It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


SCI/TECH: How Secure is Your Operating System?

page: 1

log in


posted on Jun, 28 2004 @ 07:43 AM
Here is a break from what some may have seen as "Microsoft Bashing." A recent assessment by software security firm Secunia casts a different light on the widespread belief that Microsoft Windows is a less secure operating system than its competition. The security flaws in Windows XP make a huge splash in the media mainly because of its popularity and vast market share, but statistically speaking, Windows does not require significantly more patches and hot-fixes than competing operating systems. It is simply a bigger target for the authors of malicious software, like viruses and worms.

Mac OS X security myth exposed

TechWorld UK
One thing the hard figures have shown is that OS X's reputation as a relatively secure operating system is unwarranted, Secunia said. This year and last year Secunia tallied 36 advisories on security issues with the software, many of them allowing attackers to remotely take over the system - comparable to figures on operating systems such as Windows XP Professional and Red Hat Enterprise Server.

Please visit the link provided for the complete story.

Mac OS X doesn't stand out as particularly more secure than the competition, according to Secunia. Of the 36 advisories issued in 2003-2004, 61 percent could be exploited across the Internet and 32 percent enabled attackers to take over the system. The proportion of critical bugs was also comparable with other software: 33 percent of the OS X vulnerabilities were "highly" or "extremely" critical by Secunia's reckoning, compared with 30 percent for XP Professional and 27 percent for SLES 8 and just 12 percent for Advanced Server 3. OS X had the highest proportion of "extremely critical" bugs at 19 percent.

In another study by Forrester Research, all the major OS’s had comparable percentages of critical flaws, but Microsoft got higher marks for releasing patches with less “lag time” between the discovery of a security hole and the availability of the fix. Statistics such as the ones presented are tricky to interpret, and I invite you to review them and judge for yourselves.

Forrester questions Linux security

Linux World
A new study from Forrester Research has concluded that the Linux operating system is not necessarily more secure than Windows. The report finds that on average, Linux distributors took longer than Microsoft to patch security holes, although Microsoft flaws tended to be more severe.

Please visit the link provided for the complete story.

Please keep in mind that this article refers only to the operating systems only. Secunia currently has listed 53 advisories addressing Microsoft’s “Internet Explorer 6” application by itself. The majority of the IE flaws allowed remote access to the user’s computer.

Related News Links
The Inquirer
Fortune Magazine

[edit on 28-6-2004 by Spectre]

posted on Jun, 28 2004 @ 10:52 AM
Very interesting stuff indeed. The thing that gets me is that people think that because an OS is touted as secure that they can install it and do nothing other than normal usage. Fact is that ALL operating systems are insecure out of the package, and usually need updating as well as some fine-tuning, which not everyone is willing or able to do. Out of the box XP Pro has a hole in RPC, and again out of the box many older linux distros had a vulnerable version of OpenSSH installed.

As for comparing Linux versus MS in the patch release area, I think its a little uneven of a comparison. Microsoft makes a large chunk of the software used on their sysems (IE, IIS) where for Linux mainly what the people who make a distro do is pick the packages to include, document stuff, and tweak unique things like the loaders and installers that setup the distro. If I find a bug in IIS for example I just tell MS, but if i discover a bug in say Apache on my Slackware 9.1 server, I wouldn't go to the Slack people but rather the Apache Group to get the problem fixed. So in defense of Linux people there are alot more elements to patching for them than Microsoft, kind of like patchwork versus a solid blanket if you will. Of course none of that matters as I said earlier if the end users aren't willing to keep the system up to date and learn some of the ins and outs of securing the environment.

posted on Jun, 28 2004 @ 11:08 AM
Just a heads up, the links don't seem to linking

OSX. Linux and UNIX users...

[edit on 28-6-2004 by sanctum]

posted on Jun, 28 2004 @ 11:12 AM
Thanks, sanctum. The links are fixed now.

posted on Jun, 28 2004 @ 11:56 AM
Yeah, it's true that all OSes are fairly un-secure when they're just "out-of-the-box". Does microsofts OSes have more patches than other OSes?
I don't know. (I know they have a sh*tload of patches tho... SP2 anyone???)

But what about their browser? Is it an infinite nest of security holes? Makes you wonder, when people like CERT say stuff like "Use anything but IE."

I know it's a OS related thread, but still... There must be like half the patches for Windows XP that are Internet Explorer related.

posted on Jun, 28 2004 @ 12:12 PM
These articles suggest that each operating system, theoretically, has a comparable amount of security vulnerabilities, and that many just have not been discovered for Unix / Linux. I can agree with that. But it is simply a matter of which OS has the most discovered vulnerabilities, and which will have the most in the future. It should not matter if Windows, theoretically, has the same amount of security flaws as Unix, for example. What matters is that Windows will most likely have the most discovered flaws in the future, therefore making it effectively less secure. (Does that make sense?)

Windows has a bigger market share, so more vulnerabilities are discovered. That, in itself, makes Windows less secure than Unix, even though the amount of vulnerabilities is proportional to both OS's market shares.

I am sure I could have made that easier to understand :-/

posted on Jun, 28 2004 @ 12:12 PM
A companion story to this post is:

'Gaping hole' lets hackers into Windows
By Sabi Phagura, Metro
28 June 2004
Computer users have been warned to avoid using Internet Explorer until a gaping hole in the browser's security is fixed by Microsoft.

Complete article at:

The proceeding article is a good excuse to try Mozilla Firefox at: or MYIE2 at: .

I use both and both are far faster than Explorer, no popups with Firefox and few with MYIE2. They integrate well with Windows XP and if you add "Pop Up Stopper" free addition ( ), even MYIE2 will be popup free. Both browsers are a free download.

Firefox is based on Netscape, but with none of the problems and lots of extras, plus it is being constantly improved because like Linux, it is open source code.

MYIE2 is much like Explorer in it’s lay out and as a plus, uses the same favorites files as Explorer, unlike Firefox which imports them from IE on a one time basis automatically.


posted on Jun, 28 2004 @ 12:16 PM
m0rbid > indeed, IE is a major source of patches for the windows opeating system, and since its tied so closely to the actual operating system, its basically a part of it. Where with linux and many other *nix'es the browsers are not so closely tied to the OS, and usually are actually maintained by a completely different pool of people and coders. Its actually a little slanted against MS because they are the only ones responsible if certain portions of their product doesn't work, like IE for example, where with SuSE Linux if Mozilla doesn't play nice, its actually the responsibility of the Mozilla coders to fix it, not the folks at SuSE, though I'm sure they would be pushing for a patch sooner rather than later.

Jake_ > i see your point, thought I think in pure GPL setups vulnerabilities are not as frequent, because the source is open for all to review, not only are they found faster, but I would like to think it provides some incentive to produce better code versus the closed method that MS uses where they don't expect anyone but other developers bound by NDA's to see their code.

new topics

top topics


log in