." You manage to croak something and nod hoarsely.

    You grab your antivirus disk again and go clean the Klez off all the machines in billing. For a second time. You curse Outlook violently at this point and time. You are probably becoming irrational and violent, like an enraged monkey.

    You go home at the end of the day and dream of playing Russian roulette with a shotgun.

    This continues for a week until Microsoft releases the patch, which you download and install. You think everything will be OK for a while.

    You get a call the following morning. Some idiot brought his laptop up from home, and his kids had been using it. You now have 30 more viruses to clean! Fun!

    You tell your boss that he could pay you 1/3 of the pay he does (minus overtime) if he'd just go buy some Macs or let you install Linux on the office computers. He strokes his pointy hair and laughs at you.

    You die cold, bitter and alone, and Bill Gates torments your soul for all eternity.

  5. Linux and Security Holes by jd · · Score: 4, Funny
    Inspired by this research, I sought to find other examples of security holes in Linux which do not occur in Windows.
    • Linux is more stable, thereby giving crackers more time to break passwords.
    • By not fixing things, Microsoft Windows causes crackers to become lazy and slothful, so when a patch does arrive, the cracker won't be expecting it.
    • Many Linux distros use MD5 hashing for passwords, which is much slower than just storing in plain text, making it possible to run a denial-of-service against a Linux box.
    • By renaming COMMAND.COM to CMD.EXE, Windows is secure against DOS attacks. At least, those up to 6.22.
    • Windows cannot trigger world chaos in safe mode. It's disabled.
    • By using all available memory, Windows cannot run additional viruses.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)