Preston Gralla has a good blog entry on an insecurity report from IBM:
“It reports that Linux had more vulnerabilities than any other operating system. But that doesn’t necessarily mean that it is the most vulnerable operating system, because Microsoft had the most serious vulnerabilities. Here’s what the report has to say about operating systems:
As for operating systems, Linux took the number one position in the first half of this year for new operating system disclosures followed by Apple in second place. If you consider only the critical and high operating system disclosures, Microsoft dwarfed all the other players with 73 percent.
So there’s no doubt that Windows is vulnerable. But as the report shows, so are Apple devices, and devices that run Linux. In fact, the main message of the report is that overall, 2010 has been a bad one so far for security. The report notes that reported security vulnerabilities are up 36% compared to a year ago, and that the first half of 2010 had the highest number of vulnerabilities ever recorded in the first half of a year.
So if you’re a Mac or Linux user, don’t think you’re invulnerable — like Windows users, you’re not secure.”
He’s right of course. GNU/Linux is very insecure. I am very insecure walking around without a bullet-proof vest. I should be riding around in a tank but no one is shooting at me. Openness does have its disadvantages. One’s insecurities are laid bare for all to see. On the other hand they can be found and fixed sooner. With that other OS we often only find out about the vulnerabilities after malware-artists are driving trucks through them. Then M$ takes a few months to fix and test the fix before releasing the fix giving the malware-artists free reign over IT. The report mentions that M$ is number one on serious vulnerabilities, you know, the ones trucks fit.
If you are guarding Fort Knox and have a lot to lose, you should be worried about the insecurity of GNU/Linux but you definitely should not be using that other OS. GNU/Linux can be secured very well with layers of security: firewall, web filtering, USB device scanning, virtualization, backupped backups, good passwords and updates. With a few layers of security GNU/Linux becomes quite solid.
If you are just browsing the web for information, you can run from a live CD with GNU/Linux and be solid. For normal use you can do a lot just by minimizing the number of software packages you install and services running. Don’t lose sleep over the insecurities in GNU/Linux. Count the thousands of attacks that other OS gets for every one sent your way instead of counting sheep.
9458
8751
97
2
0
12805 
5758 
5722 
3889 
1628 
1549 
192 
0 
0 
0 
0 
0 
“Don’t lose sleep over the insecurities in GNU/Linux. Count the thousands of attacks that other OS gets for every one sent your way instead of counting sheep.”
That is a rather stupid statement, Robert! LOL.
If you are using Linux, you are vulnerable, too, from all accounts, and just because Windows is more vulnerable there is no additional protection for you. What happens to the other guy is hardly any consolation if you are victimized, too.
In our struggle against terrorism, we have killed many of the other guys, but that is little satisfaction for our own who have been lost.
One advantage that Windows has over Linux in this regard is that it has been tested time and again and the ways that it can be attacked are now much more well known than the ways that Linux may be vulnerable. The security vendors such as McAfee and Symantec offer easy to use products that do not require a geek guru to employ and that completely protect Windows users, making them much more invulnerable than the naked Linux users.
Linux in this regard is untested and, as time wears on, showing itself to be subject to many attacks that were once thought to be impossible. The Linux developers and users obviously have a lot to learn and the process will doubtless be just as painful as it was for Windows.
Linux is on more web servers that that other OS so it is well-tested. My tests have never shown a GNU/Linux system to bog down from malware which is commonplace with that other OS.
Security can always be improved but all the effort that M$ has put into it since the waves of malware a few years ago has not caught up to the security I have in GNU/Linux. You cannot make bloatware secure. There are just too many chinks in the armor.
“My tests have never shown a GNU/Linux system to bog down from malware which is commonplace with that other OS.”
You seem rather confused, Robert. Malware on desktops is a far different thing than security of a web server. Slowing down of a desktop due to the crud that is picked up by users blissfully clicking on anything that looks interesting is a sort of inconvenience at the worst and is easily thwarted by the available AV products today, even by the free stuff from Microsoft.
And here you are using the term “bloatware” again in spite of your total incompetence in the field of software development of operating systems. You have no personal knowledge of Windows code and I doubt that you have any real ability to analyze Linux code either. All you have is an attitude, I think, and if you were at all honest you would refrain from such specious criticism.
We used a good commercial anti-malware product on each XP machine and still stuff got through. The anti-malware industry is pretty good and responsive to the top few-thousand malwares within a few days of being detected but they still get only a fraction of active malware.
see http://blogs.cisco.com/security/comments/the_effectiveness_of_antivirus_on_new_malware_samples/
see http://www.virusbtn.com/vb100/rap-index.xml
The anti-malware scanner we used was in the top of that chart and it still did not provide enough protection.
I do not need to be an expert in creating operating systems. I can quote others who are. I can quote others who are experts in security. All the experts say the bigger the code the more bugs will be found. The bigger the code the more difficult it is to debug. M$ has gone out of its way to add useless features that make that other OS less secure.
see http://cryptome.org/cyberinsecurity.htm
BTW, I have written three operating systems for control of cyclotrons, and robotic systems. One even had a GUI. They did not crash, freeze or slow down.
“We used a good commercial anti-malware product on each XP machine and still stuff got through”
Apparently not so good. I use Symantec on my stuff and I have never had any such problem. Lately I have been using the Microsoft Essential stuff with the same results for the past year. I think that your prejudices made you blind to the logical choices for AV. Or else you used that home-made FLOSS version, thinking it was just as good as the real ones.
“M$ has gone out of its way to add useless features that make that other OS less secure.”
you continue to prove my point, Robert! There is nothing in Windows that you could call a “useless feature”. Everything in there is used by someone. You could say that there were many “rarely used” APIs in Windows with some reasonable truth, but even those are used by someone, perhaps only because they are needed to support some legacy item. Whenever any such thing is removed, the anti-MS folk decry the lack of customer support exhibited by MS and point to apps “broken” by the MS change.
“I do not need to be an expert in creating operating systems. I can quote others who are.”
Only you are not doing that, Robert. You are stating your own opinion, unsupported with any cite of anyone’s credentials. You say Windows is bloatware, which is a conclusion of your own. You did not say that “Richard Stallman says Windows is bloated” or anything similar. On your own, you do not know. All you have is your attitude.