http://www.techweb.com/wire/security/175801128

Does it true????

It may be (I don't have the time to take a proper look at it), but I think you'll find that almost all the Linux vulnerabilities are minor whereas, in the case of M$, a simple image can allow a remote user to take over the system.

Cheers,

-jk

The list was skewed. And, as is said above, one of our vulnerabilities tends to be pretty minor. Whereas the vast majority of Windows vulns tend to be very major (some might say critical )

no, dont trust that article. If you read /., youll have heard that the US CERT thingy included all UNIX/BSD/Linux/MacOSX in the same group. On top of that, they also included 3rd party software's vulnerabilities in the count for Linux. Also, check out and see how many bugs have gone unpatched .... all in all, those numbers are biased, or at least the person taking those numbers was uneducated and touch "well, they all are *nix, so they must share the same valnurabilitie", something which isn't true.

They included 3rd party software for the windows count too.

It is unfair though that they lumped multiple operating systems together like that.

But let us never deceive ourselves to think that "Linux does not get viruses." It does!

The single most fundamental vulnerability of Windows is, not how it is designed, but how it is used. Windows ships with one user, automatically logged-in, who is an Administrator, with no passwords anywhere. No wonder it is a "sitting duck!" The things that viruses do, and succeed in doing, would be forbidden to a non-Administrator user!

It's pure numbers: there are millions of victims out there; the odds of finding one by random probing are excellent.

Unfortunately, OS/X presently ships that way too, although it is slightly more aggressive even in its rather (and totally unnecessarily...) vulnerable state.

The mantra is clear:

• Your everyday account should be an absolutely-unprivileged "ordinary Joe."
• Use a separate non-root account for system maintenance.
• Don't activate any accounts that you don't need/use.
• Use non-trivial passwords that do not occur in a dictionary, such as those which might be based on some mnemonic phrase. (ALLHMISFAWAS = A Little Lamb Had Mary, Its Silky Fleece As White As Snow.) (AALHMABWID = A Little Lamb Had Mary, And Boy Was It Delicious!)

How many of the vulnerabilities led to exploits that were seen in the wild for Linux?

Linux may get viruses but in all my years of using it I have yet to encounter one.

i have been using linux since 2 yrs and not once i felt the need to install a anti virus and restrict my internet browsing for the fear of virus attacks.

The last time I checked, all of the Linux viruses were proof of concept. Although, I think one or two may have been in the wild, but they didn't actually do anything, because we all run as users and they were pretty poorly coded.

does it?
evidence?

I've never ever ever had one, well not one that does anything I know about like pop-ups porn
CPU usage, adware, ethernet usage, or any out of the way behaviour at all.
So maybe I've had one that doesn't do anything at all.

Have you ever had one?
Do you know anyone who as ever had one?

Just interested.

To evaluate a bit more how dangerous a security hole can be, I've discovered CVSS. It is highly subjective and can only be helped to compare two exploit with big different scores. I also think it is not very maintained anymore but we will see..
It would be interesting to calculate the scores for the flaws you mention.

http://www.first.org/cvss/cvss-guide.html


But let us never deceive ourselves to think that "Linux does not get viruses." It does!

=> I agree, very important to keep it in mind!

anyone had a virus then?

try "google linux virus maybe?"

You can see my thoughts on this topic here, but a succinct summary is "those numbers are garbage".

--jeremy

To paraphrase (I've forgotten who), there are "lies, damn lies, and statistics." That article embodies all three.

There are plenty of vulnerabilities, and it is always prudent to be vigilant. If you don't maintain the mindset of sensible caution, you forget to lock your doors at night.

I think that the main reason why Windows gets such a bad rap is that, most of the time, users are Administrators and have no passwords. There's also the sheer number of them; it's literally a probability issue. But MS also thrust a hole right through the system when they tried to imbed IE so deeply into it that they could tell a court that the two were inseperable. They also clung to compatibility with older applications which diddled with hardware from DOS.