Test shows unpatched Windows system's vulnerability
A test has revealed that a Linux server is far less likely to be compromised than a Windows one. In fact, unpatched Red Hat and SuSE servers were not breached at all during a six-week trial, while the equivalent Windows systems were compromised within hours.
http://www.computerworld.com.au/inde...pid;1968336438 |
Considering the volume of viruses out for Windows I'm not surprised. Linux is to painful to hack.
|
Wait a minute ... I'm no fan of Windows, certainly, but this kind of journalism simply isn't fair. It's the kind of sensationalist crap-writing that I have come to expect from Computerworld, where they are more interested in "impressions" than story. :mad:
The systems are un-patched: This means that the test systems are known to be vulnerable to any previously published exploit. They were sitting ducks. Users on Windows machines are normally all-powerful Administrators, logging on systems with no passwords, no file protections, an open Registry and so-forth. Linux users normally are not. That can make all the difference in the world: a rogue program not only has to get into the machine and attempt to run, but also it has to succeed. If Windows security is turned on, it is much more comparable to that of SELinux! Once you succeed in breaking through standard-Linux's defenses, it's rather like a chocolate truffle: crunchy on the outside, smooth in the center. It's "all or nothing." Windows, per contra, has a capability structure that .. if you understand it and use it .. allows the roles and capabilities of a program to be much more finely divided. Obviously, "hardened" Linuxes are the same way, but these are only very-slowly becoming mainstream. We must be very careful not to praise one knight and condemn another only because one prince has commanded his knight to hold his shield while the other prince has instructed his knight to leave his shield at home in his coat-closet... If you stupidly leave the doors and windows unlocked, don't be surprised to find that someone is in there raiding the refrigerator. But is that realistic? It says much more about the stupid git who left the doors open than it does about the quality of the locks. In fact, it becomes totally meaningless. Let's give the Devil his due: Windows has its problems, but many of those are simply the company that makes it, not the system itself nor the colleagues who make it. None of them really deserve the "cheap shots" that this article dishes out. Windows is no Linux, :rolleyes: but it is a worthy competitor none the less. |
Quote:
|
I disagree that the article is taking any cheap shots at Windows. As I see it, the article is simply comparing the "out of the box" security level for each OS, which I think is a valid topic. Granted, I agree 100% with your points that Windows users should keep their systems current, enable the security features, and create and use a non-Admin account, but sadly the fact is that the majority of users just plain don't -- not that they refuse to, but rather that they simply don't know they're supposed to, or don't know how to. As a result, their systems can easily get compromised and get used for malicious purposes such as spam, DDOS attacks, etc, and that is (or at least should be) a concern to all of us.
Thus, the article is calling attention to an important consideration for mainstream consumers, namely that a standard Windows installation by default is not as secure as a standard Linux installation. Giving Windows a free pass by saying "Well, *if* the user does this, and *if* the user does that, then Windows can be made just as secure" is IMHO missing the point. To use an analogy, suppose you were comparing the safety features of two different cars, and "A" came with anti-lock brakes, side impact airbags, stability controls, etc, as standard equipment while "B" only offered that same equipment as optional equipment at additional cost. Would it make sense to claim that both cars were equally safe, knowing that one required major upgrades in order to achieve the same level as the other? I would say No. |
Yes, I've cooled-off now. :rolleyes:
What concerns me about articles like this is that, in a sense, "they cut both ways." They make one OS look worse than it should be ("worse" though it is ;) ...) and it could give the owners of the other OS a false sense of smugness. In that sense, the article seriously mis-represents the issue of security. It's not good journalism. (Although what can one expect from a CoW?) "Is that door secure?" "Well, did you lock it, or not?" |
Quote:
|
That is a good point. Since Windows is supposed to be all usr-friendly, then Windows should somehow try to help avg joe keep his system secure, even if it is just a simple warning that he should not do daily tasks in Adminstrator mode. But Windows has a lot of programs in it so there will always be someone finding a security hole.
|
Did anyone notice the date? 10/03/06??
|
I don't see that date anywhere?
|
Quote:
Quote:
|
Quote:
|
Quote:
You cant really judge an out-of-the-box OS, certainly not a server edition, because bugs are discovered everyday and patching is just necessary. And like I said before, someone who installs and controls a server DOES know how to patch. But, maybe thats just my opinion. :) |
Quote:
|
Quote:
This particularly includes electronic arts games. My daughter had me install a Harry Potter game on our one and only XP Pro system and she couldn't run it because she was a user and it wouldn't start. Now, in Linux, I would have merely set some file permissions to let her in. In Windows XP, I had to create a service that would, when started, run the Harry Potter game. I then had to establish a security policy that allowed her as a user to start or stop that service, and I had to set up a batch file on her desktop so that she could start it by double-clicking. This, after contactin EA to ask them why the game wouldn't run except for an admnistrator. Their response was that you had to be an admin to play the game. |
All times are GMT -5. The time now is 07:39 PM. |