Looking Back At Windows Security In 2003

thebatlab writes "Help Net Security has an interesting look at security in Windows during 2003, with various blurbs from related parties at Microsoft as well as security 'bigwigs' such as Russ Cooper. It's interesting to read the comments from external parties, as they tend to be very reasoned comments and don't simply attack away over recent 'indiscretions' and 'security lapses' Microsoft has had over the year."

Its crap but just as crap as anyone else

[rkz]

Microsoft have had their share of vunerabilities over the last year but not significantly more than linux has, this kind of article always appears on slashdot poking fun at windows security but linux is not much better. Apt-get is not that much better than Windowsupdate.microsoft.com.

I work for a fortune 500 company and we have been considering switching from Windows NT 4 to either Windows Server 2003 or Linux. After much testing we decided to stay on windows for virtually everything except the Primary Domain Controller which scaled much better under Debian.

For file servers we found that samba caused some shares to dissapear occasionally and so we stuck to Windows. For email we needed exchange so we had no choice. For firewall we kept windows because the software we currently use performs much better on windows than Linux.

But as far as security goes we could see on clear advantes of one platform over the other.

Looking at...

[oGMo]

Wait, looking back at Windows what?

;-)

My guess.

[FreeLinux]

You are assuming that such a worm will be like the countless outlook varieties. Obviously this will not be too effective against Linux. However, there are other means for worms to propogate such as the slammer worm. There are also numerous services that are fairly common across all Linux variants.

My guess is that if such a worm were to come about, it would likely spread through a hole in sendmail. Another, though less likely, possibility is Apache with special emphasis on PHP.

Re:My guess.

[FreeLinux]

Ok, bad examples. But, the fact remains that all it would take is a remote exploit in a commonly used daemon. syslogd, klogd, gpm, crond, cupsd, sshd, xinetd all run as root on most Linux systems. A remote exploit in any of these modules would allow the automated propogation of a malicious payload (worm) from one Linux system to another. All it needs is root.

Re:Slashdottism

[spongman]

You did enable the built-in firewall before connecting your machine to the internet, didn't you? You do remember that Microsoft has been recommending everyone do this, don't you?

Re:Slashdottism

[uberpeter]

"Windows "out of the box" is as wide open as the goatse.cx guy."

Yes, a new .sig!

Re:Does anyone know...

[t0ny]

except the poster wanted to know about problems in December. To which I replied that Linux had more security problems in December than WinXP did, which is true, and is moreover not limited to the distrobution.

December totals- Linux (50), Windows (41). Linux wins the unsecurity bowl by nine discovered flaws.

So, as usual, I get modded as a troll for posting both the answer to the question that was asked, and bluntly stating facts which run counter to what people around here desperately need to hear.

Im sorry that Linux isnt as secure as you guys think it is. But I have no control over that. I just call it like I see it. If the marketplace, the vast majority of MIS departments, and the majority of the consumers in the world are trying to tell you something, who's fault is it when you dont listen? They can all tell you guys that Windows isnt anywhere near as bad as you make it out to be. Sorry, but its true; you are insecure about your OS being unsecure.