Test shows unpatched Windows system's vulnerability
Linux - NewsThis forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Test shows unpatched Windows system's vulnerability
A test has revealed that a Linux server is far less likely to be compromised than a Windows one. In fact, unpatched Red Hat and SuSE servers were not breached at all during a six-week trial, while the equivalent Windows systems were compromised within hours.
Wait a minute ... I'm no fan of Windows, certainly, but this kind of journalism simply isn't fair. It's the kind of sensationalist crap-writing that I have come to expect from Computerworld, where they are more interested in "impressions" than story.
The systems are un-patched: This means that the test systems are known to be vulnerable to any previously published exploit. They were sitting ducks.
Users on Windows machines are normally all-powerful Administrators, logging on systems with no passwords, no file protections, an open Registry and so-forth. Linux users normally are not. That can make all the difference in the world: a rogue program not only has to get into the machine and attempt to run, but also it has to succeed.
If Windows security is turned on, it is much more comparable to that of SELinux! Once you succeed in breaking through standard-Linux's defenses, it's rather like a chocolate truffle: crunchy on the outside, smooth in the center. It's "all or nothing." Windows, per contra, has a capability structure that .. if you understand it and use it .. allows the roles and capabilities of a program to be much more finely divided. Obviously, "hardened" Linuxes are the same way, but these are only very-slowly becoming mainstream. We must be very careful not to praise one knight and condemn another only because one prince has commanded his knight to hold his shield while the other prince has instructed his knight to leave his shield at home in his coat-closet...
If you stupidly leave the doors and windows unlocked, don't be surprised to find that someone is in there raiding the refrigerator. But is that realistic? It says much more about the stupid git who left the doors open than it does about the quality of the locks. In fact, it becomes totally meaningless.
Let's give the Devil his due: Windows has its problems, but many of those are simply the company that makes it, not the system itself nor the colleagues who make it. None of them really deserve the "cheap shots" that this article dishes out. Windows is no Linux, but it is a worthy competitor none the less.
I disagree that the article is taking any cheap shots at Windows. As I see it, the article is simply comparing the "out of the box" security level for each OS, which I think is a valid topic. Granted, I agree 100% with your points that Windows users should keep their systems current, enable the security features, and create and use a non-Admin account, but sadly the fact is that the majority of users just plain don't -- not that they refuse to, but rather that they simply don't know they're supposed to, or don't know how to. As a result, their systems can easily get compromised and get used for malicious purposes such as spam, DDOS attacks, etc, and that is (or at least should be) a concern to all of us.
Thus, the article is calling attention to an important consideration for mainstream consumers, namely that a standard Windows installation by default is not as secure as a standard Linux installation. Giving Windows a free pass by saying "Well, *if* the user does this, and *if* the user does that, then Windows can be made just as secure" is IMHO missing the point. To use an analogy, suppose you were comparing the safety features of two different cars, and "A" came with anti-lock brakes, side impact airbags, stability controls, etc, as standard equipment while "B" only offered that same equipment as optional equipment at additional cost. Would it make sense to claim that both cars were equally safe, knowing that one required major upgrades in order to achieve the same level as the other? I would say No.
What concerns me about articles like this is that, in a sense, "they cut both ways." They make one OS look worse than it should be ("worse" though it is ...) and it could give the owners of the other OS a false sense of smugness. In that sense, the article seriously mis-represents the issue of security. It's not good journalism. (Although what can one expect from a CoW?)
"Is that door secure?" "Well, did you lock it, or not?"
Wait a minute ... I'm no fan of Windows, certainly, but this kind of journalism simply isn't fair. It's the kind of sensationalist crap-writing that I have come to expect from Computerworld, where they are more interested in "impressions" than story.
The systems are un-patched: This means that the test systems are known to be vulnerable to any previously published exploit. They were sitting ducks.
Users on Windows machines are normally all-powerful Administrators, logging on systems with no passwords, no file protections, an open Registry and so-forth. Linux users normally are not. That can make all the difference in the world: a rogue program not only has to get into the machine and attempt to run, but also it has to succeed.
If Windows security is turned on, it is much more comparable to that of SELinux! Once you succeed in breaking through standard-Linux's defenses, it's rather like a chocolate truffle: crunchy on the outside, smooth in the center. It's "all or nothing." Windows, per contra, has a capability structure that .. if you understand it and use it .. allows the roles and capabilities of a program to be much more finely divided. Obviously, "hardened" Linuxes are the same way, but these are only very-slowly becoming mainstream. We must be very careful not to praise one knight and condemn another only because one prince has commanded his knight to hold his shield while the other prince has instructed his knight to leave his shield at home in his coat-closet...
If you stupidly leave the doors and windows unlocked, don't be surprised to find that someone is in there raiding the refrigerator. But is that realistic? It says much more about the stupid git who left the doors open than it does about the quality of the locks. In fact, it becomes totally meaningless.
Let's give the Devil his due: Windows has its problems, but many of those are simply the company that makes it, not the system itself nor the colleagues who make it. None of them really deserve the "cheap shots" that this article dishes out. Windows is no Linux, but it is a worthy competitor none the less.
I don't think this is all that unfair. If my father/uncle/random joe who knows nothing about computers gets a default install, not even knowing that such a thing as a patch exists, then all of their security settings would be left at the default. The fact that normal rights are limited in Linux is by design, and not some unfair advantage that the test set up. Windows has no problem with letting everyone have administrator rights for some reason, which in my opinion is quite a security hole. I agree that in the hands of a knowledgeable user like most of the people on this site that the systems will be comparable in terms of security, but Windows is marketed towards people who have no idea what they are doing, so having it tested straight out of the box is not really all that unfair IMHO
That is a good point. Since Windows is supposed to be all usr-friendly, then Windows should somehow try to help avg joe keep his system secure, even if it is just a simple warning that he should not do daily tasks in Adminstrator mode. But Windows has a lot of programs in it so there will always be someone finding a security hole.
I don't think this is all that unfair. If my father/uncle/random joe who knows nothing about computers gets a default install, not even knowing that such a thing as a patch exists, then all of their security settings would be left at the default. The fact that normal rights are limited in Linux is by design, and not some unfair advantage that the test set up. Windows has no problem with letting everyone have administrator rights for some reason, which in my opinion is quite a security hole. I agree that in the hands of a knowledgeable user like most of the people on this site that the systems will be comparable in terms of security, but Windows is marketed towards people who have no idea what they are doing, so having it tested straight out of the box is not really all that unfair IMHO
And you suspect someone who doesn't know what a patch is, does know how to set up and runs an entire server..?
You cant really judge an out-of-the-box OS, certainly not a server edition, because bugs are discovered everyday and patching is just necessary. And like I said before, someone who installs and controls a server DOES know how to patch.
And you suspect someone who doesn't know what a patch is, does know how to set up and runs an entire server..?
You cant really judge an out-of-the-box OS, certainly not a server edition, because bugs are discovered everyday and patching is just necessary. And like I said before, someone who installs and controls a server DOES know how to patch.
But, maybe thats just my opinion.
Lol good point, it didn't click that they were talking about servers.
Windows has no problem with letting everyone have administrator rights for some reason, which in my opinion is quite a security hole.
It is actually worse than that. Many commercial products for Windows won't run out of the box unless the user has administrative rights.
This particularly includes electronic arts games. My daughter had me install a Harry Potter game on our one and only XP Pro system and she couldn't run it because she was a user and it wouldn't start.
Now, in Linux, I would have merely set some file permissions to let her in. In Windows XP, I had to create a service that would, when started, run the Harry Potter game. I then had to establish a security policy that allowed her as a user to start or stop that service, and I had to set up a batch file on her desktop so that she could start it by double-clicking.
This, after contactin EA to ask them why the game wouldn't run except for an admnistrator. Their response was that you had to be an admin to play the game.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.