LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > Linux - News
User Name
Password
Linux - News This forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.

Notices

Reply
 
Search this Thread
Old 03-17-2006, 08:53 PM   #1
shazam75
Member
 
Registered: Oct 2004
Location: Australia, Brisbane
Distribution: Gentoo
Posts: 296

Rep: Reputation: 30
Smile Test shows unpatched Windows system's vulnerability


A test has revealed that a Linux server is far less likely to be compromised than a Windows one. In fact, unpatched Red Hat and SuSE servers were not breached at all during a six-week trial, while the equivalent Windows systems were compromised within hours.

http://www.computerworld.com.au/inde...pid;1968336438
 
Old 04-09-2006, 10:09 PM   #2
Penguin of Wonder
Senior Member
 
Registered: Sep 2005
Location: West Virginia
Distribution: Gentoo
Posts: 1,249

Rep: Reputation: 45
Considering the volume of viruses out for Windows I'm not surprised. Linux is to painful to hack.
 
Old 04-10-2006, 10:39 AM   #3
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,377

Rep: Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108
Thumbs down

Wait a minute ... I'm no fan of Windows, certainly, but this kind of journalism simply isn't fair. It's the kind of sensationalist crap-writing that I have come to expect from Computerworld, where they are more interested in "impressions" than story.

The systems are un-patched: This means that the test systems are known to be vulnerable to any previously published exploit. They were sitting ducks.

Users on Windows machines are normally all-powerful Administrators, logging on systems with no passwords, no file protections, an open Registry and so-forth. Linux users normally are not. That can make all the difference in the world: a rogue program not only has to get into the machine and attempt to run, but also it has to succeed.

If Windows security is turned on, it is much more comparable to that of SELinux! Once you succeed in breaking through standard-Linux's defenses, it's rather like a chocolate truffle: crunchy on the outside, smooth in the center. It's "all or nothing." Windows, per contra, has a capability structure that .. if you understand it and use it .. allows the roles and capabilities of a program to be much more finely divided. Obviously, "hardened" Linuxes are the same way, but these are only very-slowly becoming mainstream. We must be very careful not to praise one knight and condemn another only because one prince has commanded his knight to hold his shield while the other prince has instructed his knight to leave his shield at home in his coat-closet...

If you stupidly leave the doors and windows unlocked, don't be surprised to find that someone is in there raiding the refrigerator. But is that realistic? It says much more about the stupid git who left the doors open than it does about the quality of the locks. In fact, it becomes totally meaningless.

Let's give the Devil his due: Windows has its problems, but many of those are simply the company that makes it, not the system itself nor the colleagues who make it. None of them really deserve the "cheap shots" that this article dishes out. Windows is no Linux, but it is a worthy competitor none the less.
 
Old 04-10-2006, 12:27 PM   #4
Penguin of Wonder
Senior Member
 
Registered: Sep 2005
Location: West Virginia
Distribution: Gentoo
Posts: 1,249

Rep: Reputation: 45
Quote:
Originally Posted by sundialsvcs
The systems are un-patched: This means that the test systems are known to be vulnerable to any previously published exploit. They were sitting ducks.
I almost feel stupid not realizing that when I read it.
 
Old 04-11-2006, 03:53 AM   #5
J.W.
LQ Veteran
 
Registered: Mar 2003
Location: Milwaukee, WI
Distribution: Mint
Posts: 6,642

Rep: Reputation: 69
I disagree that the article is taking any cheap shots at Windows. As I see it, the article is simply comparing the "out of the box" security level for each OS, which I think is a valid topic. Granted, I agree 100% with your points that Windows users should keep their systems current, enable the security features, and create and use a non-Admin account, but sadly the fact is that the majority of users just plain don't -- not that they refuse to, but rather that they simply don't know they're supposed to, or don't know how to. As a result, their systems can easily get compromised and get used for malicious purposes such as spam, DDOS attacks, etc, and that is (or at least should be) a concern to all of us.

Thus, the article is calling attention to an important consideration for mainstream consumers, namely that a standard Windows installation by default is not as secure as a standard Linux installation. Giving Windows a free pass by saying "Well, *if* the user does this, and *if* the user does that, then Windows can be made just as secure" is IMHO missing the point. To use an analogy, suppose you were comparing the safety features of two different cars, and "A" came with anti-lock brakes, side impact airbags, stability controls, etc, as standard equipment while "B" only offered that same equipment as optional equipment at additional cost. Would it make sense to claim that both cars were equally safe, knowing that one required major upgrades in order to achieve the same level as the other? I would say No.
 
Old 04-11-2006, 09:10 AM   #6
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,377

Rep: Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108
Yes, I've cooled-off now.

What concerns me about articles like this is that, in a sense, "they cut both ways." They make one OS look worse than it should be ("worse" though it is ...) and it could give the owners of the other OS a false sense of smugness. In that sense, the article seriously mis-represents the issue of security. It's not good journalism. (Although what can one expect from a CoW?)

"Is that door secure?" "Well, did you lock it, or not?"
 
Old 04-16-2006, 08:06 PM   #7
robogymnast
Member
 
Registered: Dec 2005
Location: Boston, USA
Distribution: Kubuntu, Debian
Posts: 78

Rep: Reputation: 16
Quote:
Originally Posted by sundialsvcs
Wait a minute ... I'm no fan of Windows, certainly, but this kind of journalism simply isn't fair. It's the kind of sensationalist crap-writing that I have come to expect from Computerworld, where they are more interested in "impressions" than story.

The systems are un-patched: This means that the test systems are known to be vulnerable to any previously published exploit. They were sitting ducks.

Users on Windows machines are normally all-powerful Administrators, logging on systems with no passwords, no file protections, an open Registry and so-forth. Linux users normally are not. That can make all the difference in the world: a rogue program not only has to get into the machine and attempt to run, but also it has to succeed.

If Windows security is turned on, it is much more comparable to that of SELinux! Once you succeed in breaking through standard-Linux's defenses, it's rather like a chocolate truffle: crunchy on the outside, smooth in the center. It's "all or nothing." Windows, per contra, has a capability structure that .. if you understand it and use it .. allows the roles and capabilities of a program to be much more finely divided. Obviously, "hardened" Linuxes are the same way, but these are only very-slowly becoming mainstream. We must be very careful not to praise one knight and condemn another only because one prince has commanded his knight to hold his shield while the other prince has instructed his knight to leave his shield at home in his coat-closet...

If you stupidly leave the doors and windows unlocked, don't be surprised to find that someone is in there raiding the refrigerator. But is that realistic? It says much more about the stupid git who left the doors open than it does about the quality of the locks. In fact, it becomes totally meaningless.

Let's give the Devil his due: Windows has its problems, but many of those are simply the company that makes it, not the system itself nor the colleagues who make it. None of them really deserve the "cheap shots" that this article dishes out. Windows is no Linux, but it is a worthy competitor none the less.
I don't think this is all that unfair. If my father/uncle/random joe who knows nothing about computers gets a default install, not even knowing that such a thing as a patch exists, then all of their security settings would be left at the default. The fact that normal rights are limited in Linux is by design, and not some unfair advantage that the test set up. Windows has no problem with letting everyone have administrator rights for some reason, which in my opinion is quite a security hole. I agree that in the hands of a knowledgeable user like most of the people on this site that the systems will be comparable in terms of security, but Windows is marketed towards people who have no idea what they are doing, so having it tested straight out of the box is not really all that unfair IMHO
 
Old 04-19-2006, 02:21 PM   #8
the_darkside_986
Member
 
Registered: Feb 2006
Distribution: Ubuntu Feisty (7.04)
Posts: 106

Rep: Reputation: 15
That is a good point. Since Windows is supposed to be all usr-friendly, then Windows should somehow try to help avg joe keep his system secure, even if it is just a simple warning that he should not do daily tasks in Adminstrator mode. But Windows has a lot of programs in it so there will always be someone finding a security hole.
 
Old 04-19-2006, 03:41 PM   #9
tormented_one
Member
 
Registered: Oct 2004
Location: Small Town USA
Distribution: slamd64 2.6.12 Slackware 2.4.32 Windows XP x64 pro
Posts: 383

Rep: Reputation: 30
Did anyone notice the date? 10/03/06??
 
Old 04-19-2006, 06:10 PM   #10
Penguin of Wonder
Senior Member
 
Registered: Sep 2005
Location: West Virginia
Distribution: Gentoo
Posts: 1,249

Rep: Reputation: 45
Question

I don't see that date anywhere?
 
Old 04-19-2006, 06:38 PM   #11
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 1,754

Rep: Reputation: 169Reputation: 169
Quote:
Originally Posted by tormented_one
Did anyone notice the date? 10/03/06??
That's Australian notation for 10th March 2006.
Quote:
Originally Posted by Penguin of Wonder
I don't see that date anywhere?
Its right under the author's name (under the headline).
 
Old 04-19-2006, 09:11 PM   #12
Penguin of Wonder
Senior Member
 
Registered: Sep 2005
Location: West Virginia
Distribution: Gentoo
Posts: 1,249

Rep: Reputation: 45
Quote:
Originally Posted by rkelsen
Its right under the author's name (under the headline).
:laughs: i know where the dates at, i just didn't see the date he listed
 
Old 04-20-2006, 02:15 AM   #13
sgoen1986
LQ Newbie
 
Registered: Apr 2006
Location: Netherlands
Distribution: Ubuntu 5.10
Posts: 20

Rep: Reputation: 0
Quote:
Originally Posted by robogymnast
I don't think this is all that unfair. If my father/uncle/random joe who knows nothing about computers gets a default install, not even knowing that such a thing as a patch exists, then all of their security settings would be left at the default. The fact that normal rights are limited in Linux is by design, and not some unfair advantage that the test set up. Windows has no problem with letting everyone have administrator rights for some reason, which in my opinion is quite a security hole. I agree that in the hands of a knowledgeable user like most of the people on this site that the systems will be comparable in terms of security, but Windows is marketed towards people who have no idea what they are doing, so having it tested straight out of the box is not really all that unfair IMHO
And you suspect someone who doesn't know what a patch is, does know how to set up and runs an entire server..?

You cant really judge an out-of-the-box OS, certainly not a server edition, because bugs are discovered everyday and patching is just necessary. And like I said before, someone who installs and controls a server DOES know how to patch.

But, maybe thats just my opinion.
 
Old 04-21-2006, 12:09 PM   #14
robogymnast
Member
 
Registered: Dec 2005
Location: Boston, USA
Distribution: Kubuntu, Debian
Posts: 78

Rep: Reputation: 16
Quote:
Originally Posted by sgoen1986
And you suspect someone who doesn't know what a patch is, does know how to set up and runs an entire server..?

You cant really judge an out-of-the-box OS, certainly not a server edition, because bugs are discovered everyday and patching is just necessary. And like I said before, someone who installs and controls a server DOES know how to patch.

But, maybe thats just my opinion.
Lol good point, it didn't click that they were talking about servers.
 
Old 04-23-2006, 10:47 AM   #15
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 114Reputation: 114
Quote:
Windows has no problem with letting everyone have administrator rights for some reason, which in my opinion is quite a security hole.
It is actually worse than that. Many commercial products for Windows won't run out of the box unless the user has administrative rights.

This particularly includes electronic arts games. My daughter had me install a Harry Potter game on our one and only XP Pro system and she couldn't run it because she was a user and it wouldn't start.

Now, in Linux, I would have merely set some file permissions to let her in. In Windows XP, I had to create a service that would, when started, run the Harry Potter game. I then had to establish a security policy that allowed her as a user to start or stop that service, and I had to set up a batch file on her desktop so that she could start it by double-clicking.

This, after contactin EA to ask them why the game wouldn't run except for an admnistrator. Their response was that you had to be an admin to play the game.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
nmap shows nothing on windows master Linux - Security 2 10-03-2005 10:56 PM
Windows shows foldes as read only jocast Linux - Software 37 01-06-2005 09:47 AM
Data DVD+RW only shows a few files (but reads OK on Windows) TerminalSpin Linux - General 0 08-09-2004 10:06 AM
snmp staus shows it running but on trying MRTG, it shows public@ipaddr not giving res swati220781 Linux - Networking 3 07-08-2004 05:32 PM
Windows XP Shows the Direction Microsoft is Going. Edward78 General 4 04-05-2003 12:01 AM


All times are GMT -5. The time now is 11:21 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration