It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
SCI/TECH: How Secure is Your Operating System?
page: 10
share:
Here is a break from what some may have seen as "Microsoft Bashing." A recent assessment by software security firm Secunia casts a different light
on the widespread belief that Microsoft Windows is a less secure operating system than its competition. The security flaws in Windows XP make a huge
splash in the media mainly because of its popularity and vast market share, but statistically speaking, Windows does not require significantly more
patches and hot-fixes than competing operating systems. It is simply a bigger target for the authors of malicious software, like viruses and worms.
Mac OS X security myth exposed
TechWorld UK
One thing the hard figures have shown is that OS X's reputation as a relatively secure operating system is unwarranted, Secunia said. This year and last year Secunia tallied 36 advisories on security issues with the software, many of them allowing attackers to remotely take over the system - comparable to figures on operating systems such as Windows XP Professional and Red Hat Enterprise Server.
Please visit the link provided for the complete story.
Mac OS X doesn't stand out as particularly more secure than the competition, according to Secunia. Of the 36 advisories issued in 2003-2004, 61 percent could be exploited across the Internet and 32 percent enabled attackers to take over the system. The proportion of critical bugs was also comparable with other software: 33 percent of the OS X vulnerabilities were "highly" or "extremely" critical by Secunia's reckoning, compared with 30 percent for XP Professional and 27 percent for SLES 8 and just 12 percent for Advanced Server 3. OS X had the highest proportion of "extremely critical" bugs at 19 percent.
In another study by Forrester Research, all the major OS�s had comparable percentages of critical flaws, but Microsoft got higher marks for releasing patches with less �lag time� between the discovery of a security hole and the availability of the fix. Statistics such as the ones presented are tricky to interpret, and I invite you to review them and judge for yourselves.
Forrester questions Linux security
Linux World
A new study from Forrester Research has concluded that the Linux operating system is not necessarily more secure than Windows. The report finds that on average, Linux distributors took longer than Microsoft to patch security holes, although Microsoft flaws tended to be more severe.
Please visit the link provided for the complete story.
Please keep in mind that this article refers only to the operating systems only. Secunia currently has listed 53 advisories addressing Microsoft�s �Internet Explorer 6� application by itself. The majority of the IE flaws allowed remote access to the user�s computer.
Related News Links
Secunia
The Inquirer
Fortune Magazine
[edit on 28-6-2004 by Spectre]
Mac OS X security myth exposed
TechWorld UK
One thing the hard figures have shown is that OS X's reputation as a relatively secure operating system is unwarranted, Secunia said. This year and last year Secunia tallied 36 advisories on security issues with the software, many of them allowing attackers to remotely take over the system - comparable to figures on operating systems such as Windows XP Professional and Red Hat Enterprise Server.
Please visit the link provided for the complete story.
Mac OS X doesn't stand out as particularly more secure than the competition, according to Secunia. Of the 36 advisories issued in 2003-2004, 61 percent could be exploited across the Internet and 32 percent enabled attackers to take over the system. The proportion of critical bugs was also comparable with other software: 33 percent of the OS X vulnerabilities were "highly" or "extremely" critical by Secunia's reckoning, compared with 30 percent for XP Professional and 27 percent for SLES 8 and just 12 percent for Advanced Server 3. OS X had the highest proportion of "extremely critical" bugs at 19 percent.
In another study by Forrester Research, all the major OS�s had comparable percentages of critical flaws, but Microsoft got higher marks for releasing patches with less �lag time� between the discovery of a security hole and the availability of the fix. Statistics such as the ones presented are tricky to interpret, and I invite you to review them and judge for yourselves.
Forrester questions Linux security
Linux World
A new study from Forrester Research has concluded that the Linux operating system is not necessarily more secure than Windows. The report finds that on average, Linux distributors took longer than Microsoft to patch security holes, although Microsoft flaws tended to be more severe.
Please visit the link provided for the complete story.
Please keep in mind that this article refers only to the operating systems only. Secunia currently has listed 53 advisories addressing Microsoft�s �Internet Explorer 6� application by itself. The majority of the IE flaws allowed remote access to the user�s computer.
Related News Links
Secunia
The Inquirer
Fortune Magazine
[edit on 28-6-2004 by Spectre]
Very interesting stuff indeed. The thing that gets me is that people think that because an OS is touted as secure that they can install it and do
nothing other than normal usage. Fact is that ALL operating systems are insecure out of the package, and usually need updating as well as some
fine-tuning, which not everyone is willing or able to do. Out of the box XP Pro has a hole in RPC, and again out of the box many older linux distros
had a vulnerable version of OpenSSH installed.
As for comparing Linux versus MS in the patch release area, I think its a little uneven of a comparison. Microsoft makes a large chunk of the software used on their sysems (IE, IIS) where for Linux mainly what the people who make a distro do is pick the packages to include, document stuff, and tweak unique things like the loaders and installers that setup the distro. If I find a bug in IIS for example I just tell MS, but if i discover a bug in say Apache on my Slackware 9.1 server, I wouldn't go to the Slack people but rather the Apache Group to get the problem fixed. So in defense of Linux people there are alot more elements to patching for them than Microsoft, kind of like patchwork versus a solid blanket if you will. Of course none of that matters as I said earlier if the end users aren't willing to keep the system up to date and learn some of the ins and outs of securing the environment.
As for comparing Linux versus MS in the patch release area, I think its a little uneven of a comparison. Microsoft makes a large chunk of the software used on their sysems (IE, IIS) where for Linux mainly what the people who make a distro do is pick the packages to include, document stuff, and tweak unique things like the loaders and installers that setup the distro. If I find a bug in IIS for example I just tell MS, but if i discover a bug in say Apache on my Slackware 9.1 server, I wouldn't go to the Slack people but rather the Apache Group to get the problem fixed. So in defense of Linux people there are alot more elements to patching for them than Microsoft, kind of like patchwork versus a solid blanket if you will. Of course none of that matters as I said earlier if the end users aren't willing to keep the system up to date and learn some of the ins and outs of securing the environment.
Just a heads up, the links don't seem to linking
Sanc'.
OSX. Linux and UNIX users...
www.techworld.com...
[edit on 28-6-2004 by sanctum]
Sanc'.
OSX. Linux and UNIX users...
www.techworld.com...
[edit on 28-6-2004 by sanctum]
Yeah, it's true that all OSes are fairly un-secure when they're just "out-of-the-box". Does microsofts OSes have more patches than other OSes?
I don't know. (I know they have a sh*tload of patches tho... SP2 anyone???)
But what about their browser? Is it an infinite nest of security holes? Makes you wonder, when people like CERT say stuff like "Use anything but IE."
I know it's a OS related thread, but still... There must be like half the patches for Windows XP that are Internet Explorer related.
I don't know. (I know they have a sh*tload of patches tho... SP2 anyone???)
But what about their browser? Is it an infinite nest of security holes? Makes you wonder, when people like CERT say stuff like "Use anything but IE."
I know it's a OS related thread, but still... There must be like half the patches for Windows XP that are Internet Explorer related.
These articles suggest that each operating system, theoretically, has a comparable amount of security vulnerabilities, and that many just have not
been discovered for Unix / Linux. I can agree with that. But it is simply a matter of which OS has the most discovered vulnerabilities, and
which will have the most in the future. It should not matter if Windows, theoretically, has the same amount of security flaws as Unix, for example.
What matters is that Windows will most likely have the most discovered flaws in the future, therefore making it effectively less secure. (Does that
make sense?)
Windows has a bigger market share, so more vulnerabilities are discovered. That, in itself, makes Windows less secure than Unix, even though the amount of vulnerabilities is proportional to both OS's market shares.
I am sure I could have made that easier to understand :-/
Windows has a bigger market share, so more vulnerabilities are discovered. That, in itself, makes Windows less secure than Unix, even though the amount of vulnerabilities is proportional to both OS's market shares.
I am sure I could have made that easier to understand :-/
A companion story to this post is:
'Gaping hole' lets hackers into Windows
By Sabi Phagura, Metro
28 June 2004
Computer users have been warned to avoid using Internet Explorer until a gaping hole in the browser's security is fixed by Microsoft.
Complete article at: www.thisislondon.com...
______________________________________________________
The proceeding article is a good excuse to try Mozilla Firefox at: www.mozilla.org... or MYIE2 at: www.myie2.com... .
I use both and both are far faster than Explorer, no popups with Firefox and few with MYIE2. They integrate well with Windows XP and if you add "Pop Up Stopper" free addition ( www.panicware.com... ), even MYIE2 will be popup free. Both browsers are a free download.
Firefox is based on Netscape, but with none of the problems and lots of extras, plus it is being constantly improved because like Linux, it is open source code.
MYIE2 is much like Explorer in it�s lay out and as a plus, uses the same favorites files as Explorer, unlike Firefox which imports them from IE on a one time basis automatically.
Ghostwolfemoon
'Gaping hole' lets hackers into Windows
By Sabi Phagura, Metro
28 June 2004
Computer users have been warned to avoid using Internet Explorer until a gaping hole in the browser's security is fixed by Microsoft.
Complete article at: www.thisislondon.com...
______________________________________________________
The proceeding article is a good excuse to try Mozilla Firefox at: www.mozilla.org... or MYIE2 at: www.myie2.com... .
I use both and both are far faster than Explorer, no popups with Firefox and few with MYIE2. They integrate well with Windows XP and if you add "Pop Up Stopper" free addition ( www.panicware.com... ), even MYIE2 will be popup free. Both browsers are a free download.
Firefox is based on Netscape, but with none of the problems and lots of extras, plus it is being constantly improved because like Linux, it is open source code.
MYIE2 is much like Explorer in it�s lay out and as a plus, uses the same favorites files as Explorer, unlike Firefox which imports them from IE on a one time basis automatically.
Ghostwolfemoon
m0rbid > indeed, IE is a major source of patches for the windows opeating system, and since its tied so closely to the actual operating system, its
basically a part of it. Where with linux and many other *nix'es the browsers are not so closely tied to the OS, and usually are actually maintained
by a completely different pool of people and coders. Its actually a little slanted against MS because they are the only ones responsible if certain
portions of their product doesn't work, like IE for example, where with SuSE Linux if Mozilla doesn't play nice, its actually the responsibility of
the Mozilla coders to fix it, not the folks at SuSE, though I'm sure they would be pushing for a patch sooner rather than later.
Jake_ > i see your point, thought I think in pure GPL setups vulnerabilities are not as frequent, because the source is open for all to review, not only are they found faster, but I would like to think it provides some incentive to produce better code versus the closed method that MS uses where they don't expect anyone but other developers bound by NDA's to see their code.
Jake_ > i see your point, thought I think in pure GPL setups vulnerabilities are not as frequent, because the source is open for all to review, not only are they found faster, but I would like to think it provides some incentive to produce better code versus the closed method that MS uses where they don't expect anyone but other developers bound by NDA's to see their code.
new topics
-
George Knapp AMA on DI
Area 51 and other Facilities: 2 hours ago -
Not Aliens but a Nazi Occult Inspired and then Science Rendered Design.
Aliens and UFOs: 2 hours ago -
Louisiana Lawmakers Seek to Limit Public Access to Government Records
Political Issues: 5 hours ago -
The Tories may be wiped out after the Election - Serves them Right
Regional Politics: 6 hours ago -
So I saw about 30 UFOs in formation last night.
Aliens and UFOs: 8 hours ago -
Do we live in a simulation similar to The Matrix 1999?
ATS Skunk Works: 9 hours ago -
BREAKING: O’Keefe Media Uncovers who is really running the White House
US Political Madness: 9 hours ago -
Biden--My Uncle Was Eaten By Cannibals
US Political Madness: 10 hours ago -
"We're All Hamas" Heard at Columbia University Protests
Social Issues and Civil Unrest: 10 hours ago
top topics
-
BREAKING: O’Keefe Media Uncovers who is really running the White House
US Political Madness: 9 hours ago, 23 flags -
Biden--My Uncle Was Eaten By Cannibals
US Political Madness: 10 hours ago, 18 flags -
George Knapp AMA on DI
Area 51 and other Facilities: 2 hours ago, 16 flags -
African "Newcomers" Tell NYC They Don't Like the Free Food or Shelter They've Been Given
Social Issues and Civil Unrest: 15 hours ago, 12 flags -
"We're All Hamas" Heard at Columbia University Protests
Social Issues and Civil Unrest: 10 hours ago, 7 flags -
Russia Flooding
Fragile Earth: 17 hours ago, 7 flags -
Russian intelligence officer: explosions at defense factories in the USA and Wales may be sabotage
Weaponry: 14 hours ago, 6 flags -
Louisiana Lawmakers Seek to Limit Public Access to Government Records
Political Issues: 5 hours ago, 6 flags -
So I saw about 30 UFOs in formation last night.
Aliens and UFOs: 8 hours ago, 5 flags -
Not Aliens but a Nazi Occult Inspired and then Science Rendered Design.
Aliens and UFOs: 2 hours ago, 3 flags
active topics
-
Not Aliens but a Nazi Occult Inspired and then Science Rendered Design.
Aliens and UFOs • 6 • : visitedbythem -
Russian intelligence officer: explosions at defense factories in the USA and Wales may be sabotage
Weaponry • 165 • : andy06shake -
Biden--My Uncle Was Eaten By Cannibals
US Political Madness • 39 • : Zanti Misfit -
The Tories may be wiped out after the Election - Serves them Right
Regional Politics • 18 • : alldaylong -
Silent Moments --In Memory of Beloved Member TDDA
Short Stories • 43 • : Naftalin -
"We're All Hamas" Heard at Columbia University Protests
Social Issues and Civil Unrest • 120 • : DBCowboy -
Alabama Man Detonated Explosive Device Outside of the State Attorney General’s Office
Social Issues and Civil Unrest • 56 • : DBCowboy -
What do you do to get to sleep and stay asleep ??
Health & Wellness • 108 • : TheGoondockSaint -
George Knapp AMA on DI
Area 51 and other Facilities • 9 • : nerbot -
MULTIPLE SKYMASTER MESSAGES GOING OUT
World War Three • 28 • : Astrocometus
0