6 Months On, Vista Security Still Besting Linux

Martin writes "Great report on security vulnerabilities for MS/Linux/OS X. This is a revised version of the one Jeff Jones did back on March 21: Windows Vista — 90 Day Vulnerability Report. This time he did what the Linux community had asked. Everyone complained that he did the report based on a full Linux distro including optional components, not on just a base OS install. So this time he did both; Vista still came out on top. I was shocked that Apple was even on the list as I believed all those Mac commercials!"

Re:Exploited verses exploits

[SparkyFlooner]

"In linux, you have to follow the instructions to go to Adobe and get the tarball for the flashplayer 9, then unpack, and install. It's a little more work, but you generaly get it from a trusted source."

Grannie isn't going to be unpacking tarballs. And not all Grannies have sons or grandsons who are linux users/gurus. And what is a trusted source again? Grannie just knows she needs Flash (yes she knows that much at least) and here's a little button that will get it to her.

Microsoft is all about ease of use. People accuse UAC of moving the security responsibility of the OS onto the user. Huh? Security has always been the responsibility of the end user. Is the OS smart enough enough to know good .exe and bad .exe? Suspect them all and make the user decide: Grannie doesn't care/know anything about '.exe', but Grannie will at least get an annoying popup requiring admin privleges if she tries opening "README.txt.exe". She'll click "OK" and install a virus, and that's exactly how the system should work. Even if Grannie saw ".exe", Grannie is still opening that sucker up. Hiding the extension didn't matter at all.

Linux will have to make the same deal with the devil one day, to sacrifice security for usability, or it will never reach the mainstream desktop.