Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security FUD On Linux

Posted by Hemos on from the throwing-it-around dept.

bobmatnyc writes "InfoWorld reports that Microsoft is planning an "security assault on Linux" by hyping results of a commissioned study pointing to the number of security holes in Linux vs. Windows, the number of days it takes to fill the patches, and by raising questions as to the reliability of code submitted throught the OS process. I suppose if they focus very narrowly on one measurement of security, completely ignore script-level vulnerabilities, default settings vulnerabilities (such as root access for all users), and the demographics of the user population, as well as a zillion other things I'm not clever enough to think of off the top of my head, they may have a point. "

5 of 679 comments (clear)

  1. Remotely vs. locally exploitable by winkydink · · Score: 5, Insightful

    As somebody pointed out to me not too long ago, as long as MS talks about security holes that are remotely exploitable, I don't think Linux has anything to worry about.

    --

    "I'd rather be a lightning rod than a seismometer." -Ken Kesey

  2. Hardly suprising by DG · · Score: 5, Insightful

    Given that Microsoft got caught lying to a Federal judge (during the antitrust case) why is anyone suprised that they'll lie to their customers?

    Isn't that a given?

    Anybody looking to a vendor to provide accurate data about its products or the products of its competitors deserves the crap they get.

    DG

    --
    Want to learn about race cars? Read my Book
  3. Re:Easy Question to Ask by muckdog · · Score: 5, Insightful

    You haven't "worked" in IT, have you? Part of that time is testing the patches to make sure they work and don't break something else worse that what the worm/virus/hole will do. Anyone who lets Windows update run fully automated on production servers is a fool.

  4. Re:Easy Answer by Vlad_the_Inhaler · · Score: 5, Insightful

    They also have the cash to pursue security problems, their problem appears to be design flaws that can only be 'corrected around'.

    An obvious example is integrating their Web Browser into their OS to screw Netscape, a political decision taken by his Billship. Bugs in IE lead to the equivalent of root exploits, bugs in Mozilla mean that one user account can be compromised.

    Another political decision has been to install software to offer all kinds of services, basically to keep third party vendors out. This software defaults to being active. What was that database port vulnerability again? Another consequence of this is that a virus/worm writer has reliable idea as to what components will be running/active.

    They have the cash for PR *and* fixes, but political decisions have led to a situation where this does not help. Having said that, if as many computers ran Linux as the various Win versions, we would also be seeing more problems that at present - they just would not be as serious.

    --
    Mielipiteet omiani - Opinions personal, facts suspect.
  5. Re:Finally! by Blikbok · · Score: 5, Insightful

    The biggest score Microsoft has had is convincing it's users that all of the rebooting and crashing and poorly-designed security features are to be expected in powerful software, and to expect to not only pay for such software, but buy extra software and pay consultants to work around these misfeatures.

    I don't know if making "Redhat" a synonym of "Linux" is all MS's fault though.