Slashdot Mirror
MS Security Chief Says Windows is Safer Than Linux
Kip Winger writes "Mike Nash, Microsoft's Chief Security Executive, has made claims that Windows is more secure than Linux. In a recent online chat, he staunchly defended Microsoft's record on security, basing part of his argument on how Windows Server 2003's 15 patches in the past year are far less than what RedHat or SuSE have had to endure." He also mentioned the recent purchase of Sybari and their Antivirus product.
the patched that they should have done?
Microsoft is basing that claim by number of patch distributions, not by size for severity, cute. So, just because they (usually) wait up to a month to release a patch, somehow they are better FUD never had so much meaning. I'd be outraged, but words like this are so expected.
The force that blew the Big Bang continues to accelerate.
when the machine is turned off.
If anyone from Microsoft said anything to indicate that their software is in any way inferior to other software, it would hurt their marketing.
Knowing this, their only option is to claim that they have the best software.
If you can just manage to say something that gets picked up by major news organizations, then it might make it come true.
Or at the very least, you might at least fool some people enough to continue to give you money.
I'm a big tall mofo.
My linux computer is so over run with spyware and viruses that it is completely unusable and it is firewalled.
I connect my fresh installed XP system directly to the internet and I can go months before I get any malicous programs on my computer.
hmm, or do I have that backwards?
Paying taxes to buy civilization is like paying a hooker to buy love.
... I need to approve the new MS patches on the SUS server.
We see these posts trumpeted by entities like Slashdot. It it warrented? Does Redmond have any credibility on things like this left? Should we be paying any more attention to this sort of behavior than to just consider what MS is doing? :\ I'm more interested in the well thought out comments all-y'all have.
Sam
FUD on the horizont, sirre ;-)
- if you compare RedHat/SuSE then you have to compare it to Windows Server + complete BackOffice + complete Visual Studio + complete MS Office and you still are not close enough...
- I'd be interested in average time to fix critical bugs...
- also number of known un-fixed cricital bugs will be interesting (incl. IE on Windows)
I think we need a new section for these stories. I propose we call it 'Flamebait'.
UNIX/Linux Consulting
"Mike Nash, Microsoft's Chief Security Executive"
What does everyone think he's supposed to say? Windows security is inferior to linux? He'd lose his job.
My sig of choice is Marlboro
"Year-to-date for 2005, Microsoft has fixed 15 vulnerabilities affecting Windows Server 2003. In the same time period, for just this year, Red Hat Enterprise Linux 3 users have had to patch 34 vulnerabilities and SuSE Enterprise Linux 9 users have had to patch over 78 vulnerabilities."
This actually brings up an interesting point. Does Windows have less bugs (I know, I know) than these Linux distros? Or are Red Hat and Novell more proactive to fix the bugs they do have? Unfortunately, my guess is most PHBs would think the former.
It's "no one," not "noone." Who the hell is noone anyway?
...when the world stopped laughing, it was revealed this person might have some sort of conflict of interest, being that he works for MS and all....
Microsoft's top security honcho insisted Thursday that Microsoft "is making progress on security using any reasonable metric."
What is a 'resonable metric'? Is that one that only provides the results that one wishes to see or is that a metric provided by a reputable security organization that is known for being extremely truthful and accurate in its results?
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
Windows 2003 Currently, 5 out of 44 Secunia advisories, is marked as "Unpatched" in the Secunia database. Red Hat rrently, 0 out of 133 Secunia advisories, is marked as "Unpatched" in the Secunia database. I think I would rather take a system that is all patched then one that is Unpatchable.
... patches to Exchange, IIS, MS-SQL, Office and the rest of their bug ridden software.
Earlier this week, they released a slew of patches... 6 or 7 of them that affected XP SP2 and were rated critical. Perhaps they feel inadequate in comparision to Red Hat, et al and have some catching up to do?
--
iBill not paying it's custumers. This guy says for almost 4 months since ww.com has been paid.
Linux might have more security holes within the release times but I feel the Linux patches are more proactive than reactive.
When Microsoft releases a patch it's usually because thousands of users have already been complaining about something and they have to address it in a reactive mode. In Linux, someone makes a discovery of a security flaw, contact's the vendor, and it's usually patched within a couple of days. Note that within that discovery, everyone is still happy as a clam because there haven't been 50,000 trojan's trying to exploit it.
If there's only 15 for 2003, then why does that secunia link list 44?
Notably, the RedHat and Suse links list a higher number of vulnerabilities, but also state that there are ZERO unpatched security holes.
Surprisingly, the Windows 2003 product still has unpatched holes.
Problem: MS's products are insecure.
Solution: Have your Security Chief claim that your products are more secure than the competition.
If you had super powers, would you use them for good, or for awesome?
(This is not a rant, merely a description of what happened to me receintly:)
1. reboot computer - It'd hung running something the rhymes with Titborrent.
2. Login prompt -log in
3. Get a start button, click on it to start a browser
3a. lose focus as MS is saying AVG isn't turned on. (It's not?)
4. Hit start again to get a browser
4a. Lose focus again as AVG says it's not working.
5. Press start to start a browser.
5a. Lose focus as the UPS monitoring tool adversises that it's HERE! PRESENT! ACCOUNTED FOR!
6. Press Start to get a browser.
6a. Lose focus AGAIN as MS spyware gives me a status update.
7. go over to the iBook, it doesn't Constantly Interrupt Your Train of Thought At Every Opportunity!
"Draco dormiens nunquam titillandus."
People are funny.
Microsoft is a corporation. It needs a base of support to exist. Pausing in its creation of "new and improved!" products to backtrack and actually fix anything is not additive to the bottom line (profit).
Therefore, MS will never fix anything. They will merely use PR to promote their products. If falsehoods are created and spread, they will focus on the person who created that lie, not the legal individual Microsoft. (Corps. are equivalent to living people in most states but that's a rant for another time.)
Q.E.D., nothing to see here. Move along.
This post encoded with ROT26. If you can read it, you've violated the DMCA. Handcuffs please, sergeant.
which patches fixed remote exploits and which patches fixed local exploits. I find Windows has a lot more holes that can be exploited remotely were Linux requires local access. In either case would the Security Chief of a company come out and say another product is superior to their own?
I say we just grow up, be adults and die.
Second, comparing Internet Explorer (IE) and Firefox indicates that Windows is likely more bug ridden than major open-source software like Linux. I have used both IE and Firefox. From my experience of visiting thousands of pornographic sites laden with naked women beckoning you to "enter" their site (and other things), I can definitely say that IE is chock full of security problems. After 1 week of pornographic surfing with IE, my entire system (browser and OS) becomes infected with malware -- to the point that I must reload Windows. I have yet to experience the same problem with Firefox.
The only thing that I hate about Firefox is that it is very slow, probably due to the fact that my computer system has limited DRAM and that Firefox must swap to disk more often than IE. Such is the price that I must pay to enjoy porn.
So if their software is so secure, why do they have to recommend antivirus software to stop their systems from being infected?
Just think...If MS were to not release *any* security patches at all, they could use that figure as absolute proof that Windows is more secure than anything else out there!
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
I cannot seem to find a good list of the vulerabilites found in SuSe Enterprise Linux 9, which he is comparing to Win2003. I wonder how many vulerabilites are in non-core applications, which would make comparing Windows 2003, the OS, with SuSE EL 9.0 a little unbalanced. Does anyone have a link to the SEL 9.0 vuln list so that we can compare for ourselves?
OpenBSD has experienced "Only one remote hole in the default install, in more than 8 years!"
http://openbsd.org/
Move along people. Nothing to see here.
Irony:1 You:0
A Linux distribution contains hundreds to thousands of programs.
A Windows distribution contains a handful of programs.
A house divided against itself cannot stand.
Hopefully the Linux community can move forward with SELinux, or some other system that has mandatory access controls. Once that is properly in place Linux will have a significant tangible security advantage over Windows.
Yes Fedora currently has SELinux in the default install. Unfortunately they have had to use a fairly permissive policy because too many applications and libraries don't properly respect the sort of security bounds that ought to be in place. Right now SELinux on Fedora is like user account permissions on Windows. While it is technically there, the majority of applications simply aren't written with it in mind (eg. all those Windows apps that need to run as Administrator), so in practice it doesn't do much.
SELinux is done though, and Fedora has integrated it in nicely (including into the rpm system). What is needed now is for all those open source developers out there to realise that there is a new level of security, other than just filem permissions, that they need to consider and respect. If they can just restrict where they write files to, and what files they want to access to the minimum required that would be great. If they can compartmentalize operations so that each can run as a seperate process with least privilege all the better. This is work that needs to be done though.
Once such things are seriously in place all this harping by Microsoft about "Windows being more secure" will be so obviously the hot air that it is that we won't even have to worry about it anymore.
Jedidiah.
Craft Beer Programming T-shirts
This is one of the problems with "Linux", people compare Windows, the OS, to Linux, the kernel. I bet most of the patches from Red Hat were non-kernel related patches. However this is the beast that will have to be dealt with soon, because as soon as a company like Red Hat or Suse or who ever has a bad patch year it is going to bring down the whole Linux community, economically. It's just like Martha Stewart and how her company went in the tank because her name was attached to it. The name Linux is tied to closely to the OS's, that is my point.
Nash also said that the number of patches shouldn't be the only criteria users apply to tell if Microsoft's doing its job.
/
How about:
(# installations w/ active malware, spyware, trojans or viruses)
(# installations)
This seems a much fairer criteria with respect to the notion of being "more secure." And one, IMHO, I imagine isn't very favorable to MS.
when put behind a baffling series of hardware and software firewalls destroying all connectivity with said Windows machine
There's nothing baffling about pulling the ethernet plug.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
The 95% of those out there that are 'unenlightened' when it comes to computers and technology probably wouldn't even question M$'s claims. "Oh, Microsoft say they've issued less patches for Windows than others did for Linux and thus Windows is safer. I'm glad to have someone trustworthy to tell me these things!". (-_-)
/.ers.
Because M$ is more reputatable than Red Hat or Novell, the general public will much more likely consider their claims to be true. Oh well. At least it makes for a good laugh for us
Hero of Allacrost, a FOSS RPG for *NIX/*BSD/OS X/Win
This is an argument that can largely be debated on a variety of levels. Honestly? Linux and ultimately unix of any flavor has just as many vulnerabilities as Windows does. Difference -- typically most of those vulnerabilities are patched and assessed before they take affect.
Just do a search for Sendmail Vulnerabilities on google.
Result =
Results 1 - 10 of about 143,000 for Sendmail Vulnerabilities. (0.39 seconds).
for Microsoft
Result =
Results 1 - 10 of about 364,000 for Microsoft Exchange Vulnerabilities. (0.18 seconds).
You can have this discussion for days on end, and really, what the *nix community has up on the M$ community is knowledge and ability. No, there arent any viruses that are successfully written for *nix. Spyware isnt even remotely a concept to a linux user. And most vulnerabilities get patched as quickly as they are given POC. Does this mean that linux users patch any more or less than Windows users, no. But we do it more effeciently and with greater success.
Stability wise , come on. Ive got a redhat 7.3 box that baring powerfailures hasnt been rebooted in over a year. Its a good box, it would probably take an Arkady Rossovich low yeild nuke on its head and still live, and I dont know of any windows box thats able to admit that.
"God of Rock, thank you for this chance to kick ass. "
"If you can just manage to say something that gets picked up by major news organizations, then it might make it come true.
Or at the very least, you might at least fool some people enough to continue to give you money."
Correct. It's called PR, and it works. Microsoft does it all the time, spewing out completely false or misleading statements knowing those will get the headlines. Corrections get buried on page 17.
The Bush administration has carried this out to a fine art. They make a grandiose announcement they know is completely false at the time ("the cost of the Medicare drug program will be X billion.") knowing that by the time the real number gets out it will get buried in the news. They even use fear to get what they want ("Social Security is broken.") as does Microsoft ("Linux is not as safe.")
Me too, except they can't afford to pay that kind of money.
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
Here's another example of making stats say what you want.
Sure, WINDOWS only had 15 patches in the last year however. IE6 had how many (at least anotehr 18-24), Remote desktop connection on 2k3 Server had 2 security fixes, IIS had about 6 patches....
Need I continue?
Fact is, yes, Windows had 12 updates in a year, but it's components had many more.
And also looking at the time from exploit discovery to fix, not lookin good for them there either.
DarkMantle I been bored, so I started a blog.
So long as installers run without requiring passwords, and I have to give my daughter administrator privileges to run Disney games, Windows is in for a lot of hurt in the security domain because there's really no way to control what users, and by proxy the programs they run, muck with.
I mean, it's so bad right now that whole markets spawned to supply band-aids for the lack of basic protections (anti-virus, anti-spyware), and to rebuild broken systems as quickly as possible (ghost). That's pathetic, particularly since Microsoft had the ability to do a much better job of securing their systems since the release of Windows NT in 1993, and it's been mainstream since XP. It's not that they couldn't do it, it's that they didn't.
jim frost
jimf@frostbytes.com
Perfect, let's start rating the security of our products by how many patches have been written and applied. What does this kind of numbers game encourage?
(1) Don't write a patch, since that admits failure or insecure products.
or
(2) Wait a long time before writing and committing a patch, so you can do it as "one big patch" (otherwise known as, haha, a Service Pack!).
Thanks Microsoft! Just your STATEMENTS make systems less secure (nevermind your engineering).
The lecturer was, apparently, talking about the problems in writing mission-critical embedded devices, and at one point he asks his audience: "You all write embedded systems software. Tell me honestly; if your company wrote the software for a 747, how many of you would actually feel comfortable on board one?"
One hand goes up.
"You, sir! You're so confident in your software you'd trust your life to it?"
"Hell, no," comes the reply. "But any plane running my team's software would never crash, because it'd never get off the ground..."
I am confident in the level of safety given by running Windows on a mission-critical device.
Is it just me or was the story about 10 stories down about how spyware can disable Microsoft's Antispyware and take your cc #s, passwords, etc. I have been using a copy of linux on one of my exposed servers for several years without patching and without any significant security configuration at boot and it runs like a dream! [Although I like my OpenBSD machines better :-D]
http://www.brentcastle.com
Red Hat currently, 0 out of 133 Secunia advisories
Based on flaws in 64 different packages out of a total of 477 packages.
Lets compare that against the Windows Server 2003 Enterprise edition. All of these defects are against the core Windows operating system. You have to go to the other Microsoft products to find out the numbers for those.
Lets pick another Microsoft release - say Microsoft Windows 2000 Advanced Server. Oh dear - currently, 16 out of 79 Secunia advisories are marked as "Unpatched" in the Secunia database.
Or say Microsoft Office XP. Currently, 2 out of 14 Secunia advisories are marked as "Unpatched" in the Secunia database.
Another - lets try Microsoft Internet Explorer 6 - surely there must be a fully patched MS product out there! Currently, 18 out of 77 Secunia advisories are marked as "Unpatched" in the Secunia database.
Pick something enterprise critical - say SQL Server 2000. Currently, 1 out of 10 Secunia advisories is marked as "Unpatched" in the Secunia database.
Doesn't really look good.
Cheers,
Toby Haynes
Anything I post is strictly my own thoughts and doesn't necessarily have anything to do with the opinions of IBM.
"Of course, we didn't evaluate them with the network cables plugged in. We didn't want the Internet to skew our results. There's some dangerous shit out there."
Using that logic, Microsoft outlook is far more secure than Novell Evolution because patches are coming out all the time for Outlook.
What really matters in the end is:
1) The seriousness of exploits
2) The quantity of exploits
3) The imposition placed on IT people in applying patches to fix exploits
If you release a lot of patches but they are readily applied without causing downtime, etc, then that's not a big problem. If a few exploits are found but the exploits are huge gaping holes, that's bad for everybody. This is another one of those cases of trying to measure a qualitative problem using quantitative means. It means nothing but it looks good in a press release.
Is it truly more secure than Linux? The real measure is hacks per capita. How many boxes are out there, and how many are getting exploited?
Frankly, I think Linux is more secure for one simple reason: I can more readily control what's running. Linux is much easier to trim down to a minimal system, shutting down services, and making it very difficult for an exploit to do anything if it can even get on there. If I have a box that's a Linux webserver, I can trim it down to Apache and SSH, and that's it. If I just watch for exploits of those two things and the kernel itself, I'm golden. With Windows, I have these service packs and updates that change mysterious things without my knowledge. I'm at much greater risk of unexpected consequences of a security fix.
This sig has been temporarily disconnected or is no longer in service
Okay I'd like to play devils advocate today (I don't really want to have my a%% torched, but I expect it). Everytime the security issue is brought up the number of patches is brought in as an argument (I agree this is ridiculous for a number of reasons already pointed out, basically I don't think the number of patches has anything to do with how secure a system is). But the real FUD line which keeps bring brought up is, if 50% of the computers on the internet were Linux, would linux users have the same problems as Windows users. If linux was targeted more often would linux users have the same problem.
I have some concerns that Firefox is going to be used as the test for this argument. Currently the argument is that Firefox is a more secure browser. The counter argument is that currently the reason it is a more secure browser is nobody targets it. My big concern being that once Firefox is targeted it starts displaying a lot of problems. From then on the argument would be, see as long as nobody uses Open Source they are secure. But once they gain in popularity and become targets they fail.
So can someone point me to the simple golden bullet argument that says Linux is and will continue to be more secure than Windows?
Humor aside, counting patches is about as good of a way to determine security as counting car crashes to determine what is the safest car.
People who think they know everything really piss off those of us that actually do.
I'm so tired of this argument "Our software is more secure than their software". It's ridiculous. What they're really saying is "Our programmers and development processes are better than your programmers and processes." These security debates, whitepapers, and arguments are always subjective, never solve anything, and only prove that someone has time to waste.
Any given OS, in the hands of an expert, is just as stable or secure as the next. There's just no way to effectively prove otherwise. The test domain to definitively prove which OS is truly the most secure is incredibly huge. As long as human beings code it, it's insecure. There is no version of Unix or Linux that has a higher Evaluation Assurance Level than Windows 2000. That doesn't necessarily mean that any novice could actually secure it either.
Reality is that Windows has a huge number of desktop installations and it's used by a large number of people that can't even open up Notepad or a command prompt if you asked them to. Those same people couldn't even install Linux so it's not reasonable to even suggest. So, how are they supposed to have any idea about security? Most of them can barely get online. It's no fluke that AOL and Windows are as popular as they are - they're easy to use and they have a small learning curve.
Furthermore, Linux and Windows are so different that's almost ridiculous to even compare them. They solve different problems, they both have their strengths and weaknesses, and other than the fact that they're both operating systems they don't have much else in common. In many ways comparing those two systems is like comparing an F-16 to a Leer jet - they both fly; they both have wings; they both have cockpits, throttles, and tails; they're both airplanes but they don't look the same; they don't have the same internal components; they aren't operated the same; and they aren't made for the same purpose.
Security arguments are out of style. It's safe to say that no major software maker is intentionally designing insecure software. Move on. Innovate. Come up with something original.
If you do what you always did, you get what you always got.
"We have zero escapes!"
Table-ized A.I.
The exploits are not all that matters: What exploits are in the wild? What exploits are unpatched? What exploits are self-reported (found by the developers themselves)? What services are affected by the exploit? What is the exploit's payload and how does it impact the use of the machine?
When trying to determine whether one OS is more secure than another, I think you need to look at a lot more information than just the number of remote exploits available. The big two are: how many of those exploits remain unpatched (i.e. are still a threat) and how many of those exploits were reported by the development team itself so that administrators could take appropriate action (as opposed to hidden or ignored so that administrators could not even take precautions to prevent their systems from being exploited). Let's be real: it is much more likely that we know the truth about the state of the software in an open system (like RH, Suse, Debian, etc.) than we do in a closed system (like MS) i.e. the number of exploits reported for MS are likely the number of exploits currently being exploited - we do not know how many exploits the MS-folks know about but are not reporting. While there may be some exploits unreported in open-source software, the likelihood is considerably less because of the number of people looking at the code. Proaction (Open-Source) versus Reaction (Closed-Source).
Finally, what matters in the end to most of us is: how much time do I need to spend making sure my system is protected from exploitation, cleaning up infestations, etc. ? You can claim your OS is more secure than my OS but if I'm spending less time protecting against or recovering from exploitation than you are, you are going to have a really hard time convincing anyone who follows this type of stuff. If I am not the target audience (because I know better) than what you are engaging in is FUD - aimed at the gullible or uninformed managers and masses who are expected to take your word for it because you are Microsoft and the Press has picked up your sound-bite.
ok so his comments might be taken with a grain of salt. but, it does give me an idea that may have implications for Linux/ other OSs.
Windows is currently getting attacked more because it is more popular. There are many people searching for ways to get at it. As they are successful, Windows (eventually) patches the problem and (theoretically) learns a little bit more about security.
Linux et al is not facing the same level of attack and therefore is not getting the same "education" about security. Granted, people are reviewing the code, but not as many as are attacking Windows and not, I would bet, with the same motivation as the Windows miscreants.
What happens when/if Linux gains the same popularity and suddenly is found to be suffering from the same set of problems that Windows worked through years before? Perhaps, at that point, Windows might be considered more battle-hardened and thereby more "secure"
fdc
Synergies are basically awesome, and they're even better when you leverage them. -PA
I don't care if a system has 10 patches a year or 10,000 patches a year. I need a way to distribute those patches easily.
Redhat has an OK system, but Microsoft has a nice tool (software update services) that allows me to download the patches in one place and push them out to all the machines on my network. This will only get better when MS releases the next update to this tool (windows update services).
I haven't seen a similar thing from any of the linux vendors.
Sure, there are tons of third party products to add this feature to Linux, but that's a pain - and it's another product to buy. Each distribution needs to find a way to centrally automate patch management and installation. This should be part of ANY linux distribution by default.
-ted
We can choose which of the "bundled" apps to install.
Windows users can't without jumping through MAJOR hoops. (Microsoft claims it is not possible at all, but software like Win98Lite showed people otherwise).
Windows - We cannot install Windows without installing IE.
RedHat, Gentoo, whatever - Lynx, Galeon, Firefox, Mozilla - What browser do you want to use today? Or maybe you don't want any at all! You can make that choice.
retrorocket.o not found, launch anyway?
Usually the make install of a new kernel reruns LILO anyway. I use LILO on some servers and GRUB on others.
/etc/rc.d/ or using chkconfig.
Usually a bigger issue is that you installed some critical service but forgot to enable it either by dropping symlinks into
When one of my servers needs any new services installed or kernels patched, I actually schedule reboot testing. In fact essentially all of my reboots are due to this testing. It does cut into uptime but it means that when I need it, it will be up.
LedgerSMB: Open source Accounting/ERP
See screenshot: here
HTH.
The following sentence is true. The preceding sentence was false.
There is this classic confusion about classifying bugs. There is a fundamental difference between "linux" patches, as they call them, and kernel patches. The linux core has a relatively low number of security flaws. Even when they do, the severity of the patch is far lower since most bugs won't give you root level access. Unlike the windows bugs that typically will give you root/administrator rights. The distrobutions may have a lot more bugs, but they also include thousands of open source applications.
If you want to compare bug numbers, it's only realistic when you count the number of bugs in the kernel compared to the windows base OS.
WURD!!
This week's set of Windows patches requires the machine to reboot. I'm about to give a presentation, so I click on the 'Reboot Later' button. Ten minutes into the presentation, the full-screen presentation reverts to window-sized, and the 'You need to reboot' message pops up again.
Yes, you can drag the window off to the left or right of the screen so that it doesn't annoy, but how many users know to do that? Clicking 'Later' makes the box go away for a while (or click 'Now' and lose what you were doing, oops). There is no preference to make the delay longer, or not pop up at all.
The issues addressed in the parent are easily solved. The 'Reboot Now' message is not. I'll reboot when I'm good and ready, and not a moment before, so stop bothering me!
IANAL, IAAFMSE (I am a former Microsoft Employee), etc... Microsoft has been shown in court (in the EU at least, iirc) to bundle software with their system in order to damage competitors, especially those which threaten their monopoly or in areas where they want to extend their monopoly. For example, Internet Explorer to kill Netscape, Media Player to kill Real. If they can control these core areas, then people will be locked into their system.
This was NOT the case with the Windows Firewall (which is poorly designed anyway and will never be a real firewall product-- even though it is stateful, ipchains was far superior to it). But many of us questioned it simply because of Microsoft's anticompetitive track record.
Now, compare that to the pro-competitive nature of Linux app bundling.... With Fedora, I can install KDE, GNOME, and/or KDE if I want. Which browser do I want today? Do I want any? Which email program do I want today? Should I use elvis, vim, or emacs? This bundled software encourages competition between the external communities and drives all the distros forward.
I don't have a complaint with bundling as such. What I and many others complain about is how Microsoft tries to lock users into their system. Such a lock-in does not exist in the Linux world among distros composed entirely of Free Software.
LedgerSMB: Open source Accounting/ERP
don't be an idiot..i live in california, land of already-high-and-increasing energy bills. i turn my desktop pc off at night. additionally, my main work computer is a laptop and i can't really leave that on all the time now, can i? which reminds me of a couple other big features standard in XP: hibernation and remote desktop
Those who can, do. Those who can't, go into business for themselves.
Although I use Firefox for 95% of my browsing because I consider it more secure for everyday browsing and more resilient against spyware, I do not use Firefox for my Internet banking. I use IE instead as it is more secure and bug free in that regard.
I use use Internet banking sites one for a regular bank and one for Internet only bank. For one of them however, Firefox has a ugly bug where using the keypad and double clicking the button results in 3 of the same number being input. Although not a security risk it has caused a number of invalid logins. The keypad was implemented as a security feature against key loggers more than a year ago.
The other one has a serious security bug, where after logging out, all I have to do is press the back button enough times and Firefox will prompt me to resubmit POST data(the login) and it will log me right back into Internet banking without having to type in my account number or password. This happens even though I am accessing a secure site, and despite the fact that Firefox was instructed to not cache passwords.
In addition numerous rendering bugs causes some features of my banking to be unusable.
You can't really claim that one piece of software is more stable or secure than another by using the number of vunerabilities fixed as the only argument. According to this flawed logic, I could write a large piece of software, run one test, work fine for that one test, and claim that mine is more stable than another piece of software that has been thoroughly tested and has had bugfixes.
I guess Nash has also forgotten the old saying that testing can only show the existence of bugs, not the absense.
> MS Security Chief Says Windows is Safer Than Linux
umm... yeah. BIG SURPRISE, FOLKS.
Buy an antivirus company and make money from them!!
MS employee says Windows is safer because using Linux puts him in danger of being fired.
No matter who or what you are talking about, when there is interest involved, you cannot believe or take directly to heart, the statements of those who can benefit from such statements. Ever. Even if RedHat were to say something so crass as "We're safer than Windows" you could not place credible value in their statements alone.
Third parties which are completely objective, and have nothing to gain from the truth, are the only trustworthy source. Everybody is caught up in this dramatic bullshit that makes it analagous to a presidential debate. The fact is, that you MUST require the view points of many sources outside of Linux, Windows, and Macs altogether to know which, if any, are safer than the others.
Such views exist. And the only ones, with facts and data and evidence, that cheer for M$... are the ones that get paid by them. That alone should be enough to make any analytical intelligence give pause to joining a bandwagon.
Choose ye this day which OS shall serve you, but for me and my house, we shall run Debian.
(This also means you should tollerate the ignorance and free-will of others, regardless of whether or not YOU or I think ill of their choices.)
Thank you for reading One Man's Opinion. No participation necessary. Offer void where deemed by law or PATRIOT Act.
Let me politely diagree here: bullshit.
I can install Debian, or Gentoo, or whatever else is popular this week, on a machine with a direct internet connection, without worrying about crap getting into it.
However, if I try to do that with a Windows box, it gets broken into in minutes! And I know because I tried, several times to install Win2K on a friend's computer and get the patches before the virus got to me. I failed. It was infected each time, between 1 to 5 minutes from booting. That's completely unacceptable.
Finally, we ended bringing his box to my home, and set it up behind my Linux firewall.
...is Linux.
Seriously though, the local churches must do a brisk business at the confessional on Sundays in Redmond Washington.
I would almost believe their message, if it wasn't for the "I really don't like you but will pretend that I do" grins Balmer and Gates manage to eek out during public appearances. You can see it in their eyes - they don't believe what they are saying, they just want you to buy it.
Tell me honestly, if those guys weren't rich and in charge of Microsoft, would anyone listen to them at all? I don't know many used car salesmen I would enjoy spending the evening with - and that's what high level Microsoft employees remind me of.
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain