whereas there is NOT A SINGLE ONE on Windows Server 2003 [..] I cannot fix... or, avoid
So - you cherry-picked a release and even this one has several unpatched and known exploits in it? Congratulations!
WHAT? Apparently, you aren't aware of the JAVA bug that Apple had, for MONTHS now, that other vendors patched many, Many, MANY months ago... would you like proof of THAT, also?? Just ask... I'll get the link, & right from this website...
Did I? Funny, 971 vulnerabilities over time in MacOS X is a heck of a lot more than the 240 for Windows Server 2003, over time (both reported as the # of vulnerabilities found in each, so, how did I "read that funny"? It's there, in black & white, lol)... first of all!
1. You are comparing the aggregate of security vulnerabilities of OSX 10.0, 10.0 Server, 10.1, 10.1 Server, 10.2, 10.2 Server, 10.3, 10.3 Server, 10.4, 10.4 Server, 10.5 and 10.5 Server to Windows Server 2003. Feel free to add the vulnerabilities of the other Windows Desktop and Server releases from 1999 and onwards.
2. Apple and Microsoft shipped software have different disclosure policies. Microsoft never patches until they are forced to (witness the 18 month lead time on the ActiveX vulnerability just disclosed). MacOSX includes software that have "disclose everything now" policies.
3. MacOSX simply bundles more software than Windows Server. A quick look at the MacOSX advisories show that they include vulnerabilities in Python, Perl, PHP, Ruby, Java, ClamAV, SquirrelMail, X11, Apache, BIND, OpenSSL, OpenLDAP, MySQL, Flash etc.
Secunia writes:
PLEASE NOTE: The statistics provided should NOT be used to compare the overall security of products against one another. It is IMPORTANT to understand what the below comments mean when using the statistics, especially when using the statistics to compare the vulnerability aspects of different products.
It should also be noted that some operating systems (e.g. certain Linux distributions) bundle together a large number of software packages, and are therefore affected by vulnerabilities, which do not affect other operating systems (e.g. Microsoft Windows) that don't bundle together a similar amount of software packages."
4. Secunia has some weird counting going on. Check out the XP Professional 2009 advisory page. I count 25 vulnerabilities in 12 advisories - yet the total statistics claim 244 advisories with 253 vulnerabilities. If the numbers are to add up, previous years would have to have more advisories than vulnerabilities.
2) The annual pwn2own competition, among others, shows that Linux and Windows are similarly secure and OSX is much less secure. OSX goes down first every year, while Windows and Linux both last until later days of the competition when more direct access to the systems is granted to the contestants.
A Windows machine is more likely to be compromised, but that's because of market share. "Insecure by design" implies that you're talking about the security of the OS against someone who wants to compromise it. It's proven every year that only OSX lags in this area, and it lags quite badly (this year's winner rated the difficulty of compromising Vista and Linux as a 9-10, and the difficulty of breaking into OSX as a 3, IIRC).
The CanSecWest Pwn2own competition has been organized 3 times. The first event in 2007 was called "hack-a-Mac" as the competition was about hacking a into MacOSX present on the network. User level access was gained on the second day as the organizers changed the rules and let people try to hack Safari instead as noone succeded in the original contest.
The second 2008 pwn2own contest featured Vista, MacOSX 10.2.5 and Ubuntu. Both the Mac and the Vista computer were hacked into in this contest - the Mac first through a flaw in Safari on the second day and the Vista on the third day through a (windows specific) flaw in Adobe Flash.
The third contest in 2009 focused on browsers. During the first session every browser except Google Chrome were hacked. Safari was the first to be exploited by chance of a draw as contestants where chosen by a random process. IE and Firefox was also hacked at similar stages in this contest.
So - how many times has "OSX" been hacked in the CanSecWest contest? Exactly as many times as Vista or Windows 7 has been.
As for your "quote" - in fact this years winner stated that MacOSX was still the safest operating system.
Now - is CanSecWest a good indicator of whether an OS is "secure" or not? What is usually not stated is that one of the rules of this competition is that no known exploit can be used. Windows can have dozens of zero-day exploits and can yet escape unscathed from this competition. Firefox can have a (hypothetically) stellar security history and yet be "hacked in seconds". Claiming security based on these rules are exceedingly stupid.
So your hateboy statement that "It's proven every year that only OSX lags in this area" is simply disingenuous.
What is shocking though is that your post - which is so full of actual faults and reeks of hateboyism - gets modded +5 insightful. I guess it is a good indicator of the current sorry state of Slashdot.
1. IPsec requires a ton of ports being available and open which just isn't the case as often anymore when going to a hotel. Hence why a lot of corporations are looking at things like SSL-VPNS. Direct access overcomes this limitation by tunneling all their IPv6 traffic in standard HTTPS packets which is pretty universally allowed.
Has it occured to you that other ports than 80 and 443 are blocked for a reason? Tunneling other protocols through HTTP(S) negates the whole point of a firewall and is generally a very bad idea.
. If a Macintosh user is not allowed to change Safari's search engine, since Apple locked it down, how does it make it any better for this user that the Windows user accross the office, can change it.
Glims is a Safari plugin that amongst other things lets you change the search engine used in the Safari search field.
Whether people are astroturfing or simply have a bias or positive opinion is of course extremely hard to tell. What is striking is the sheer amount of people that has a positive bias towards Microsoft that has entered this forum these last years.
What is even more striking is the dearth of people extolling products competing with Microsoft.
Given the amount of "I use Linux, but Bing is really good" posts - where are the Yahoo fanboys posting their views?
Likewise - where are the happy Flex/Flash users when lots of posts thinks Silverlight rocks? Where are the Java people when tons of posts extols.Net?. Where the Lotus Notes people when tons of people extols Exchange? The PS3 seems to be a noncontender when Xbox 360 is discussed.
Why are the posts pointing out competitors products either drowning or non-existant? There are no raving hordes of Apple fanboys around here. There sure seems to be loads of the Microsoft kind.
Heck - the grandparent has as of writing recieved 3 trolls and one flamebait. I'm sure this post will be treated likewise.
Actually what the parent (aka "slashdot") wrote was that if Microsoft has to follow open standards, its profit margins will shrink. I would guess that this is due to a concept called "competition".
I recently moved from KDE 3.5.* to KDE 4.2 on my desktop at work. I find it pretty stable and so far I'm happy with the components I have used. The big exception is Amarok which is.. not that good.
The content of a book isn't more true just because it is printed out. A book without references can be just as misleading as a webpage without references.
Primary sources could (and should) be reviewed scholarly papers. The Internet is in fact a great medium for researching and referencing papers as they can be inspected instantly. In that aspect, the Internet is a far better medium for knowledge than printed books.
There is no simple answer to your question. You can compare growth numbers, but keep in mind that most GDP estimates are adjusted after a quarter. Europe usually estimates low and adjusts up, while the US usually estimates high and adjusts down. You might be able to compare productivity, (multi-factor or total factor should be the most precise) but this estimate is also exposed to exchange rate issues as a value of labour is not expressed in a common currency. For an interesting comparison between countries, you could take a look at this paper.
You cannot compare GDP figures between countries as countries use different methods to derive these figures and they are very susceptible to currency fluctuations. You can however compare GDP growth between countries.
It's all about flexibility and ease of use, isn't is? When data is a text stream you can manipulate it when, with whatever tool you like and where you want. Powershell preparses the data and gives you an interface from which you can retrieve your data using Powershell commands. Here are two examples that lists installed packages:
On one side is a project that publishes every fault and problem that is found in its code. On the other side is a product which owners never publishes its faults and problems unless its owner has published a patch.
Comparing numbers here is a bit like comparing apples and oranges, right? Hence the parents refusal to play your game. And somehow your post got modded "Insightful".
Did you even read the article that you posted? The vulnerability is in a beta build of IE8, broken by ASLR in the RTW build and mitigated by UAC in Vista SP1. Sounds like the sandbox is working just fine.
Yes - I read the article. It was a pre-release build of IE8, not a beta build. Here is a quote from the article:"This released version of IE8 broke the ASLR and DEP evasion exploit technique." The CanSecWest exploit broke right through the "sandbox". There never was any Windows 7 UAC mitigation for the CanSecWest exploit because its security features was bypassed. The release version of IE8 just happens to have a patch for that attack vector (probably because the attack vector was shown in August 2008).
Even so, I'm sure some things will get through. But to exploit the environment you have to circumvent a lot more than just a vulnerability. You don't have to jump through the extra hoops to take down Firefox on Linux, the user context is handed directly to you, plenty of room to set up a network zombie and start spamming.
Popular linux distributions like Fedora and Ubuntu has both ASLR and NX-bit features enabled. As for the user context problem, SELinux or AppArmor - if correctly set up - will mitigate that problem. Perhaps the linux distros will eventually adapt the BSD/OSX MAC framework which seems pretty robust.
No other browser employs this level of security. If a vulnerability in a plugin is exploited in Firefox on Linux that exploit can trash the user's profile. In IE8/Vista, at best it can read files but it can't do anything else.
Meanwhile, an experiment in fusion by laser doesn't seem to be running into the same high profile funding problems just yet."
According to this article, NIF has cost $4 billion so far - almost four times the original estimate. What saved the NIF from cancellation was that its backers persuaded politicians that it was vital for Americas nuclear programme.
Somehow turned into a religion of hate spouting zealots
Have you seen a xbox360 vs. ps3 flamewar lately?
Or the instant ad hominem attacks windows users instantly launch against apple users around here?
"Hate spouting zealots" are now found in every forum and blog on the net.
It's like the captain of the ship's drunk at the helm.
Unlike Microsoft, FOSS does not have a captain at its helm.
Slashdot Mirror
And yet your obvious flame got a +1 insightful, the parent got a +5 insightful and the two pro-apple replies got a troll and a flamebait mod.
Why do you assume only Apple keyboards are hackable?
So - you cherry-picked a release and even this one has several unpatched and known exploits in it? Congratulations!
http://blogs.zdnet.com/security/?p=1708 http://zerodayinitiative.com/advisories/upcoming/
Whether Windows can run loads of software is irrelevant. If it did not ship with it - it will not get counted as a flaw.
As for your last comment - you just don't get it do you?
1. You are comparing the aggregate of security vulnerabilities of OSX 10.0, 10.0 Server, 10.1, 10.1 Server, 10.2, 10.2 Server, 10.3, 10.3 Server, 10.4, 10.4 Server, 10.5 and 10.5 Server to Windows Server 2003. Feel free to add the vulnerabilities of the other Windows Desktop and Server releases from 1999 and onwards.
2. Apple and Microsoft shipped software have different disclosure policies. Microsoft never patches until they are forced to (witness the 18 month lead time on the ActiveX vulnerability just disclosed). MacOSX includes software that have "disclose everything now" policies.
3. MacOSX simply bundles more software than Windows Server. A quick look at the MacOSX advisories show that they include vulnerabilities in Python, Perl, PHP, Ruby, Java, ClamAV, SquirrelMail, X11, Apache, BIND, OpenSSL, OpenLDAP, MySQL, Flash etc.
Secunia writes:
4. Secunia has some weird counting going on. Check out the XP Professional 2009 advisory page. I count 25 vulnerabilities in 12 advisories - yet the total statistics claim 244 advisories with 253 vulnerabilities. If the numbers are to add up, previous years would have to have more advisories than vulnerabilities.
The CanSecWest Pwn2own competition has been organized 3 times. The first event in 2007 was called "hack-a-Mac" as the competition was about hacking a into MacOSX present on the network. User level access was gained on the second day as the organizers changed the rules and let people try to hack Safari instead as noone succeded in the original contest.
The second 2008 pwn2own contest featured Vista, MacOSX 10.2.5 and Ubuntu. Both the Mac and the Vista computer were hacked into in this contest - the Mac first through a flaw in Safari on the second day and the Vista on the third day through a (windows specific) flaw in Adobe Flash.
The third contest in 2009 focused on browsers. During the first session every browser except Google Chrome were hacked. Safari was the first to be exploited by chance of a draw as contestants where chosen by a random process. IE and Firefox was also hacked at similar stages in this contest.
So - how many times has "OSX" been hacked in the CanSecWest contest? Exactly as many times as Vista or Windows 7 has been.
As for your "quote" - in fact this years winner stated that MacOSX was still the safest operating system.
Now - is CanSecWest a good indicator of whether an OS is "secure" or not? What is usually not stated is that one of the rules of this competition is that no known exploit can be used. Windows can have dozens of zero-day exploits and can yet escape unscathed from this competition. Firefox can have a (hypothetically) stellar security history and yet be "hacked in seconds". Claiming security based on these rules are exceedingly stupid.
So your hateboy statement that "It's proven every year that only OSX lags in this area" is simply disingenuous.
What is shocking though is that your post - which is so full of actual faults and reeks of hateboyism - gets modded +5 insightful. I guess it is a good indicator of the current sorry state of Slashdot.
Has it occured to you that other ports than 80 and 443 are blocked for a reason? Tunneling other protocols through HTTP(S) negates the whole point of a firewall and is generally a very bad idea.
Glims is a Safari plugin that amongst other things lets you change the search engine used in the Safari search field.
+1 insightful
Whether people are astroturfing or simply have a bias or positive opinion is of course extremely hard to tell. What is striking is the sheer amount of people that has a positive bias towards Microsoft that has entered this forum these last years.
What is even more striking is the dearth of people extolling products competing with Microsoft.
Given the amount of "I use Linux, but Bing is really good" posts - where are the Yahoo fanboys posting their views? Likewise - where are the happy Flex/Flash users when lots of posts thinks Silverlight rocks? Where are the Java people when tons of posts extols .Net?. Where the Lotus Notes people when tons of people extols Exchange? The PS3 seems to be a noncontender when Xbox 360 is discussed.
Why are the posts pointing out competitors products either drowning or non-existant? There are no raving hordes of Apple fanboys around here. There sure seems to be loads of the Microsoft kind.
Heck - the grandparent has as of writing recieved 3 trolls and one flamebait. I'm sure this post will be treated likewise.
So you are actually claiming that more people use Office Web Components than Firefox? Do you have any references to back up your claim?
Actually what the parent (aka "slashdot") wrote was that if Microsoft has to follow open standards, its profit margins will shrink. I would guess that this is due to a concept called "competition".
OpenStorage is basically OpenSolaris plus a kickass web-gui.
Here is a trend for you. Trends based on broader markets are not so spectacular of course.
Why on earth did you get a 'troll' mod?
I recently moved from KDE 3.5.* to KDE 4.2 on my desktop at work. I find it pretty stable and so far I'm happy with the components I have used. The big exception is Amarok which is .. not that good.
The content of a book isn't more true just because it is printed out. A book without references can be just as misleading as a webpage without references.
Primary sources could (and should) be reviewed scholarly papers. The Internet is in fact a great medium for researching and referencing papers as they can be inspected instantly. In that aspect, the Internet is a far better medium for knowledge than printed books.
There is no simple answer to your question. You can compare growth numbers, but keep in mind that most GDP estimates are adjusted after a quarter. Europe usually estimates low and adjusts up, while the US usually estimates high and adjusts down.
You might be able to compare productivity, (multi-factor or total factor should be the most precise) but this estimate is also exposed to exchange rate issues as a value of labour is not expressed in a common currency.
For an interesting comparison between countries, you could take a look at this paper.
You cannot compare GDP figures between countries as countries use different methods to derive these figures and they are very susceptible to currency fluctuations. You can however compare GDP growth between countries.
The former is a bit more readable, the latter is more flexible. I definetly prefer the latter.
On one side is a project that publishes every fault and problem that is found in its code. On the other side is a product which owners never publishes its faults and problems unless its owner has published a patch.
Comparing numbers here is a bit like comparing apples and oranges, right? Hence the parents refusal to play your game. And somehow your post got modded "Insightful".
Yes - I read the article. It was a pre-release build of IE8, not a beta build. Here is a quote from the article:"This released version of IE8 broke the ASLR and DEP evasion exploit technique." The CanSecWest exploit broke right through the "sandbox". There never was any Windows 7 UAC mitigation for the CanSecWest exploit because its security features was bypassed. The release version of IE8 just happens to have a patch for that attack vector (probably because the attack vector was shown in August 2008).
Popular linux distributions like Fedora and Ubuntu has both ASLR and NX-bit features enabled. As for the user context problem, SELinux or AppArmor - if correctly set up - will mitigate that problem. Perhaps the linux distros will eventually adapt the BSD/OSX MAC framework which seems pretty robust.
Sorry to rain on your parade here, but we have already seen a IE8/Windows7 drive-by complete escalation exploit.
According to this article, NIF has cost $4 billion so far - almost four times the original estimate. What saved the NIF from cancellation was that its backers persuaded politicians that it was vital for Americas nuclear programme.
Science at this level is neither easy nor cheap.
Most definetly. CanSecWest only allows exploits of unknown flaws.
Have you seen a xbox360 vs. ps3 flamewar lately? Or the instant ad hominem attacks windows users instantly launch against apple users around here? "Hate spouting zealots" are now found in every forum and blog on the net.
Unlike Microsoft, FOSS does not have a captain at its helm.